Commit Graph

127 Commits

Author SHA1 Message Date
Dave Grijalva c48cfd5d97 Updated README
... to discuss recently published vulnerability
2015-04-01 11:06:36 -07:00
Dave Grijalva 61124b62ad Merge pull request #54 from thatderek/patch-1
Updated token creation example to use the proper method.
2015-01-26 13:04:01 -08:00
thatderek c5c16083c7 Updated token creation example to use the proper method.
Example broke with error `undefined: SigningMethodHS256`. Edited to use jwt.SigningMethodHS256
2015-01-25 01:25:58 -05:00
Dave Grijalva a3e2f13bb7 added documentation for HMAC Sign method 2015-01-13 21:33:50 -08:00
Dave Grijalva fb5e9d4418 updated ExampleNew with correct key type 2015-01-13 21:31:08 -08:00
Dave Grijalva 7c18dce7b8 Merge branch 'master' of github.com:dgrijalva/jwt-go 2015-01-07 09:54:51 -08:00
Dave Grijalva 7597fd422d added a test condition 2015-01-07 09:52:08 -08:00
Dave Grijalva 7b97402710 Merge pull request #47 from kofalt/master
Fix timing side-channel attack in hmac comparison
2014-12-28 17:36:52 -08:00
Nathaniel Kofalt 9a3c6fd1e3 Fix timing side-channel attack in hmac comparison 2014-12-28 19:31:54 -06:00
Dave Grijalva d9679c1420 added some examples of unpacking errors from the bitfield 2014-12-28 12:44:46 -08:00
Dave Grijalva db4251f9dd added examples 2014-12-28 12:24:54 -08:00
Dave Grijalva 6a9bcca4b5 moved tests into jwt_test package for better clarity 2014-12-28 12:24:41 -08:00
Dave Grijalva 93e34196bb Merge pull request #46 from albrow/use-signing-methods-directly
Reference signing methods directly instead of by a string name
2014-12-28 11:53:36 -08:00
Alex Browne bfe701fdf5 When possible, instead of identifying signing methods by string, pass
them in directly by name. This is less error-prone and avoids an unnecessary
map lookup. Also encourage this type of usage by using it in the README.
2014-12-27 14:14:23 -05:00
Dave Grijalva 47b263f020 Merge pull request #38 from BugHerd/var-errors
Move errors to variables so they can be matched against
2014-11-03 13:11:22 -08:00
Alan Harper 1663b3c6c2 Move errors to variables so they can be matched against 2014-10-20 16:09:02 +11:00
Dave Grijalva 8c45ba33b0 version notes for 2.2.0 2014-10-11 13:58:31 -07:00
Dave Grijalva 4beb9b5850 gracefully handle a nil keyfunc passed to Parse. (and more tests) 2014-10-11 13:54:16 -07:00
Dave Grijalva e1571c8f04 Fixed issue #36 - out of date example code 2014-10-06 22:41:14 -07:00
Dave Grijalva d82ad649e4 version 2.1.0 2014-09-30 12:21:30 -07:00
TommyO e82659ca5b Updated to accept interface{} as supported by underlying Verify methods.
Needed to support precompiled public keys.
2014-09-29 14:00:25 -04:00
Dave Grijalva c0da491622 Merge pull request #32 from porjo/porjo
Lowercase error messages
2014-09-15 11:11:21 -07:00
Ian Bishop 0c21a058ab Lowercase error messages 2014-09-08 11:42:58 +10:00
Dave Grijalva ed42077928 Added note about 2.0.0 change. 2014-08-26 18:22:44 -07:00
Dave Grijalva 35c43501ff documentation 2014-08-26 15:30:37 -07:00
Dave Grijalva 2ef58916cc return an error if the requested hash method hasn't been compiled in 2014-08-26 15:00:15 -07:00
Dave Grijalva 48aa7e5db1 documentation 2014-08-26 14:41:32 -07:00
Dave Grijalva bcec7fbe47 documentation fix 2014-08-26 14:25:13 -07:00
Dave Grijalva 652b4be28c make helper methods more specific 2014-08-26 14:24:20 -07:00
Simon Jefford 1363e28b6a expose RSA key PEM parsing funcs 2014-08-26 14:21:38 -07:00
Simon Jefford 33523225e1 can now pass a PublicKey to SigningMethodRSA.Verify 2014-08-26 14:20:56 -07:00
Simon Jefford dc2f34cdb1 can now pass a PrivateKey to SigningMethodRSA.Sign
Conflicts:
	rsa.go
2014-08-26 14:20:28 -07:00
Dave Grijalva c9b532b51b cleanup and documentation updates 2014-08-26 14:18:59 -07:00
Simon Jefford 23cb3af02c pass keys as interface{} rather than []byte
This will allow clients to pass, for example, their own instances of
rsa.PublicKey if the key is not specified as some flavour of X509
cert. For example, Salesforce just specify the modulus and
exponent (https://login.salesforce.com/id/keys)
2014-08-26 14:14:17 -07:00
Dave Grijalva 0ed08007c3 working on version history 2014-08-26 14:12:21 -07:00
Dave Grijalva 94aeb012a4 version changes from PR #28 2014-08-26 13:58:07 -07:00
Dave Grijalva aeaaac5773 Merge branch 'master' into two_point_oh 2014-08-26 13:52:35 -07:00
Dave Grijalva 0987fb8fd4 v1.0.2 2014-08-26 13:51:41 -07:00
Dave Grijalva 82483208e1 removed 2.0 release notice from readme 2014-08-26 13:47:03 -07:00
Dave Grijalva 358ed97e4b Merge branch 'wider' into two_point_oh 2014-08-26 13:45:08 -07:00
Dave Grijalva ef77e106a6 Update README.md 2014-08-11 13:13:46 -07:00
Dave Grijalva 1482919d15 unit tests for parsePublicKey 2014-07-05 15:58:07 -07:00
Dave Grijalva 372e731f4c Merge branch 'master' into wider
Conflicts:
	rs256.go
2014-07-05 15:51:12 -07:00
Dave Grijalva 37329b525d cleaned up RS256 implementation. no functional changes 2014-07-05 15:50:46 -07:00
Dave Grijalva 629af62465 Added support for RS384 and RS512 signing methods
Renamed type SigningMethodRS256 to SigningMethodRSA
Added contstants SigningMethodRS256, SigningMethodRS384, and SigningMethodRS512 to support each of these methods
Added simple tests to support these new methods
2014-07-05 15:34:31 -07:00
Dave Grijalva 97430c0b8b cleaned up and flattened RS256 implementation 2014-07-05 15:25:29 -07:00
Dave Grijalva 5aed334e04 Added support for HS384 and HS512 signing methods
Renamed type SigningMethodHS256 to SigningMethodHMAC
Added contstants SigningMethodHS256, SigningMethodHS384, and SigningMethodHS512 to support each of these methods
Added simple tests to support these new methods
2014-07-05 15:08:42 -07:00
Dave Grijalva fbcb3e4b63 version history 2014-07-05 13:05:22 -07:00
Dave Grijalva f7a9d2e66e documentation about key requirements 2014-06-28 11:31:26 -07:00
Dave Grijalva bf910acaf8 fixed: SigningMethodRS256.Sign would panic if the provided key was not PEM encoded 2014-06-28 11:29:32 -07:00