Commit Graph

39 Commits

Author SHA1 Message Date
zhouyiheng.go 90d315ce0c feat: custom json and base64 encoders for Token and Parser
Co-Authored-By: Christian Banse <oxisto@aybaze.com>
2024-07-04 21:45:03 +02:00
Tarek Sharafi 908d356713
feat: allow making exp claim required (#351) 2023-10-09 19:58:20 +02:00
Michael Fridman 1e76606719
Key rotation with VerificationKeySet (#344) 2023-09-12 21:29:27 -04:00
Oleksandr Redko b2b650971a
Reformat code: add whitespaces, remove empty lines (#319) 2023-06-21 12:39:55 +02:00
Christian Banse b357385d3e
Moving `DecodeSegement` to `Parser` (#278)
* Moving `DecodeSegement` to `Parser`

This would allow us to remove some global variables and move them to parser options as well as potentially introduce interfaces for json and b64 encoding/decoding to replace the std lib, if someone wanted to do that for performance reasons.

We keep the functions exported because of explicit user demand.

* Sign/Verify does take the decoded form now
2023-03-24 19:13:09 +01:00
Christian Banse 148d710109
`v5` Pre-Release (#234)
Co-authored-by: Micah Parks <66095735+MicahParks@users.noreply.github.com>
Co-authored-by: Michael Fridman <mf192@icloud.com>
2023-02-21 14:32:25 +01:00
Alexander Yastrebov 9358574a7a
Allow strict base64 decoding (#259)
By default base64 decoder works in non-strict mode which
allows tweaking signatures having padding without failing validation.

This creates a potential problem if application treats token value as an identifier.

For example ES256 signature has length of 64 bytes and two padding symbols (stripped by default).
Therefore its base64-encoded value can only end with A, Q, g and w.
In non-strict mode last symbol could be tweaked resulting in 16 distinct
token values having the same signature and passing validation.

This change adds backward-compatible global config variable DecodeStrict
(similar to existing DecodePaddingAllowed) that enables strict base64 decoder mode.

See also https://github.com/golang/go/issues/15656.

Signed-off-by: Alexander Yastrebov <yastrebov.alex@gmail.com>
2022-12-09 18:04:03 +01:00
Michael Fridman 0972257eba
Revert "feat: port clockskew support (#139)" (#184)
This reverts commit d489c99d3e.
2022-03-26 10:13:03 -04:00
ksegun d489c99d3e
feat: port clockskew support (#139)
Co-authored-by: Kolawole Segun <Kolawole.Segun@kyndryl.com>
Co-authored-by: Christian Banse <oxisto@aybaze.com>
2022-03-08 08:43:46 +01:00
Christian Banse 78a18c0808
Implementing `Is(err) bool` to support Go 1.13 style error checking (#136) 2022-01-19 22:55:19 +01:00
ajermaky f4865cddea
Revert Encoding/Decoding changes for better compatibility (#117) 2021-11-06 07:21:20 -04:00
Sebastien Rosset fd8cd69d8e
Adjusted `parser_test.go` to include RSA and ECDSA tokens (#106) 2021-09-24 21:32:29 +02:00
Christian Banse 80625fb516
Backwards-compatible implementation of RFC7519's registered claim's structure (#15)
This PR aims at implementing compliance to RFC7519, as documented in #11 without breaking the public API. It creates a new struct `RegisteredClaims` and deprecates (but not removes) the `StandardClaims`. It introduces a new type `NumericDate`, which represents a JSON numeric date value as specified in the RFC. This allows us to handle float as well as int-based time fields in `aud`, `exp` and `nbf`. Additionally, it introduces the type `StringArray`, which is basically a wrapper around `[]string` to deal with the oddities of the JWT `aud` field.
2021-08-22 19:23:13 +02:00
Luis Gabriel Gomez 3258b3fca0
jwt: Add parser benchmarks (#70) 2021-08-03 17:57:36 -03:00
Michael Fridman 2ebb50f957
Adds go module support /v4 (#41)
Additionally, added `staticcheck` for basic static code analysis (#44)

Co-authored-by: Christian Banse <oxisto@aybaze.com>
2021-08-03 15:51:01 +02:00
Josh Kline 860640e886
Allocation optimization (#33)
* Test to ensure ECDSA signature is valid

Add assertions to ensure ECDSA signing methods return valid signatures.

This is probably covered elsewhere as well, but putting it in
ecdsa_test.go makes it more obvious and easier to find.

* Benchmark ECDSA signing methods

Add benchmark coverage of ECDSA signing methods.

Benchmarks are run using the existing helper for comparability with
existing benchmarks.

Sign method is also tested directly, to avoid the overhead of *Token.

