KroKite
f2878bb94b
fix: link update for README.md for v4 ( #217 )
...
Co-authored-by: Christian Banse <oxisto@aybaze.com>
2022-08-15 12:45:52 +02:00
George Kechagias
9294af54b5
chore: remove unused claims in RSA table driven test ( #212 )
2022-06-04 08:03:41 -04:00
Qian Qiao
2da0bf7566
Fixed integer overflow in NumericDate.MarshalJSON ( #200 )
2022-06-03 22:13:34 -04:00
Christian Banse
8fb42696ff
Update SECURITY.md ( #207 )
2022-05-28 21:53:11 +02:00
Michael Fridman
cf43decf7c
Create SECURITY.md ( #171 )
2022-05-28 12:40:34 -04:00
Michael Fridman
4426925f0c
CI check for Go code formatting ( #206 )
...
Signed-off-by: jay-dee7 <jasdeepsingh.uppal@gmail.com>
Co-authored-by: jay-dee7 <jasdeepsingh.uppal@gmail.com>
2022-05-28 16:03:15 +02:00
Håvard Anda Estensen
f6c6299f67
chore: replace ioutil with io and os ( #198 )
2022-05-27 19:11:16 -04:00
Luigi Morel
89a6400b7f
add installation guidelines to the README file ( #204 )
2022-05-27 19:07:25 -04:00
Vladislav Polyakov
6e2ab4291f
docs: update link to pkg.go.dev page ( #195 )
2022-04-19 17:45:50 +02:00
Christian Banse
83478b3c8f
Added MicahParks/keyfunc to extensions ( #194 )
2022-04-18 22:01:59 +02:00
Michael Fridman
0972257eba
Revert "feat: port clockskew support ( #139 )" ( #184 )
...
This reverts commit d489c99d3e
.
2022-03-26 10:13:03 -04:00
Michael Fridman
1096e506e6
Add go1.18 to ci pipeline ( #173 )
2022-03-18 07:15:45 -04:00
ksegun
d489c99d3e
feat: port clockskew support ( #139 )
...
Co-authored-by: Kolawole Segun <Kolawole.Segun@kyndryl.com>
Co-authored-by: Christian Banse <oxisto@aybaze.com>
2022-03-08 08:43:46 +01:00
ydylla
6de17d3b3e
fix: expired token error message ( #165 )
2022-02-15 08:31:33 -05:00
Michael Fridman
279dd19720
Set json encoding precision ( #162 )
2022-02-09 21:54:31 -05:00
Giau. Tran Minh
863d23d08a
fix: fixed typo detect by cSpell ( #164 )
2022-02-09 13:14:42 -03:00
Michael Fridman
2387103809
Add JWT logo image attribution ( #161 )
2022-02-08 22:35:49 -05:00
Máté Lang
d0c0939ff8
updated README.md to contain more extensions ( #155 )
...
* updated README.md to contain more extensions
* Update README.md
Co-authored-by: Luis Gabriel Gomez <lggomez@users.noreply.github.com>
Co-authored-by: Luis Gabriel Gomez <lggomez@users.noreply.github.com>
2022-02-03 08:49:22 -03:00
hyeonjae
e01ed05a31
remove unnecessary for loop in token signing string for readability ( #34 )
...
* remove unnecessary for loop in token signing string for readability
- add testcase
- add benchmark
- improve performance slightly
* Fix benchtests on token_test.go
* Update token_test.go to v4
Co-authored-by: hyeonjae <hyeonjae@ip-192-168-1-3.ap-northeast-2.compute.internal>
Co-authored-by: Luis Gabriel Gomez <lggomez@users.noreply.github.com>
2022-02-03 08:47:58 -03:00
Christian Banse
78a18c0808
Implementing `Is(err) bool` to support Go 1.13 style error checking ( #136 )
2022-01-19 22:55:19 +01:00
Stefan Tudose
0fb40d3824
use errors.Is for extractor errors ( #141 )
2021-12-15 12:50:05 +01:00
tfonfara
c435f38291
#129 : Added VerifyIssuer method to RegisteredClaims ( #130 )
2021-11-24 14:27:41 +01:00
Alexander Yastrebov
a725c1f60c
cmd: list supported algorithms (-alg flag) ( #123 )
2021-11-16 09:00:45 -05:00
Kevin de Berk
823c014036
Unwrap for ValidationError ( #125 )
2021-11-15 09:25:32 -05:00
Alexander Yastrebov
1275a5b909
Allow `none` algorithm in jwt command ( #121 )
2021-11-10 07:33:04 +01:00
ajermaky
f4865cddea
Revert Encoding/Decoding changes for better compatibility ( #117 )
2021-11-06 07:21:20 -04:00
Alexander Yastrebov
9c3665f0fc
Fixes jwt command to support EdDSA algorithm ( #118 )
...
Fixes
```
$ echo '{"foo":"bar"}' | jwt -key test/ed25519-private.pem -alg EdDSA -sign -
Error: error signing token: key is of invalid type
```
Signed-off-by: Alexander Yastrebov <yastrebov.alex@gmail.com>
2021-11-03 09:14:30 -04:00
PiotrKozimor
a2aa655627
Fix int64 overflow in newNumericDateFromSeconds ( #112 )
2021-10-26 21:14:01 -04:00
Sebastien Rosset
c0ffb890f3
Improve code comments, including security consideration ( #107 )
...
