Dave Grijalva
c2916b1122
Merge pull request #305 from skipor/fix_rsa_pss_salt_length
...
Use RSA PSS salt length equals hash - fix validation issue.
2020-01-06 17:31:46 -08:00
Dave Grijalva
aab9974e8c
Merge pull request #339 from swchoi727/fix-error-msg
...
Changed error msg to not be misleading for public key decoding errors
2020-01-06 17:30:03 -08:00
Dave Grijalva
43aa750e43
Merge pull request #344 from kamedono/parser-ecdsa-pkcs8
...
Add ECDSA pkcs8 parser
2020-01-06 17:29:25 -08:00
Dave Grijalva
b08b43b479
Merge pull request #362 from aboodman/patch-1
...
Clarify expected format for key files.
2020-01-06 17:26:35 -08:00
Aaron Boodman
195174e229
Clarify expected format for key files.
2019-10-28 21:57:07 -10:00
toshikihigaki
e02edc50e4
add parser
2019-07-26 16:30:49 +09:00
Seung-Woo Choi
29384ebfa4
changed error msg to not be misleading for public key decoding errors
2019-06-24 16:25:47 -07:00
Dave Grijalva
5e25c22bd5
added installation instructions to command readme
2019-06-20 11:01:02 -07:00
Dave Grijalva
7cd734deee
added troubleshooting section
2019-05-30 10:48:54 -07:00
Dave Grijalva
8a74229d83
Merge pull request #311 from fredbi/add-cli-support-for-rsapss
...
Added support for RSA-PSS in jwt CLI
2019-05-28 14:08:42 -07:00
Dave Grijalva
2f61636070
Merge pull request #328 from cbeach/master
...
Fixing a broken link
2019-05-28 12:18:04 -07:00
Casey Beach
5bff06a4f9
Fixing a broken link
...
I realized that I can actually fix this myself.
After the 75th time navigating through the "broken" link I'm going to
do just that.
2019-05-16 12:09:44 -07:00
Frederic BIDON
382e92cd09
Added support for RSA-PSS in jwt CLI
...
* input key is RSA for RS* _and_ PS* algs
Signed-off-by: Frederic BIDON <fredbi@yahoo.com>
2019-01-03 16:53:25 +01:00
Vladimir Skipor
f47e6a7bc1
Use salt length equals hash, but verify auto salt length too in RSA PSS sign methods.
...
Fixes #285 .
2018-11-11 22:39:07 +03:00
Dave Grijalva
3af4c746e1
Merge pull request #292 from someone1/patch-1
...
Update README.md
2018-09-21 11:23:15 -06:00
Prateek Malhotra
febd124631
Update README.md
...
Update reference to gcp-jwt-go
2018-09-19 20:36:47 -04:00
Dave Grijalva
0b96aaa707
Merge pull request #280 from alias-dev/master
...
Fix dead link
2018-07-19 14:18:23 -07:00
Alex Andrews
a0d8783268
Fix dead link
2018-07-18 11:34:47 +01:00
Dave Grijalva
06ea103174
documentation around expected key types
2018-03-08 15:13:08 -08:00
Dave Grijalva
6a1c681b2a
Merge branch 'master' of github.com:dgrijalva/jwt-go
2018-03-08 15:04:15 -08:00
Dave Grijalva
6f4f904379
add options to ParseFromRequest
2018-03-08 15:04:09 -08:00
Dave Grijalva
1f05e5c95c
Merge pull request #181 from jsaguiar/master
...
Added password protect pem support
2018-03-08 14:50:15 -08:00
Dave Grijalva
3ad59cfd42
Moved old 3.0.0 notice to lower in the doc
2018-03-08 11:57:43 -08:00
Dave Grijalva
b5a423081b
notice about security issue before go 1.8.3
2018-03-08 11:55:13 -08:00
Dave Grijalva
27d85fe4a0
fixed a formatting error in a test
2018-03-08 11:28:04 -08:00
Dave Grijalva
b606e8202f
documenting changes for upcoming 3.2.0 release
2018-03-08 11:16:21 -08:00
Dave Grijalva
3265a9bebd
Merge pull request #152 from pusher/parse-unverified
...
Introduce (*Parser).ParseUnverified
2018-03-08 11:01:10 -08:00
Dave Grijalva
5cc2026634
Merge pull request #219 from geertjanvdk/feat/parse
...
Handle ValidationError returned by keyFunc in jwt.ParseWithClaims
2018-03-08 10:58:47 -08:00
Dave Grijalva
f75bbb3cc8
Merge pull request #205 from zamicol/icon_godoc
...
add godoc icon
2018-03-08 10:36:15 -08:00
Dave Grijalva
d6bbf373d8
Merge pull request #209 from zhyuri/patch-1
...