Report allocations for all benchmarks.

Allocation count for ES384 and ES512 fluctuate across test runs,
other signing methods consistently report the same number of allocations.

Sample output:
```
$ go test -bench=Bench -run=NONE .
2021/02/26 18:18:30 Listening...
goos: darwin
goarch: amd64
pkg: github.com/dgrijalva/jwt-go
BenchmarkECDSASigning/Basic_ES256-8                     190572      6702 ns/op    4249 B/op      65 allocs/op
BenchmarkECDSASigning/Basic_ES256/sign-only-8            47383     24650 ns/op    3329 B/op      43 allocs/op
BenchmarkECDSASigning/Basic_ES384-8                       1113   1252975 ns/op 1750744 B/op   14474 allocs/op
BenchmarkECDSASigning/Basic_ES384/sign-only-8              286   3937773 ns/op 1746175 B/op   14423 allocs/op
BenchmarkECDSASigning/Basic_ES512-8                        662   1949937 ns/op 3028386 B/op   19608 allocs/op
BenchmarkECDSASigning/Basic_ES512/sign-only-8              170   6856189 ns/op 3025471 B/op   19571 allocs/op
BenchmarkECDSASigning/basic_ES256_invalid:_foo_=>_bar-8 190638      6665 ns/op    4249 B/op      65 allocs/op
BenchmarkHS256Signing-8                                1000000      1024 ns/op    1584 B/op      32 allocs/op
BenchmarkHS384Signing-8                                 917286      1447 ns/op    1969 B/op      32 allocs/op
BenchmarkHS512Signing-8                                 827744      1470 ns/op    2065 B/op      32 allocs/op
BenchmarkRS256Signing-8                                   3037    390077 ns/op   32576 B/op     136 allocs/op
BenchmarkRS384Signing-8                                   2976    379155 ns/op   32684 B/op     136 allocs/op
BenchmarkRS512Signing-8                                   3205    388628 ns/op   32704 B/op     136 allocs/op
```

* Reduce allocations during ECDSA signing

Reduce the number of byte arrays allocated by using big.Int.FillBytes
when calculating ECDSA signature.

After this change, Benchmarks of ES256 signing method consistently
report 4 fewer allocations.

Before:
```
BenchmarkECDSASigning/Basic_ES256-8              190572         6702 ns/op       4249 B/op         65 allocs/op
BenchmarkECDSASigning/Basic_ES256/sign-only-8     47383        24650 ns/op       3329 B/op         43 allocs/op
```

After:
```
BenchmarkECDSASigning/Basic_ES256-8              187682         6725 ns/op       4121 B/op         61 allocs/op
BenchmarkECDSASigning/Basic_ES256/sign-only-8     48656        24446 ns/op       3201 B/op         39 allocs/op
```

* Use base64.RawURLEncoding to avoid padding

JWT uses a non-padded base64 encoding.

Current code uses base64.URLEncoding to generate a padded string and
then removes the padding.
Likewise, current code adds padding before decoding.

Instead, use base64.RawURLEncoding which does not add or require the
padding in the first place.

In addition to making the code cleaner, this reduces memory allocations
as reported by benchmarks.

Before:
```
BenchmarkECDSASigning/Basic_ES256-8                     191396         6917 ns/op       4121 B/op         61 allocs/op
BenchmarkECDSASigning/Basic_ES256/sign-only-8            49347        25039 ns/op       3201 B/op         39 allocs/op
BenchmarkECDSASigning/basic_ES256_invalid:_foo_=>_bar-8 190668         6586 ns/op       4121 B/op         61 allocs/op
BenchmarkHS256Signing-8                                1260060         1131 ns/op       1585 B/op         32 allocs/op
BenchmarkHS384Signing-8                                 861378         1387 ns/op       1969 B/op         32 allocs/op
BenchmarkHS512Signing-8                                 896745         1463 ns/op       2065 B/op         32 allocs/op
BenchmarkRS256Signing-8                                   3086       355769 ns/op      32576 B/op        136 allocs/op
BenchmarkRS384Signing-8                                   3414       353570 ns/op      32694 B/op        136 allocs/op
BenchmarkRS512Signing-8                                   3235       349394 ns/op      32706 B/op        136 allocs/op
```

