Commit Graph

373 Commits

Author SHA1 Message Date
Dave Grijalva b08b43b479
Merge pull request #362 from aboodman/patch-1
Clarify expected format for key files.
2020-01-06 17:26:35 -08:00
Aaron Boodman 195174e229
Clarify expected format for key files. 2019-10-28 21:57:07 -10:00
toshikihigaki e02edc50e4 add parser 2019-07-26 16:30:49 +09:00
Seung-Woo Choi 29384ebfa4 changed error msg to not be misleading for public key decoding errors 2019-06-24 16:25:47 -07:00
Dave Grijalva 5e25c22bd5
added installation instructions to command readme 2019-06-20 11:01:02 -07:00
Dave Grijalva 7cd734deee
added troubleshooting section 2019-05-30 10:48:54 -07:00
Dave Grijalva 8a74229d83
Merge pull request #311 from fredbi/add-cli-support-for-rsapss
Added support for RSA-PSS in jwt CLI
2019-05-28 14:08:42 -07:00
Dave Grijalva 2f61636070
Merge pull request #328 from cbeach/master
Fixing a broken link
2019-05-28 12:18:04 -07:00
Casey Beach 5bff06a4f9 Fixing a broken link
I realized that I can actually fix this myself.
  After the 75th time navigating through the "broken" link I'm going to
  do just that.
2019-05-16 12:09:44 -07:00
Frederic BIDON 382e92cd09
Added support for RSA-PSS in jwt CLI
* input key is RSA for RS* _and_ PS* algs

Signed-off-by: Frederic BIDON <fredbi@yahoo.com>
2019-01-03 16:53:25 +01:00
Vladimir Skipor f47e6a7bc1 Use salt length equals hash, but verify auto salt length too in RSA PSS sign methods.
Fixes #285.
2018-11-11 22:39:07 +03:00
Sebastian 494b63caeb
Update RFC link
Old link led to a page that was just a link to this new page.
2018-10-24 09:18:46 -05:00
Dave Grijalva 3af4c746e1
Merge pull request #292 from someone1/patch-1
Update README.md
2018-09-21 11:23:15 -06:00
Prateek Malhotra febd124631
Update README.md
Update reference to gcp-jwt-go
2018-09-19 20:36:47 -04:00
Dave Grijalva 0b96aaa707
Merge pull request #280 from alias-dev/master
Fix dead link
2018-07-19 14:18:23 -07:00
Alex Andrews a0d8783268
Fix dead link 2018-07-18 11:34:47 +01:00
Dave Grijalva 06ea103174 documentation around expected key types 2018-03-08 15:13:08 -08:00
Dave Grijalva 6a1c681b2a Merge branch 'master' of github.com:dgrijalva/jwt-go 2018-03-08 15:04:15 -08:00
Dave Grijalva 6f4f904379 add options to ParseFromRequest 2018-03-08 15:04:09 -08:00
Dave Grijalva 1f05e5c95c
Merge pull request #181 from jsaguiar/master
Added password protect pem support
2018-03-08 14:50:15 -08:00
Dave Grijalva 3ad59cfd42
Moved old 3.0.0 notice to lower in the doc 2018-03-08 11:57:43 -08:00
Dave Grijalva b5a423081b
notice about security issue before go 1.8.3 2018-03-08 11:55:13 -08:00
Dave Grijalva 27d85fe4a0 fixed a formatting error in a test 2018-03-08 11:28:04 -08:00
Dave Grijalva b606e8202f documenting changes for upcoming 3.2.0 release 2018-03-08 11:16:21 -08:00
Dave Grijalva 3265a9bebd
Merge pull request #152 from pusher/parse-unverified
Introduce (*Parser).ParseUnverified
2018-03-08 11:01:10 -08:00
Dave Grijalva 5cc2026634
Merge pull request #219 from geertjanvdk/feat/parse
Handle ValidationError returned by keyFunc in jwt.ParseWithClaims
2018-03-08 10:58:47 -08:00
Dave Grijalva f75bbb3cc8
Merge pull request #205 from zamicol/icon_godoc
add godoc icon
2018-03-08 10:36:15 -08:00
Dave Grijalva d6bbf373d8
Merge pull request #209 from zhyuri/patch-1
A better error msg
2018-03-08 10:34:53 -08:00
Dave Grijalva 40ec5516a0
Merge pull request #220 from polarina/readme-alt-include
readme: Bump version of alternative package include
2018-03-08 10:33:32 -08:00
Dave Grijalva c3e930abb0
Notice about upcoming 4.0.0 release 2018-03-08 10:18:44 -08:00
Dave Grijalva dbeaa9332f 3.1.0 changelog 2017-10-19 14:57:19 -07:00
Gabríel Arthúr Pétursson 08b573c692 readme: Bump version of alternative package include 2017-07-03 19:13:07 +00:00
Geert Vanderkelen cb914dd542 Handle ValidationError returned by keyFunc in jwt.ParseWithClaims
Previously, returning a `jwt.ValidationError` from `jwt.Parse()` or
`jwt.ParseWithClaims()` would result values the error to be
ignored.
For example, when testing the signature while parsing the token, it
was not possible to return `jwt.ValidationErrorSignatureInvalid`.
The documentation shows an example for returning an `errors.Error`,
but this is not enough.

