Frederic BIDON
382e92cd09
Added support for RSA-PSS in jwt CLI
...
* input key is RSA for RS* _and_ PS* algs
Signed-off-by: Frederic BIDON <fredbi@yahoo.com>
2019-01-03 16:53:25 +01:00
Vladimir Skipor
f47e6a7bc1
Use salt length equals hash, but verify auto salt length too in RSA PSS sign methods.
...
Fixes #285 .
2018-11-11 22:39:07 +03:00
Sebastian
494b63caeb
Update RFC link
...
Old link led to a page that was just a link to this new page.
2018-10-24 09:18:46 -05:00
Dave Grijalva
3af4c746e1
Merge pull request #292 from someone1/patch-1
...
Update README.md
2018-09-21 11:23:15 -06:00
Prateek Malhotra
febd124631
Update README.md
...
Update reference to gcp-jwt-go
2018-09-19 20:36:47 -04:00
Dave Grijalva
0b96aaa707
Merge pull request #280 from alias-dev/master
...
Fix dead link
2018-07-19 14:18:23 -07:00
Alex Andrews
a0d8783268
Fix dead link
2018-07-18 11:34:47 +01:00
Dave Grijalva
06ea103174
documentation around expected key types
2018-03-08 15:13:08 -08:00
Dave Grijalva
6a1c681b2a
Merge branch 'master' of github.com:dgrijalva/jwt-go
2018-03-08 15:04:15 -08:00
Dave Grijalva
6f4f904379
add options to ParseFromRequest
2018-03-08 15:04:09 -08:00
Dave Grijalva
1f05e5c95c
Merge pull request #181 from jsaguiar/master
...
Added password protect pem support
2018-03-08 14:50:15 -08:00
Dave Grijalva
3ad59cfd42
Moved old 3.0.0 notice to lower in the doc
2018-03-08 11:57:43 -08:00
Dave Grijalva
b5a423081b
notice about security issue before go 1.8.3
2018-03-08 11:55:13 -08:00
Dave Grijalva
27d85fe4a0
fixed a formatting error in a test
2018-03-08 11:28:04 -08:00
Dave Grijalva
b606e8202f
documenting changes for upcoming 3.2.0 release
2018-03-08 11:16:21 -08:00
Dave Grijalva
3265a9bebd
Merge pull request #152 from pusher/parse-unverified
...
Introduce (*Parser).ParseUnverified
2018-03-08 11:01:10 -08:00
Dave Grijalva
5cc2026634
Merge pull request #219 from geertjanvdk/feat/parse
...
Handle ValidationError returned by keyFunc in jwt.ParseWithClaims
2018-03-08 10:58:47 -08:00
Dave Grijalva
f75bbb3cc8
Merge pull request #205 from zamicol/icon_godoc
...
add godoc icon
2018-03-08 10:36:15 -08:00
Dave Grijalva
d6bbf373d8
Merge pull request #209 from zhyuri/patch-1
...
A better error msg
2018-03-08 10:34:53 -08:00
Dave Grijalva
40ec5516a0
Merge pull request #220 from polarina/readme-alt-include
...
readme: Bump version of alternative package include
2018-03-08 10:33:32 -08:00
Dave Grijalva
c3e930abb0
Notice about upcoming 4.0.0 release
2018-03-08 10:18:44 -08:00
Dave Grijalva
dbeaa9332f
3.1.0 changelog
2017-10-19 14:57:19 -07:00
Gabríel Arthúr Pétursson
08b573c692
readme: Bump version of alternative package include
2017-07-03 19:13:07 +00:00
Geert Vanderkelen
cb914dd542
Handle ValidationError returned by keyFunc in jwt.ParseWithClaims
...
Previously, returning a `jwt.ValidationError` from `jwt.Parse()` or
`jwt.ParseWithClaims()` would result values the error to be
ignored.
For example, when testing the signature while parsing the token, it
was not possible to return `jwt.ValidationErrorSignatureInvalid`.
The documentation shows an example for returning an `errors.Error`,
but this is not enough.
We change the `jwt.ParseWithClaims()`-function and check whether the
returned error from the `KeyFunc` is already a
`jwt.ValidationError`-type and return as-is.