After:
```
BenchmarkECDSASigning/Basic_ES256-8                     176617         6827 ns/op       4021 B/op         58 allocs/op
BenchmarkECDSASigning/Basic_ES256/sign-only-8            48038        24213 ns/op       3169 B/op         38 allocs/op
BenchmarkECDSASigning/basic_ES256_invalid:_foo_=>_bar-8 194352         6928 ns/op       4021 B/op         58 allocs/op
BenchmarkHS256Signing-8                                1000000         1127 ns/op       1488 B/op         29 allocs/op
BenchmarkHS384Signing-8                                 972552         1369 ns/op       1873 B/op         29 allocs/op
BenchmarkHS512Signing-8                                 780751         1368 ns/op       1969 B/op         29 allocs/op
BenchmarkRS256Signing-8                                   3014       387326 ns/op      32475 B/op        133 allocs/op
BenchmarkRS384Signing-8                                   3044       361411 ns/op      32591 B/op        133 allocs/op
BenchmarkRS512Signing-8                                   3273       355504 ns/op      32607 B/op        133 allocs/op
```

Benchmarks of signing methods ES384 and ES512 are omitted because their
allocations are not consistent.
2021-07-13 08:31:42 +02:00
Sadman Sakib 6a07921e68
Enable go module support for the project (#3)
* initial go module file

Signed-off-by: sadmansakib <ssadman8@gmail.com>

* fix linting issues

Signed-off-by: sadmansakib <ssadman8@gmail.com>

* rename module to golang-jwt/jwt

Signed-off-by: sadmansakib <ssadman8@gmail.com>

* Renamed imports to match with go module name.

Signed-off-by: sadmansakib <ssadman8@gmail.com>

* update travis for latest go versions

Signed-off-by: sadmansakib <ssadman8@gmail.com>

* Set go version to 1.14

lowered the go version to make it consistent with matrix build

* revert accidental changes while renaming

Signed-off-by: sadmansakib <ssadman8@gmail.com>

* remove travis CI

no longer needed since github actions workflow was created for the
project

Signed-off-by: sadmansakib <ssadman8@gmail.com>

* Revert "remove travis CI"

This reverts commit b3ae57f710.

* update travis for older go versions
2021-05-28 21:26:41 -04:00
Dave Grijalva 27d85fe4a0 fixed a formatting error in a test 2018-03-08 11:28:04 -08:00
zimbatm f46fb7ef12 ParseUnverified: add tests 2016-09-14 15:23:18 +01:00
John.Lockwood 7ff66c6bff Add the missing name arg 2016-08-26 21:32:44 -07:00
Peter Kieltyka c9eaceb289 Parser flag to skip claims validation during token parsing 2016-06-21 16:11:54 -04:00
Dave Grijalva 317b82a681 Merge remote-tracking branch 'origin/master' into release_3_0_0 2016-06-06 18:20:35 -07:00
Dave Grijalva 36d317022e Merge branch 'master' of https://github.com/emanoelxavier/jwt-go-contr into dg/merge_112 2016-04-12 17:22:28 -07:00
Dave Grijalva 5e270fa6cd changed argument order to put claims type before keyfunc. this is easier to read when keyfunc is an inline closure 2016-04-12 16:25:25 -07:00
Dave Grijalva 996dd550fd Merge branch 'master' into release_3_0_0 2016-04-12 16:19:20 -07:00
Dave Grijalva c8d4fff6cc verify that an error is always returned if token.Valid is false (and the reverse) 2016-04-12 14:52:39 -07:00
Dave Grijalva 4400800062 Merge branch 'release_3_0_0' into dg/request 2016-04-12 14:34:54 -07:00
Dave Grijalva fb4ca74c9f added special case behavior for MapClaims so they aren't all weird 2016-04-12 14:32:24 -07:00
Dave Grijalva e3cd52238a moved some of the test helpers into a shared location so they can be reused 2016-04-08 13:01:55 -07:00
Dave Grijalva bc13ee82c3 Merge branch 'release_3_0_0' into dg/request 2016-04-08 11:57:11 -07:00
Dave Grijalva 572c9130e8 cleaned up style and added tests 2016-04-04 14:42:10 -07:00
Dave Grijalva 4ec621a2d1 Merge branch 'master' into release_3_0_0 2016-03-31 11:19:33 -07:00
Dave Grijalva e0e3b433f5 WIP on migrating request parsing stuff 2016-01-14 14:09:27 -08:00
Emanoel Xavier 517905c5bd Adding inner error in the ValidationError type 2015-12-31 07:48:39 -08:00
Dave Grijalva b728399c73 signature should be populated after parsing a valid token 2015-11-16 12:42:37 -08:00
Dave Grijalva 56c7810ac4 Merge branch 'master' into release_3_0_0 2015-11-16 11:59:51 -08:00
Dave Grijalva f2dd936aa8 added test for valid signing method 2015-11-02 15:24:32 -08:00
Dave Grijalva 774f319043 added tests for parser. fixed parser when using restricted method list 2015-11-02 15:22:08 -08:00
Dave Grijalva 7ac27fb6ac renamed files to match their purpose 2015-11-02 11:26:07 -08:00