re
/
jwt
forked from mirror/jwt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
390 Commits 17 Branches 24 Tags 968 KiB
Commit Graph

390 Commits

Author SHA1 Message Date
Hugo fdaf0eb0e0
Implement a BearerExtractor (#226) 
* Implement a BearerExtractor

This is a rather common extractor; it extracts the JWT from the HTTP
Authorization header, expecting it to include the "Bearer " prefix.

This patterns is rather common and this snippet is repeated in enough
applications that it's probably best to just include it upstream and
allow reusing it.

* Ignore case-sensitivity for "Bearer"
 2022-08-19 13:59:36 +02:00
KroKite f2878bb94b
fix: link update for README.md for v4 (#217) 
Co-authored-by: Christian Banse <oxisto@aybaze.com>
 2022-08-15 12:45:52 +02:00
George Kechagias 9294af54b5
chore: remove unused claims in RSA table driven test (#212) 2022-06-04 08:03:41 -04:00
Qian Qiao 2da0bf7566
Fixed integer overflow in NumericDate.MarshalJSON (#200) 2022-06-03 22:13:34 -04:00
Christian Banse 8fb42696ff
Update SECURITY.md (#207) 2022-05-28 21:53:11 +02:00
Michael Fridman cf43decf7c
Create SECURITY.md (#171) 2022-05-28 12:40:34 -04:00
Michael Fridman 4426925f0c
CI check for Go code formatting (#206) 
Signed-off-by: jay-dee7 <jasdeepsingh.uppal@gmail.com>
Co-authored-by: jay-dee7 <jasdeepsingh.uppal@gmail.com>
 2022-05-28 16:03:15 +02:00
Håvard Anda Estensen f6c6299f67
chore: replace ioutil with io and os (#198) 2022-05-27 19:11:16 -04:00
Luigi Morel 89a6400b7f
add installation guidelines to the README file (#204) 2022-05-27 19:07:25 -04:00
Vladislav Polyakov 6e2ab4291f
docs: update link to pkg.go.dev page (#195) 2022-04-19 17:45:50 +02:00
Christian Banse 83478b3c8f
Added MicahParks/keyfunc to extensions (#194) 2022-04-18 22:01:59 +02:00
Michael Fridman 0972257eba
Revert "feat: port clockskew support (#139)" (#184) 
This reverts commit d489c99d3e.
 2022-03-26 10:13:03 -04:00
Michael Fridman 1096e506e6
Add go1.18 to ci pipeline (#173) 2022-03-18 07:15:45 -04:00
ksegun d489c99d3e
feat: port clockskew support (#139) 
Co-authored-by: Kolawole Segun <Kolawole.Segun@kyndryl.com>
Co-authored-by: Christian Banse <oxisto@aybaze.com>
 2022-03-08 08:43:46 +01:00
ydylla 6de17d3b3e
fix: expired token error message (#165) 2022-02-15 08:31:33 -05:00
Michael Fridman 279dd19720
Set json encoding precision (#162) 2022-02-09 21:54:31 -05:00
Giau. Tran Minh 863d23d08a
fix: fixed typo detect by cSpell (#164) 2022-02-09 13:14:42 -03:00
Michael Fridman 2387103809
Add JWT logo image attribution (#161) 2022-02-08 22:35:49 -05:00
Máté Lang d0c0939ff8
updated README.md to contain more extensions (#155) 
* updated README.md to contain more extensions

* Update README.md

Co-authored-by: Luis Gabriel Gomez <lggomez@users.noreply.github.com>

Co-authored-by: Luis Gabriel Gomez <lggomez@users.noreply.github.com>
 2022-02-03 08:49:22 -03:00
hyeonjae e01ed05a31
remove unnecessary for loop in token signing string for readability (#34) 
* remove unnecessary for loop in token signing string for readability

 - add testcase
 - add benchmark
 - improve performance slightly

* Fix benchtests on token_test.go

* Update token_test.go to v4

Co-authored-by: hyeonjae <hyeonjae@ip-192-168-1-3.ap-northeast-2.compute.internal>
Co-authored-by: Luis Gabriel Gomez <lggomez@users.noreply.github.com>
 2022-02-03 08:47:58 -03:00
Christian Banse 78a18c0808
Implementing `Is(err) bool` to support Go 1.13 style error checking (#136) 2022-01-19 22:55:19 +01:00
Stefan Tudose 0fb40d3824
use errors.Is for extractor errors (#141) 2021-12-15 12:50:05 +01:00
tfonfara c435f38291
#129: Added VerifyIssuer method to RegisteredClaims (#130) 2021-11-24 14:27:41 +01:00
Alexander Yastrebov a725c1f60c
cmd: list supported algorithms (-alg flag) (#123) 2021-11-16 09:00:45 -05:00
Kevin de Berk 823c014036
Unwrap for ValidationError (#125) 2021-11-15 09:25:32 -05:00
Alexander Yastrebov 1275a5b909
Allow `none` algorithm in jwt command (#121) 2021-11-10 07:33:04 +01:00
ajermaky f4865cddea
Revert Encoding/Decoding changes for better compatibility (#117) 2021-11-06 07:21:20 -04:00
Alexander Yastrebov 9c3665f0fc
Fixes jwt command to support EdDSA algorithm (#118) 
Fixes
```
$ echo '{"foo":"bar"}' | jwt -key test/ed25519-private.pem -alg EdDSA -sign -
Error: error signing token: key is of invalid type
```

Signed-off-by: Alexander Yastrebov <yastrebov.alex@gmail.com>
 2021-11-03 09:14:30 -04:00
PiotrKozimor a2aa655627
Fix int64 overflow in newNumericDateFromSeconds (#112) 2021-10-26 21:14:01 -04:00
Sebastien Rosset c0ffb890f3
Improve code comments, including security consideration (#107) 
* improve code comments, including security consideration

* Add link to URL with details about security vulnerabilities.

