Commit Graph

325 Commits

Author SHA1 Message Date
Dave Grijalva c2916b1122
Merge pull request #305 from skipor/fix_rsa_pss_salt_length
Use RSA PSS salt length equals hash - fix validation issue.
2020-01-06 17:31:46 -08:00
Dave Grijalva aab9974e8c
Merge pull request #339 from swchoi727/fix-error-msg
Changed error msg to not be misleading for public key decoding errors
2020-01-06 17:30:03 -08:00
Dave Grijalva 43aa750e43
Merge pull request #344 from kamedono/parser-ecdsa-pkcs8
Add ECDSA pkcs8 parser
2020-01-06 17:29:25 -08:00
Dave Grijalva b08b43b479
Merge pull request #362 from aboodman/patch-1
Clarify expected format for key files.
2020-01-06 17:26:35 -08:00
Aaron Boodman 195174e229
Clarify expected format for key files. 2019-10-28 21:57:07 -10:00
toshikihigaki e02edc50e4 add parser 2019-07-26 16:30:49 +09:00
Seung-Woo Choi 29384ebfa4 changed error msg to not be misleading for public key decoding errors 2019-06-24 16:25:47 -07:00
Dave Grijalva 5e25c22bd5
added installation instructions to command readme 2019-06-20 11:01:02 -07:00
Dave Grijalva 7cd734deee
added troubleshooting section 2019-05-30 10:48:54 -07:00
Dave Grijalva 8a74229d83
Merge pull request #311 from fredbi/add-cli-support-for-rsapss
Added support for RSA-PSS in jwt CLI
2019-05-28 14:08:42 -07:00
Dave Grijalva 2f61636070
Merge pull request #328 from cbeach/master
Fixing a broken link
2019-05-28 12:18:04 -07:00
Casey Beach 5bff06a4f9 Fixing a broken link
I realized that I can actually fix this myself.
  After the 75th time navigating through the "broken" link I'm going to
  do just that.
2019-05-16 12:09:44 -07:00
Frederic BIDON 382e92cd09
Added support for RSA-PSS in jwt CLI
* input key is RSA for RS* _and_ PS* algs

Signed-off-by: Frederic BIDON <fredbi@yahoo.com>
2019-01-03 16:53:25 +01:00
Vladimir Skipor f47e6a7bc1 Use salt length equals hash, but verify auto salt length too in RSA PSS sign methods.
Fixes #285.
2018-11-11 22:39:07 +03:00
Dave Grijalva 3af4c746e1
Merge pull request #292 from someone1/patch-1
Update README.md
2018-09-21 11:23:15 -06:00
Prateek Malhotra febd124631
Update README.md
Update reference to gcp-jwt-go
2018-09-19 20:36:47 -04:00
Dave Grijalva 0b96aaa707
Merge pull request #280 from alias-dev/master
Fix dead link
2018-07-19 14:18:23 -07:00
Alex Andrews a0d8783268
Fix dead link 2018-07-18 11:34:47 +01:00
Dave Grijalva 06ea103174 documentation around expected key types 2018-03-08 15:13:08 -08:00
Dave Grijalva 6a1c681b2a Merge branch 'master' of github.com:dgrijalva/jwt-go 2018-03-08 15:04:15 -08:00
Dave Grijalva 6f4f904379 add options to ParseFromRequest 2018-03-08 15:04:09 -08:00
Dave Grijalva 1f05e5c95c
Merge pull request #181 from jsaguiar/master
Added password protect pem support
2018-03-08 14:50:15 -08:00
Dave Grijalva 3ad59cfd42
Moved old 3.0.0 notice to lower in the doc 2018-03-08 11:57:43 -08:00
Dave Grijalva b5a423081b
notice about security issue before go 1.8.3 2018-03-08 11:55:13 -08:00
Dave Grijalva 27d85fe4a0 fixed a formatting error in a test 2018-03-08 11:28:04 -08:00
Dave Grijalva b606e8202f documenting changes for upcoming 3.2.0 release 2018-03-08 11:16:21 -08:00
Dave Grijalva 3265a9bebd
Merge pull request #152 from pusher/parse-unverified
Introduce (*Parser).ParseUnverified
2018-03-08 11:01:10 -08:00
Dave Grijalva 5cc2026634
Merge pull request #219 from geertjanvdk/feat/parse
Handle ValidationError returned by keyFunc in jwt.ParseWithClaims
2018-03-08 10:58:47 -08:00
Dave Grijalva f75bbb3cc8
Merge pull request #205 from zamicol/icon_godoc
add godoc icon
2018-03-08 10:36:15 -08:00
Dave Grijalva d6bbf373d8
Merge pull request #209 from zhyuri/patch-1
A better error msg
2018-03-08 10:34:53 -08:00
Dave Grijalva 40ec5516a0
Merge pull request #220 from polarina/readme-alt-include
readme: Bump version of alternative package include
2018-03-08 10:33:32 -08:00
Dave Grijalva c3e930abb0
Notice about upcoming 4.0.0 release 2018-03-08 10:18:44 -08:00
Dave Grijalva dbeaa9332f 3.1.0 changelog 2017-10-19 14:57:19 -07:00
Gabríel Arthúr Pétursson 08b573c692 readme: Bump version of alternative package include 2017-07-03 19:13:07 +00:00
Geert Vanderkelen cb914dd542 Handle ValidationError returned by keyFunc in jwt.ParseWithClaims
Previously, returning a `jwt.ValidationError` from `jwt.Parse()` or
`jwt.ParseWithClaims()` would result values the error to be
ignored.
For example, when testing the signature while parsing the token, it
was not possible to return `jwt.ValidationErrorSignatureInvalid`.
The documentation shows an example for returning an `errors.Error`,
but this is not enough.

