re
/
jwt
forked from mirror/jwt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
363 Commits 17 Branches 24 Tags 968 KiB
Commit Graph

363 Commits

Author SHA1 Message Date
Vladimir Skipor f47e6a7bc1 Use salt length equals hash, but verify auto salt length too in RSA PSS sign methods. 
Fixes #285.
 2018-11-11 22:39:07 +03:00
Sebastian 494b63caeb
Update RFC link 
Old link led to a page that was just a link to this new page.
 2018-10-24 09:18:46 -05:00
Dave Grijalva 3af4c746e1
Merge pull request #292 from someone1/patch-1 
Update README.md
 2018-09-21 11:23:15 -06:00
Prateek Malhotra febd124631
Update README.md 
Update reference to gcp-jwt-go
 2018-09-19 20:36:47 -04:00
Dave Grijalva 0b96aaa707
Merge pull request #280 from alias-dev/master 
Fix dead link
 2018-07-19 14:18:23 -07:00
Alex Andrews a0d8783268
Fix dead link 2018-07-18 11:34:47 +01:00
Dave Grijalva 06ea103174 documentation around expected key types 2018-03-08 15:13:08 -08:00
Dave Grijalva 6a1c681b2a Merge branch 'master' of github.com:dgrijalva/jwt-go 2018-03-08 15:04:15 -08:00
Dave Grijalva 6f4f904379 add options to ParseFromRequest 2018-03-08 15:04:09 -08:00
Dave Grijalva 1f05e5c95c
Merge pull request #181 from jsaguiar/master 
Added password protect pem support
 2018-03-08 14:50:15 -08:00
Dave Grijalva 3ad59cfd42
Moved old 3.0.0 notice to lower in the doc 2018-03-08 11:57:43 -08:00
Dave Grijalva b5a423081b
notice about security issue before go 1.8.3 2018-03-08 11:55:13 -08:00
Dave Grijalva 27d85fe4a0 fixed a formatting error in a test 2018-03-08 11:28:04 -08:00
Dave Grijalva b606e8202f documenting changes for upcoming 3.2.0 release 2018-03-08 11:16:21 -08:00
Dave Grijalva 3265a9bebd
Merge pull request #152 from pusher/parse-unverified 
Introduce (*Parser).ParseUnverified
 2018-03-08 11:01:10 -08:00
Dave Grijalva 5cc2026634
Merge pull request #219 from geertjanvdk/feat/parse 
Handle ValidationError returned by keyFunc in jwt.ParseWithClaims
 2018-03-08 10:58:47 -08:00
Dave Grijalva f75bbb3cc8
Merge pull request #205 from zamicol/icon_godoc 
add godoc icon
 2018-03-08 10:36:15 -08:00
Dave Grijalva d6bbf373d8
Merge pull request #209 from zhyuri/patch-1 
A better error msg
 2018-03-08 10:34:53 -08:00
Dave Grijalva 40ec5516a0
Merge pull request #220 from polarina/readme-alt-include 
readme: Bump version of alternative package include
 2018-03-08 10:33:32 -08:00
Dave Grijalva c3e930abb0
Notice about upcoming 4.0.0 release 2018-03-08 10:18:44 -08:00
Dave Grijalva dbeaa9332f 3.1.0 changelog 2017-10-19 14:57:19 -07:00
Gabríel Arthúr Pétursson 08b573c692 readme: Bump version of alternative package include 2017-07-03 19:13:07 +00:00
Geert Vanderkelen cb914dd542 Handle ValidationError returned by keyFunc in jwt.ParseWithClaims 
Previously, returning a `jwt.ValidationError` from `jwt.Parse()` or
`jwt.ParseWithClaims()` would result values the error to be
ignored.
For example, when testing the signature while parsing the token, it
was not possible to return `jwt.ValidationErrorSignatureInvalid`.
The documentation shows an example for returning an `errors.Error`,
but this is not enough.

We change the `jwt.ParseWithClaims()`-function and check whether the
returned error from the `KeyFunc` is already a
`jwt.ValidationError`-type and return as-is.