* Update token.go

Co-authored-by: Christian Banse <oxisto@aybaze.com>

* Update token.go

Co-authored-by: Christian Banse <oxisto@aybaze.com>

* update code comments

Co-authored-by: Christian Banse <oxisto@aybaze.com>
 2021-10-15 09:48:31 -03:00
Christian Banse 65357b9e5b
Introducing functional-style options for the Parser type (#108) 2021-10-13 19:36:33 +02:00
Ichinose Shogo cac353cdc2
fix the comment of VerifyExpiresAt (#109) 2021-10-09 18:17:39 -03:00
Sebastien Rosset fd8cd69d8e
Adjusted `parser_test.go` to include RSA and ECDSA tokens (#106) 2021-09-24 21:32:29 +02:00
Hinagiku Soranoba 02bc1ac506
When exp indicates the present, make it invalid. (#86) 
* When exp indicates the present, make it invalid.

* Update map_claims_test.go

Co-authored-by: Christian Banse <oxisto@aybaze.com>
 2021-09-10 17:44:55 -04:00
Hyun d2c5d5ab01
Add EdDSA to "Signing methods and Key types" in README.md (#103) 2021-09-10 20:30:13 +02:00
Yoan Blanc 205b3dc4bb
fix link (#102) 2021-09-10 08:27:13 -04:00
Michael Fridman 93130d3c71
Create codeql-analysis.yml (#101) 2021-09-09 10:42:26 -04:00
yoogo 3f50a786ff
Harmonising capitalisation of "token" in error strings (#97) 2021-08-29 20:45:24 +02:00
Mark Karpelès 2bd8ee77fc
Accept `crypto.Signer` that contains a `ed25519.PublicKey` in ed25519 (#95) 
* accept generic crypto.Signer in ed25519 in order to allow usage of other ed25519 providers than crypto/ed25519

* add check to ensure the key is indeed of type ed25519

* adding comment clarifying crypto.Hash(0)

* Update ed25519.go

Co-authored-by: Christian Banse <oxisto@aybaze.com>
 2021-08-23 22:56:11 -03:00
Christian Banse 80625fb516
Backwards-compatible implementation of RFC7519's registered claim's structure (#15) 
This PR aims at implementing compliance to RFC7519, as documented in #11 without breaking the public API. It creates a new struct `RegisteredClaims` and deprecates (but not removes) the `StandardClaims`. It introduces a new type `NumericDate`, which represents a JSON numeric date value as specified in the RFC. This allows us to handle float as well as int-based time fields in `aud`, `exp` and `nbf`. Additionally, it introduces the type `StringArray`, which is basically a wrapper around `[]string` to deal with the oddities of the JWT `aud` field.
 2021-08-22 19:23:13 +02:00
Luis Gabriel Gomez c9ab96ba53
jwt: Fix Verify methods documentation (#83) 2021-08-22 10:18:33 +02:00
Alexander F. Rødseth eac9e9edf2
Format code with "go fmt" (#53) 2021-08-20 20:43:08 -03:00
Michael Fridman a06361ba65
ci: add support for go1.17 (#89) 2021-08-17 10:05:04 +02:00
Zach Wasserman bac80eaac8
Link to migration guide in README.md (#87) 2021-08-11 16:19:58 -03:00
Francois Lebel 85f0a979dd
Fix typo in note (#82) 2021-08-03 17:59:46 -03:00
Luis Gabriel Gomez 3258b3fca0
jwt: Add parser benchmarks (#70) 2021-08-03 17:57:36 -03:00
Christian Banse bd2db2d4a2
Changing pkg.go.dev URL to github.com/golang-jwt/jwt/v4 (#77) 
* Changing pkg.go.dev URL to https://pkg.go.dev/github.com/golang-jwt/jwt/v4

Otherwise, people will end up at the v3 release and might miss on clicking the small "there is a v4 hint" on pkg.go.dev
 2021-08-03 19:41:00 +02:00
Michael Fridman 2ebb50f957
Adds go module support /v4 (#41) 
Additionally, added `staticcheck` for basic static code analysis (#44)

Co-authored-by: Christian Banse <oxisto@aybaze.com>
 2021-08-03 15:51:01 +02:00
Christian Banse 4bbdd8ac62
Prepare release 3.2.2 (#42) 2021-07-30 16:54:04 -04:00
Sebastiaan van Stijn 8e9d9ebf6f
Fix security vulnerability (#40) 
Fixes a security vulnerability where a jwt token could potentially be validated having invalid string characters.

(cherry picked from commit a211650c6ae1cff6d7347d3e24070d65dcfb1122)
https://github.com/form3tech-oss/jwt-go/pull/14

Co-Authored-By: Giorgos Lampadakis <82932062+giorgos-f3@users.noreply.github.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2021-07-30 22:27:54 +02:00