Commit Graph

394 Commits

Author SHA1 Message Date
Christian Banse 7e82f33cee
Remove `StandardClaims` in favor of `RegisteredClaims` (#235)
This PR removes the old legacy standard claims, which have been deprecated since the beginning of the `v4` module in favor of the newer `RegisteredClaims`. Removing them before any further changes to the validation API is quite useful, as less code needs to be adapated.
2022-08-28 18:17:04 +02:00
Christian Banse 895749e449 Starting `v5` development
This commit serves as the basis for further `v5` developments. It will introduce some API-breaking changes, especially to the way tokens are validated. This will allow us to provide some long-wanted features with regards to the validation API. We are aiming to do this as smoothly as possible, however, with any major version. please expect that you might need to adapt your code.

The actual development will be done in the course of the next week, if time permits. It will be done in seperate PRs that will use this PR as a base. Afterwards, we will probably merge this and release an initial 5.0.0-alpha1 or similar.
2022-08-27 11:40:20 +02:00
Christian Banse bfea432b1a
Include https://github.com/golang-jwt/jwe in README (#229) 2022-08-20 17:04:58 +02:00
Michael Fridman d81acbf7f3
Bump matrix to support latest go version (go1.19) (#231)
* Bump matrix to support latest go version (go1.19)

* Fix comment
2022-08-20 16:53:04 +02:00
Hugo fdaf0eb0e0
Implement a BearerExtractor (#226)
* Implement a BearerExtractor

This is a rather common extractor; it extracts the JWT from the HTTP
Authorization header, expecting it to include the "Bearer " prefix.

This patterns is rather common and this snippet is repeated in enough
applications that it's probably best to just include it upstream and
allow reusing it.

* Ignore case-sensitivity for "Bearer"
2022-08-19 13:59:36 +02:00
KroKite f2878bb94b
fix: link update for README.md for v4 (#217)
Co-authored-by: Christian Banse <oxisto@aybaze.com>
2022-08-15 12:45:52 +02:00
George Kechagias 9294af54b5
chore: remove unused claims in RSA table driven test (#212) 2022-06-04 08:03:41 -04:00
Qian Qiao 2da0bf7566
Fixed integer overflow in NumericDate.MarshalJSON (#200) 2022-06-03 22:13:34 -04:00
Christian Banse 8fb42696ff
Update SECURITY.md (#207) 2022-05-28 21:53:11 +02:00
Michael Fridman cf43decf7c
Create SECURITY.md (#171) 2022-05-28 12:40:34 -04:00
Michael Fridman 4426925f0c
CI check for Go code formatting (#206)
Signed-off-by: jay-dee7 <jasdeepsingh.uppal@gmail.com>
Co-authored-by: jay-dee7 <jasdeepsingh.uppal@gmail.com>
2022-05-28 16:03:15 +02:00
Håvard Anda Estensen f6c6299f67
chore: replace ioutil with io and os (#198) 2022-05-27 19:11:16 -04:00
Luigi Morel 89a6400b7f
add installation guidelines to the README file (#204) 2022-05-27 19:07:25 -04:00
Vladislav Polyakov 6e2ab4291f
docs: update link to pkg.go.dev page (#195) 2022-04-19 17:45:50 +02:00
Christian Banse 83478b3c8f
Added MicahParks/keyfunc to extensions (#194) 2022-04-18 22:01:59 +02:00
Michael Fridman 0972257eba
Revert "feat: port clockskew support (#139)" (#184)
This reverts commit d489c99d3e.
2022-03-26 10:13:03 -04:00
Michael Fridman 1096e506e6
Add go1.18 to ci pipeline (#173) 2022-03-18 07:15:45 -04:00
ksegun d489c99d3e
feat: port clockskew support (#139)
Co-authored-by: Kolawole Segun <Kolawole.Segun@kyndryl.com>
Co-authored-by: Christian Banse <oxisto@aybaze.com>
2022-03-08 08:43:46 +01:00
ydylla 6de17d3b3e
fix: expired token error message (#165) 2022-02-15 08:31:33 -05:00
Michael Fridman 279dd19720
Set json encoding precision (#162) 2022-02-09 21:54:31 -05:00
Giau. Tran Minh 863d23d08a
fix: fixed typo detect by cSpell (#164) 2022-02-09 13:14:42 -03:00
Michael Fridman 2387103809
Add JWT logo image attribution (#161) 2022-02-08 22:35:49 -05:00
Máté Lang d0c0939ff8
updated README.md to contain more extensions (#155)
* updated README.md to contain more extensions

* Update README.md

Co-authored-by: Luis Gabriel Gomez <lggomez@users.noreply.github.com>

Co-authored-by: Luis Gabriel Gomez <lggomez@users.noreply.github.com>
2022-02-03 08:49:22 -03:00
hyeonjae e01ed05a31
remove unnecessary for loop in token signing string for readability (#34)
* remove unnecessary for loop in token signing string for readability