* improve code comments, including security consideration
* Add link to URL with details about security vulnerabilities.
* Update token.go
Co-authored-by: Christian Banse <oxisto@aybaze.com>
* Update token.go
Co-authored-by: Christian Banse <oxisto@aybaze.com>
* update code comments
Co-authored-by: Christian Banse <oxisto@aybaze.com>
2021-10-15 09:48:31 -03:00
Christian Banse
65357b9e5b
Introducing functional-style options for the Parser type ( #108 )
2021-10-13 19:36:33 +02:00
Ichinose Shogo
cac353cdc2
fix the comment of VerifyExpiresAt ( #109 )
2021-10-09 18:17:39 -03:00
Sebastien Rosset
fd8cd69d8e
Adjusted `parser_test.go` to include RSA and ECDSA tokens ( #106 )
2021-09-24 21:32:29 +02:00
Hinagiku Soranoba
02bc1ac506
When exp indicates the present, make it invalid. ( #86 )
...
* When exp indicates the present, make it invalid.
* Update map_claims_test.go
Co-authored-by: Christian Banse <oxisto@aybaze.com>
2021-09-10 17:44:55 -04:00
Hyun
d2c5d5ab01
Add EdDSA to "Signing methods and Key types" in README.md ( #103 )
2021-09-10 20:30:13 +02:00
Yoan Blanc
205b3dc4bb
fix link ( #102 )
2021-09-10 08:27:13 -04:00
Michael Fridman
93130d3c71
Create codeql-analysis.yml ( #101 )
2021-09-09 10:42:26 -04:00
yoogo
3f50a786ff
Harmonising capitalisation of "token" in error strings ( #97 )
2021-08-29 20:45:24 +02:00
Mark Karpelès
2bd8ee77fc
Accept `crypto.Signer` that contains a `ed25519.PublicKey` in ed25519 ( #95 )
...
* accept generic crypto.Signer in ed25519 in order to allow usage of other ed25519 providers than crypto/ed25519
* add check to ensure the key is indeed of type ed25519
* adding comment clarifying crypto.Hash(0)
* Update ed25519.go
Co-authored-by: Christian Banse <oxisto@aybaze.com>
2021-08-23 22:56:11 -03:00
Christian Banse
80625fb516
Backwards-compatible implementation of RFC7519's registered claim's structure ( #15 )
...
This PR aims at implementing compliance to RFC7519, as documented in #11 without breaking the public API. It creates a new struct `RegisteredClaims` and deprecates (but not removes) the `StandardClaims`. It introduces a new type `NumericDate`, which represents a JSON numeric date value as specified in the RFC. This allows us to handle float as well as int-based time fields in `aud`, `exp` and `nbf`. Additionally, it introduces the type `StringArray`, which is basically a wrapper around `[]string` to deal with the oddities of the JWT `aud` field.
2021-08-22 19:23:13 +02:00
Luis Gabriel Gomez
c9ab96ba53
jwt: Fix Verify methods documentation ( #83 )
2021-08-22 10:18:33 +02:00
Alexander F. Rødseth
eac9e9edf2
Format code with "go fmt" ( #53 )
2021-08-20 20:43:08 -03:00
Michael Fridman
a06361ba65
ci: add support for go1.17 ( #89 )
2021-08-17 10:05:04 +02:00
Zach Wasserman
bac80eaac8
Link to migration guide in README.md ( #87 )
2021-08-11 16:19:58 -03:00
Francois Lebel
85f0a979dd
Fix typo in note ( #82 )
2021-08-03 17:59:46 -03:00
Luis Gabriel Gomez
3258b3fca0
jwt: Add parser benchmarks ( #70 )
2021-08-03 17:57:36 -03:00
Christian Banse
bd2db2d4a2
Changing pkg.go.dev URL to github.com/golang-jwt/jwt/v4 ( #77 )
...
* Changing pkg.go.dev URL to https://pkg.go.dev/github.com/golang-jwt/jwt/v4
Otherwise, people will end up at the v3 release and might miss on clicking the small "there is a v4 hint" on pkg.go.dev
2021-08-03 19:41:00 +02:00
Michael Fridman
2ebb50f957
Adds go module support /v4 ( #41 )
...
Additionally, added `staticcheck` for basic static code analysis (#44 )
Co-authored-by: Christian Banse <oxisto@aybaze.com>
2021-08-03 15:51:01 +02:00
Christian Banse
4bbdd8ac62
Prepare release 3.2.2 ( #42 )
2021-07-30 16:54:04 -04:00
Sebastiaan van Stijn
8e9d9ebf6f
Fix security vulnerability ( #40 )
...
Fixes a security vulnerability where a jwt token could potentially be validated having invalid string characters.
(cherry picked from commit a211650c6ae1cff6d7347d3e24070d65dcfb1122)
https://github.com/form3tech-oss/jwt-go/pull/14
Co-Authored-By: Giorgos Lampadakis <82932062+giorgos-f3@users.noreply.github.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-30 22:27:54 +02:00
Vasiliy Tolstov
324836737f
add ed25519 support ( #36 )
...
Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org>
2021-07-29 23:57:09 +02:00