We change the `jwt.ParseWithClaims()`-function and check whether the
returned error from the `KeyFunc` is already a
`jwt.ValidationError`-type and return as-is.

This allows us to do the following:

  token, err := jwt.ParseWithClaims(authToken, claims, func(token
    *jwt.Token) (interface{}, error) {
    if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
        vErr := new(jwt.ValidationError)
        vErr.Errors = jwt.ValidationErrorSignatureInvalid
        vErr.Inner = fmt.Errorf("invalid signature")
        return nil, vErr
    }
    return []byte(MySecret), nil
  })

The idea is to then be able to check the `Errors`-member:

  } else if ve.Errors&jwt.ValidationErrorSignatureInvalid != 0 {
    return fmt.Errorf("Authentication Token has invalid signature")
  }
2017-06-28 09:16:23 +02:00
Dave Grijalva a539ee1a74 Merge pull request #218 from zoofood/patch-1
minor typo
2017-06-07 17:51:49 -07:00
Jeff Rouse b425822dfa minor typo 2017-06-07 17:13:34 -07:00
Dave Grijalva 6c8dedd55f updated note on alg type vulnerability 2017-05-08 09:54:58 -07:00
Yuri c1d75b01d5 A better error msg
Change ErrInvalidKey to ErrInvalidKeyType
2017-04-01 16:04:41 +08:00
Zach Collier fd360ca1aa add godoc icon 2017-03-16 10:55:35 -06:00
Dave Grijalva 2268707a8f Merge pull request #183 from hnakamur/support_rs256_in_jwt_command
Support RS256 algorithm in jwt command
2017-02-01 14:58:49 -08:00
Dave Grijalva e0b2941cad Merge pull request #196 from dgrijalva/dg/cmd_args
Allow claims and headers to be specified at command line
2017-02-01 10:44:39 -08:00
Dave Grijalva aaadee5836 s/head/header/ 2017-02-01 10:44:25 -08:00
Dave Grijalva 53194fccb3 allow claims and headers to be specified at command line 2017-01-31 11:36:56 -08:00
Dave Grijalva a601269ab7 Merge pull request #190 from jamesrwhite/patch-1
Clarify hmacSampleSecret type
2017-01-04 10:22:50 -08:00
James White b08784ba5a Clarify hmacSampleSecret type
From looking at the godoc for this (https://godoc.org/github.com/dgrijalva/jwt-go#example-Parse--Hmac) it isn't clear what the type of hmacSampleSecret should be as you can't see the rest of this file. I ended up having to search through the code to figure out it needed to be a byte array.
2017-01-04 11:40:11 +00:00
Hiroaki Nakamura c5d6625a50 Support RS256 algorithm in jwt command 2016-11-21 18:56:50 +09:00
Joao Aguiar 053ba766a6 Added passoword protect PEM support 2016-11-03 17:50:08 +00:00
Dave Grijalva 9ed569b5d1 Merge pull request #180 from kevinburke/fix-unreachable
Remove unreachable code
2016-11-01 12:39:35 -07:00
Kevin Burke e58d3b7548
Remove unreachable code
`go vet` on Go 1.8 errors because this line of code is unreachable. Adds
a check that new code passes go vet, and adds Go 1.7 to travisci.
2016-11-01 09:59:08 -07:00