This allows us to do the following:

  token, err := jwt.ParseWithClaims(authToken, claims, func(token
    *jwt.Token) (interface{}, error) {
    if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
        vErr := new(jwt.ValidationError)
        vErr.Errors = jwt.ValidationErrorSignatureInvalid
        vErr.Inner = fmt.Errorf("invalid signature")
        return nil, vErr
    }
    return []byte(MySecret), nil
  })

The idea is to then be able to check the `Errors`-member:

  } else if ve.Errors&jwt.ValidationErrorSignatureInvalid != 0 {
    return fmt.Errorf("Authentication Token has invalid signature")
  }
 2017-06-28 09:16:23 +02:00
Dave Grijalva a539ee1a74 Merge pull request #218 from zoofood/patch-1 
minor typo
 2017-06-07 17:51:49 -07:00
Jeff Rouse b425822dfa minor typo 2017-06-07 17:13:34 -07:00
Dave Grijalva 6c8dedd55f updated note on alg type vulnerability 2017-05-08 09:54:58 -07:00
Yuri c1d75b01d5 A better error msg 
Change ErrInvalidKey to ErrInvalidKeyType
 2017-04-01 16:04:41 +08:00
Zach Collier fd360ca1aa add godoc icon 2017-03-16 10:55:35 -06:00
Dave Grijalva 2268707a8f Merge pull request #183 from hnakamur/support_rs256_in_jwt_command 
Support RS256 algorithm in jwt command
 2017-02-01 14:58:49 -08:00
Dave Grijalva e0b2941cad Merge pull request #196 from dgrijalva/dg/cmd_args 
Allow claims and headers to be specified at command line
 2017-02-01 10:44:39 -08:00
Dave Grijalva aaadee5836 s/head/header/ 2017-02-01 10:44:25 -08:00
Dave Grijalva 53194fccb3 allow claims and headers to be specified at command line 2017-01-31 11:36:56 -08:00
Dave Grijalva a601269ab7 Merge pull request #190 from jamesrwhite/patch-1 
Clarify hmacSampleSecret type
 2017-01-04 10:22:50 -08:00
James White b08784ba5a Clarify hmacSampleSecret type 
From looking at the godoc for this (https://godoc.org/github.com/dgrijalva/jwt-go#example-Parse--Hmac) it isn't clear what the type of hmacSampleSecret should be as you can't see the rest of this file. I ended up having to search through the code to figure out it needed to be a byte array.
 2017-01-04 11:40:11 +00:00
Hiroaki Nakamura c5d6625a50 Support RS256 algorithm in jwt command 2016-11-21 18:56:50 +09:00
Joao Aguiar 053ba766a6 Added passoword protect PEM support 2016-11-03 17:50:08 +00:00
Dave Grijalva 9ed569b5d1 Merge pull request #180 from kevinburke/fix-unreachable 
Remove unreachable code
 2016-11-01 12:39:35 -07:00
Kevin Burke e58d3b7548
Remove unreachable code 
`go vet` on Go 1.8 errors because this line of code is unreachable. Adds
a check that new code passes go vet, and adds Go 1.7 to travisci.
 2016-11-01 09:59:08 -07:00
zimbatm f46fb7ef12 ParseUnverified: add tests 2016-09-14 15:23:18 +01:00
zimbatm bf316c4813 Introduce (*Parser).ParseUnverified 
This is not something users of this library would commonly use but I'm
hitting a case where I still want to transmit the values contained
inside of the token trough the system, after it's been verified by the
frontend.

In that case it would be easier just to transmit the token around and be
able to parse the values within, without having to verify the signature.
The backend services also don't have access to the user secrets to
validate the signature.
 2016-09-14 15:23:18 +01:00
Dave Grijalva 24c63f5652 Merge pull request #166 from johnlockwood-wf/issue-165-missing-arg 
Add the missing name arg
 2016-08-31 11:35:34 -07:00
John.Lockwood 7ff66c6bff Add the missing name arg 2016-08-26 21:32:44 -07:00
Dave Grijalva 63734eae1e Merge pull request #151 from zaichang/FixMigrationGuide 
Fixed migration guide request.ParseFromRequest example code
 2016-07-29 09:48:51 -07:00
Zai 227c99f1af Fixed migration guide request.ParseFromRequest example code 2016-07-20 18:09:44 +02:00
Dave Grijalva 01aeca54eb Merge pull request #146 from pkieltyka/master 
Parser flag to skip claims validation during token parsing
 2016-07-05 13:30:06 -07:00
Peter Kieltyka c9eaceb289 Parser flag to skip claims validation during token parsing 2016-06-21 16:11:54 -04:00
Dave Grijalva f077707632 Merge pull request #140 from kazhuravlev/patch-1 
Fix links
 2016-06-17 10:01:58 -07:00
kazhuravlev 1e9b4c4c60 Fix links 2016-06-17 17:04:01 +03:00
Dave Grijalva d2709f9f1f Merge pull request #77 from dgrijalva/release_3_0_0 
Release 3.0.0
 2016-06-16 12:15:56 -07:00
Dave Grijalva d8c133f558 Merge branch 'master' into release_3_0_0 2016-06-16 12:16:07 -07:00