This allows us to do the following:
token, err := jwt.ParseWithClaims(authToken, claims, func(token
*jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
vErr := new(jwt.ValidationError)
vErr.Errors = jwt.ValidationErrorSignatureInvalid
vErr.Inner = fmt.Errorf("invalid signature")
return nil, vErr
}
return []byte(MySecret), nil
})
The idea is to then be able to check the `Errors`-member:
} else if ve.Errors&jwt.ValidationErrorSignatureInvalid != 0 {
return fmt.Errorf("Authentication Token has invalid signature")
}
2017-06-28 09:16:23 +02:00
Dave Grijalva
a539ee1a74
Merge pull request #218 from zoofood/patch-1
...
minor typo
2017-06-07 17:51:49 -07:00
Jeff Rouse
b425822dfa
minor typo
2017-06-07 17:13:34 -07:00
Dave Grijalva
6c8dedd55f
updated note on alg type vulnerability
2017-05-08 09:54:58 -07:00
Yuri
c1d75b01d5
A better error msg
...
Change ErrInvalidKey to ErrInvalidKeyType
2017-04-01 16:04:41 +08:00
Zach Collier
fd360ca1aa
add godoc icon
2017-03-16 10:55:35 -06:00
Dave Grijalva
2268707a8f
Merge pull request #183 from hnakamur/support_rs256_in_jwt_command
...
Support RS256 algorithm in jwt command
2017-02-01 14:58:49 -08:00
Dave Grijalva
e0b2941cad
Merge pull request #196 from dgrijalva/dg/cmd_args
...
Allow claims and headers to be specified at command line
2017-02-01 10:44:39 -08:00
Dave Grijalva
aaadee5836
s/head/header/
2017-02-01 10:44:25 -08:00
Dave Grijalva
53194fccb3
allow claims and headers to be specified at command line
2017-01-31 11:36:56 -08:00
Dave Grijalva
a601269ab7
Merge pull request #190 from jamesrwhite/patch-1
...
Clarify hmacSampleSecret type
2017-01-04 10:22:50 -08:00
James White
b08784ba5a
Clarify hmacSampleSecret type
...
From looking at the godoc for this (https://godoc.org/github.com/dgrijalva/jwt-go#example-Parse--Hmac ) it isn't clear what the type of hmacSampleSecret should be as you can't see the rest of this file. I ended up having to search through the code to figure out it needed to be a byte array.
2017-01-04 11:40:11 +00:00
Hiroaki Nakamura
c5d6625a50
Support RS256 algorithm in jwt command
2016-11-21 18:56:50 +09:00
Joao Aguiar
053ba766a6
Added passoword protect PEM support
2016-11-03 17:50:08 +00:00
Dave Grijalva
9ed569b5d1
Merge pull request #180 from kevinburke/fix-unreachable
...
Remove unreachable code
2016-11-01 12:39:35 -07:00
Kevin Burke
e58d3b7548
Remove unreachable code
...
`go vet` on Go 1.8 errors because this line of code is unreachable. Adds
a check that new code passes go vet, and adds Go 1.7 to travisci.
2016-11-01 09:59:08 -07:00
zimbatm
f46fb7ef12
ParseUnverified: add tests
2016-09-14 15:23:18 +01:00
zimbatm
bf316c4813
Introduce (*Parser).ParseUnverified
...
This is not something users of this library would commonly use but I'm
hitting a case where I still want to transmit the values contained
inside of the token trough the system, after it's been verified by the
frontend.
In that case it would be easier just to transmit the token around and be
able to parse the values within, without having to verify the signature.
The backend services also don't have access to the user secrets to
validate the signature.
2016-09-14 15:23:18 +01:00
Dave Grijalva
24c63f5652
Merge pull request #166 from johnlockwood-wf/issue-165-missing-arg
...
Add the missing name arg
2016-08-31 11:35:34 -07:00
John.Lockwood
7ff66c6bff
Add the missing name arg
2016-08-26 21:32:44 -07:00
Dave Grijalva
63734eae1e
Merge pull request #151 from zaichang/FixMigrationGuide
...
Fixed migration guide request.ParseFromRequest example code
2016-07-29 09:48:51 -07:00
Zai
227c99f1af
Fixed migration guide request.ParseFromRequest example code
2016-07-20 18:09:44 +02:00
Dave Grijalva
01aeca54eb
Merge pull request #146 from pkieltyka/master
...
Parser flag to skip claims validation during token parsing
2016-07-05 13:30:06 -07:00
Peter Kieltyka
c9eaceb289
Parser flag to skip claims validation during token parsing
2016-06-21 16:11:54 -04:00
Dave Grijalva
f077707632
Merge pull request #140 from kazhuravlev/patch-1
...
Fix links
2016-06-17 10:01:58 -07:00
kazhuravlev
1e9b4c4c60
Fix links
2016-06-17 17:04:01 +03:00
Dave Grijalva
d2709f9f1f
Merge pull request #77 from dgrijalva/release_3_0_0
...
Release 3.0.0
2016-06-16 12:15:56 -07:00