Commit Graph

16 Commits

Author SHA1 Message Date
dillonstreator 843e9bfe4d
add documentation to hmac `Verify` & `Sign` to detail why string is not an advisable input for key (#249)
* add documentation around Verify & Sign to detail why string is not an advisable input for key

* Refer to the usage guide

---------

Co-authored-by: Dillon Streator <dillonstreator@Dillons-2nd-MacBook-Pro.local>
Co-authored-by: Christian Banse <oxisto@aybaze.com>
2023-03-31 13:19:48 +02:00
Christian Banse b357385d3e
Moving `DecodeSegement` to `Parser` (#278)
* Moving `DecodeSegement` to `Parser`

This would allow us to remove some global variables and move them to parser options as well as potentially introduce interfaces for json and b64 encoding/decoding to replace the std lib, if someone wanted to do that for performance reasons.

We keep the functions exported because of explicit user demand.

* Sign/Verify does take the decoded form now
2023-03-24 19:13:09 +01:00
Michael Fridman 2ebb50f957
Adds go module support /v4 (#41)
Additionally, added `staticcheck` for basic static code analysis (#44)

Co-authored-by: Christian Banse <oxisto@aybaze.com>
2021-08-03 15:51:01 +02:00
Dave Grijalva 06ea103174 documentation around expected key types 2018-03-08 15:13:08 -08:00
Yuri c1d75b01d5 A better error msg
Change ErrInvalidKey to ErrInvalidKeyType
2017-04-01 16:04:41 +08:00
Dave Grijalva 6fd0370e43 Merge branch 'master' of https://github.com/martinlindhe/jwt-go into patch_109 2016-06-07 10:34:06 -07:00
Martin Lindhe f7288992d2 split ErrInvalidKey into ErrInvalidType and ErrInvalidKey 2015-12-29 22:51:54 +01:00
Dave Grijalva 581ca99478 minor refactor of HMAC verify for legibility. no functional changes 2015-09-14 12:07:47 -07:00
Dave Grijalva a3e2f13bb7 added documentation for HMAC Sign method 2015-01-13 21:33:50 -08:00
Nathaniel Kofalt 9a3c6fd1e3 Fix timing side-channel attack in hmac comparison 2014-12-28 19:31:54 -06:00
Alan Harper 1663b3c6c2 Move errors to variables so they can be matched against 2014-10-20 16:09:02 +11:00
Ian Bishop 0c21a058ab Lowercase error messages 2014-09-08 11:42:58 +10:00
Dave Grijalva 35c43501ff documentation 2014-08-26 15:30:37 -07:00
Dave Grijalva 2ef58916cc return an error if the requested hash method hasn't been compiled in 2014-08-26 15:00:15 -07:00
Simon Jefford 23cb3af02c pass keys as interface{} rather than []byte
This will allow clients to pass, for example, their own instances of
rsa.PublicKey if the key is not specified as some flavour of X509
cert. For example, Salesforce just specify the modulus and
exponent (https://login.salesforce.com/id/keys)
2014-08-26 14:14:17 -07:00
Dave Grijalva 5aed334e04 Added support for HS384 and HS512 signing methods
Renamed type SigningMethodHS256 to SigningMethodHMAC
Added contstants SigningMethodHS256, SigningMethodHS384, and SigningMethodHS512 to support each of these methods
Added simple tests to support these new methods
2014-07-05 15:08:42 -07:00