 - add testcase
 - add benchmark
 - improve performance slightly

* Fix benchtests on token_test.go

* Update token_test.go to v4

Co-authored-by: hyeonjae <hyeonjae@ip-192-168-1-3.ap-northeast-2.compute.internal>
Co-authored-by: Luis Gabriel Gomez <lggomez@users.noreply.github.com>
2022-02-03 08:47:58 -03:00
Christian Banse 78a18c0808
Implementing `Is(err) bool` to support Go 1.13 style error checking (#136) 2022-01-19 22:55:19 +01:00
Stefan Tudose 0fb40d3824
use errors.Is for extractor errors (#141) 2021-12-15 12:50:05 +01:00
tfonfara c435f38291
#129: Added VerifyIssuer method to RegisteredClaims (#130) 2021-11-24 14:27:41 +01:00
Alexander Yastrebov a725c1f60c
cmd: list supported algorithms (-alg flag) (#123) 2021-11-16 09:00:45 -05:00
Kevin de Berk 823c014036
Unwrap for ValidationError (#125) 2021-11-15 09:25:32 -05:00
Alexander Yastrebov 1275a5b909
Allow `none` algorithm in jwt command (#121) 2021-11-10 07:33:04 +01:00
ajermaky f4865cddea
Revert Encoding/Decoding changes for better compatibility (#117) 2021-11-06 07:21:20 -04:00
Alexander Yastrebov 9c3665f0fc
Fixes jwt command to support EdDSA algorithm (#118)
Fixes
```
$ echo '{"foo":"bar"}' | jwt -key test/ed25519-private.pem -alg EdDSA -sign -
Error: error signing token: key is of invalid type
```

Signed-off-by: Alexander Yastrebov <yastrebov.alex@gmail.com>
2021-11-03 09:14:30 -04:00
PiotrKozimor a2aa655627
Fix int64 overflow in newNumericDateFromSeconds (#112) 2021-10-26 21:14:01 -04:00
Sebastien Rosset c0ffb890f3
Improve code comments, including security consideration (#107)
* improve code comments, including security consideration

* Add link to URL with details about security vulnerabilities.

* Update token.go

Co-authored-by: Christian Banse <oxisto@aybaze.com>

* Update token.go

Co-authored-by: Christian Banse <oxisto@aybaze.com>

* update code comments

Co-authored-by: Christian Banse <oxisto@aybaze.com>
2021-10-15 09:48:31 -03:00
Christian Banse 65357b9e5b
Introducing functional-style options for the Parser type (#108) 2021-10-13 19:36:33 +02:00
Ichinose Shogo cac353cdc2
fix the comment of VerifyExpiresAt (#109) 2021-10-09 18:17:39 -03:00
Sebastien Rosset fd8cd69d8e
Adjusted `parser_test.go` to include RSA and ECDSA tokens (#106) 2021-09-24 21:32:29 +02:00
Hinagiku Soranoba 02bc1ac506
When exp indicates the present, make it invalid. (#86)
* When exp indicates the present, make it invalid.

* Update map_claims_test.go

Co-authored-by: Christian Banse <oxisto@aybaze.com>
2021-09-10 17:44:55 -04:00
Hyun d2c5d5ab01
Add EdDSA to "Signing methods and Key types" in README.md (#103) 2021-09-10 20:30:13 +02:00
Yoan Blanc 205b3dc4bb
fix link (#102) 2021-09-10 08:27:13 -04:00
Michael Fridman 93130d3c71
Create codeql-analysis.yml (#101) 2021-09-09 10:42:26 -04:00
yoogo 3f50a786ff
Harmonising capitalisation of "token" in error strings (#97) 2021-08-29 20:45:24 +02:00
Mark Karpelès 2bd8ee77fc
Accept `crypto.Signer` that contains a `ed25519.PublicKey` in ed25519 (#95)
* accept generic crypto.Signer in ed25519 in order to allow usage of other ed25519 providers than crypto/ed25519

* add check to ensure the key is indeed of type ed25519

* adding comment clarifying crypto.Hash(0)

* Update ed25519.go

Co-authored-by: Christian Banse <oxisto@aybaze.com>
2021-08-23 22:56:11 -03:00
Christian Banse 80625fb516
Backwards-compatible implementation of RFC7519's registered claim's structure (#15)
This PR aims at implementing compliance to RFC7519, as documented in #11 without breaking the public API. It creates a new struct `RegisteredClaims` and deprecates (but not removes) the `StandardClaims`. It introduces a new type `NumericDate`, which represents a JSON numeric date value as specified in the RFC. This allows us to handle float as well as int-based time fields in `aud`, `exp` and `nbf`. Additionally, it introduces the type `StringArray`, which is basically a wrapper around `[]string` to deal with the oddities of the JWT `aud` field.
2021-08-22 19:23:13 +02:00
Luis Gabriel Gomez c9ab96ba53
jwt: Fix Verify methods documentation (#83) 2021-08-22 10:18:33 +02:00
Alexander F. Rødseth eac9e9edf2
Format code with "go fmt" (#53) 2021-08-20 20:43:08 -03:00
Michael Fridman a06361ba65
ci: add support for go1.17 (#89) 2021-08-17 10:05:04 +02:00
Zach Wasserman bac80eaac8
Link to migration guide in README.md (#87) 2021-08-11 16:19:58 -03:00
Francois Lebel 85f0a979dd
Fix typo in note (#82) 2021-08-03 17:59:46 -03:00
Luis Gabriel Gomez 3258b3fca0
jwt: Add parser benchmarks (#70) 2021-08-03 17:57:36 -03:00