* Fix issue with MapClaims VerifyAudience []string
There was an issue in MapClaims's VerifyAudiance where a []string (which
is valid in the spec) would return true (claim is found, or nil) when required
was not set.
It now checks interface types correctly and has tests written
Signed-off-by: Alistair Hey <alistair@heyal.co.uk>
* Keep aud validation constant time compare
Keep aud validation using constant time compare by not instantly
returning on a true comparison, keep comparing all options and store
result in a variable
Signed-off-by: Alistair Hey <alistair@heyal.co.uk>
Co-authored-by: Banse, Christian <christian.banse@aisec.fraunhofer.de>
* initial go module file
Signed-off-by: sadmansakib <ssadman8@gmail.com>
* fix linting issues
Signed-off-by: sadmansakib <ssadman8@gmail.com>
* rename module to golang-jwt/jwt
Signed-off-by: sadmansakib <ssadman8@gmail.com>
* Renamed imports to match with go module name.
Signed-off-by: sadmansakib <ssadman8@gmail.com>
* update travis for latest go versions
Signed-off-by: sadmansakib <ssadman8@gmail.com>
* Set go version to 1.14
lowered the go version to make it consistent with matrix build
* revert accidental changes while renaming
Signed-off-by: sadmansakib <ssadman8@gmail.com>
* remove travis CI
no longer needed since github actions workflow was created for the
project
Signed-off-by: sadmansakib <ssadman8@gmail.com>
* Revert "remove travis CI"
This reverts commit b3ae57f710.
* update travis for older go versions
* Providing full test matrix
* Only testing Go version with module support on GitHub actions
* Only testing legacy versions on travis. Will be deprecated in time
Previously, returning a `jwt.ValidationError` from `jwt.Parse()` or
`jwt.ParseWithClaims()` would result values the error to be
ignored.
For example, when testing the signature while parsing the token, it
was not possible to return `jwt.ValidationErrorSignatureInvalid`.
The documentation shows an example for returning an `errors.Error`,
but this is not enough.
We change the `jwt.ParseWithClaims()`-function and check whether the
returned error from the `KeyFunc` is already a
`jwt.ValidationError`-type and return as-is.
This allows us to do the following:
token, err := jwt.ParseWithClaims(authToken, claims, func(token
*jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
vErr := new(jwt.ValidationError)
vErr.Errors = jwt.ValidationErrorSignatureInvalid
vErr.Inner = fmt.Errorf("invalid signature")
return nil, vErr
}
return []byte(MySecret), nil
})
The idea is to then be able to check the `Errors`-member:
} else if ve.Errors&jwt.ValidationErrorSignatureInvalid != 0 {
return fmt.Errorf("Authentication Token has invalid signature")
}
Alistair Hey