We change the `jwt.ParseWithClaims()`-function and check whether the
returned error from the `KeyFunc` is already a
`jwt.ValidationError`-type and return as-is.

This allows us to do the following:

  token, err := jwt.ParseWithClaims(authToken, claims, func(token
    *jwt.Token) (interface{}, error) {
    if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
        vErr := new(jwt.ValidationError)
        vErr.Errors = jwt.ValidationErrorSignatureInvalid
        vErr.Inner = fmt.Errorf("invalid signature")
        return nil, vErr
    }
    return []byte(MySecret), nil
  })

The idea is to then be able to check the `Errors`-member:

  } else if ve.Errors&jwt.ValidationErrorSignatureInvalid != 0 {
    return fmt.Errorf("Authentication Token has invalid signature")
  }
2017-06-28 09:16:23 +02:00
Dave Grijalva a539ee1a74 Merge pull request #218 from zoofood/patch-1
minor typo
2017-06-07 17:51:49 -07:00
Jeff Rouse b425822dfa minor typo 2017-06-07 17:13:34 -07:00
Dave Grijalva 6c8dedd55f updated note on alg type vulnerability 2017-05-08 09:54:58 -07:00
Yuri c1d75b01d5 A better error msg
Change ErrInvalidKey to ErrInvalidKeyType
2017-04-01 16:04:41 +08:00
Zach Collier fd360ca1aa add godoc icon 2017-03-16 10:55:35 -06:00
Dave Grijalva 2268707a8f Merge pull request #183 from hnakamur/support_rs256_in_jwt_command
Support RS256 algorithm in jwt command
2017-02-01 14:58:49 -08:00
Dave Grijalva e0b2941cad Merge pull request #196 from dgrijalva/dg/cmd_args
Allow claims and headers to be specified at command line
2017-02-01 10:44:39 -08:00
Dave Grijalva aaadee5836 s/head/header/ 2017-02-01 10:44:25 -08:00
Dave Grijalva 53194fccb3 allow claims and headers to be specified at command line 2017-01-31 11:36:56 -08:00
Dave Grijalva a601269ab7 Merge pull request #190 from jamesrwhite/patch-1
Clarify hmacSampleSecret type
2017-01-04 10:22:50 -08:00
James White b08784ba5a Clarify hmacSampleSecret type
From looking at the godoc for this (https://godoc.org/github.com/dgrijalva/jwt-go#example-Parse--Hmac) it isn't clear what the type of hmacSampleSecret should be as you can't see the rest of this file. I ended up having to search through the code to figure out it needed to be a byte array.
2017-01-04 11:40:11 +00:00
Hiroaki Nakamura c5d6625a50 Support RS256 algorithm in jwt command 2016-11-21 18:56:50 +09:00
Joao Aguiar 053ba766a6 Added passoword protect PEM support 2016-11-03 17:50:08 +00:00
Dave Grijalva 9ed569b5d1 Merge pull request #180 from kevinburke/fix-unreachable
Remove unreachable code
2016-11-01 12:39:35 -07:00
Kevin Burke e58d3b7548
Remove unreachable code
`go vet` on Go 1.8 errors because this line of code is unreachable. Adds
a check that new code passes go vet, and adds Go 1.7 to travisci.
2016-11-01 09:59:08 -07:00
zimbatm f46fb7ef12 ParseUnverified: add tests 2016-09-14 15:23:18 +01:00
zimbatm bf316c4813 Introduce (*Parser).ParseUnverified
This is not something users of this library would commonly use but I'm
hitting a case where I still want to transmit the values contained
inside of the token trough the system, after it's been verified by the
frontend.

In that case it would be easier just to transmit the token around and be
able to parse the values within, without having to verify the signature.
The backend services also don't have access to the user secrets to
validate the signature.
2016-09-14 15:23:18 +01:00