A better error msg
2018-03-08 10:34:53 -08:00
Dave Grijalva
40ec5516a0
Merge pull request #220 from polarina/readme-alt-include
...
readme: Bump version of alternative package include
2018-03-08 10:33:32 -08:00
Dave Grijalva
c3e930abb0
Notice about upcoming 4.0.0 release
2018-03-08 10:18:44 -08:00
Dave Grijalva
dbeaa9332f
3.1.0 changelog
2017-10-19 14:57:19 -07:00
Gabríel Arthúr Pétursson
08b573c692
readme: Bump version of alternative package include
2017-07-03 19:13:07 +00:00
Geert Vanderkelen
cb914dd542
Handle ValidationError returned by keyFunc in jwt.ParseWithClaims
...
Previously, returning a `jwt.ValidationError` from `jwt.Parse()` or
`jwt.ParseWithClaims()` would result values the error to be
ignored.
For example, when testing the signature while parsing the token, it
was not possible to return `jwt.ValidationErrorSignatureInvalid`.
The documentation shows an example for returning an `errors.Error`,
but this is not enough.
We change the `jwt.ParseWithClaims()`-function and check whether the
returned error from the `KeyFunc` is already a
`jwt.ValidationError`-type and return as-is.
This allows us to do the following:
token, err := jwt.ParseWithClaims(authToken, claims, func(token
*jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
vErr := new(jwt.ValidationError)
vErr.Errors = jwt.ValidationErrorSignatureInvalid
vErr.Inner = fmt.Errorf("invalid signature")
return nil, vErr
}
return []byte(MySecret), nil
})
The idea is to then be able to check the `Errors`-member:
} else if ve.Errors&jwt.ValidationErrorSignatureInvalid != 0 {
return fmt.Errorf("Authentication Token has invalid signature")
}
2017-06-28 09:16:23 +02:00
Dave Grijalva
a539ee1a74
Merge pull request #218 from zoofood/patch-1
...
minor typo
2017-06-07 17:51:49 -07:00
Jeff Rouse
b425822dfa
minor typo
2017-06-07 17:13:34 -07:00
Dave Grijalva
6c8dedd55f
updated note on alg type vulnerability
2017-05-08 09:54:58 -07:00
Yuri
c1d75b01d5
A better error msg
...
Change ErrInvalidKey to ErrInvalidKeyType
2017-04-01 16:04:41 +08:00
Zach Collier
fd360ca1aa
add godoc icon
2017-03-16 10:55:35 -06:00
Dave Grijalva
2268707a8f
Merge pull request #183 from hnakamur/support_rs256_in_jwt_command
...
Support RS256 algorithm in jwt command
2017-02-01 14:58:49 -08:00
Dave Grijalva
e0b2941cad
Merge pull request #196 from dgrijalva/dg/cmd_args
...
Allow claims and headers to be specified at command line
2017-02-01 10:44:39 -08:00
Dave Grijalva
aaadee5836
s/head/header/
2017-02-01 10:44:25 -08:00
Dave Grijalva
53194fccb3
allow claims and headers to be specified at command line
2017-01-31 11:36:56 -08:00
Dave Grijalva
a601269ab7
Merge pull request #190 from jamesrwhite/patch-1
...
Clarify hmacSampleSecret type
2017-01-04 10:22:50 -08:00
James White
b08784ba5a
Clarify hmacSampleSecret type
...
From looking at the godoc for this (https://godoc.org/github.com/dgrijalva/jwt-go#example-Parse--Hmac ) it isn't clear what the type of hmacSampleSecret should be as you can't see the rest of this file. I ended up having to search through the code to figure out it needed to be a byte array.
2017-01-04 11:40:11 +00:00
Hiroaki Nakamura
c5d6625a50
Support RS256 algorithm in jwt command
2016-11-21 18:56:50 +09:00
Joao Aguiar
053ba766a6
Added passoword protect PEM support
2016-11-03 17:50:08 +00:00
Dave Grijalva
9ed569b5d1
Merge pull request #180 from kevinburke/fix-unreachable
...
Remove unreachable code
2016-11-01 12:39:35 -07:00
Kevin Burke
e58d3b7548
Remove unreachable code
...
`go vet` on Go 1.8 errors because this line of code is unreachable. Adds
a check that new code passes go vet, and adds Go 1.7 to travisci.
2016-11-01 09:59:08 -07:00