1. 08 Mar, 2018 14 commits
  2. 19 Oct, 2017 1 commit
  3. 03 Jul, 2017 1 commit
  4. 28 Jun, 2017 1 commit
    • Geert Vanderkelen's avatar
      Handle ValidationError returned by keyFunc in jwt.ParseWithClaims · cb914dd5
      Geert Vanderkelen authored
      Previously, returning a `jwt.ValidationError` from `jwt.Parse()` or
      `jwt.ParseWithClaims()` would result values the error to be
      ignored.
      For example, when testing the signature while parsing the token, it
      was not possible to return `jwt.ValidationErrorSignatureInvalid`.
      The documentation shows an example for returning an `errors.Error`,
      but this is not enough.
      
      We change the `jwt.ParseWithClaims()`-function and check whether the
      returned error from the `KeyFunc` is already a
      `jwt.ValidationError`-type and return as-is.
      
      This allows us to do the following:
      
        token, err := jwt.ParseWithClaims(authToken, claims, func(token
          *jwt.Token) (interface{}, error) {
          if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
              vErr := new(jwt.ValidationError)
              vErr.Errors = jwt.ValidationErrorSignatureInvalid
              vErr.Inner = fmt.Errorf("invalid signature")
              return nil, vErr
          }
          return []byte(MySecret), nil
        })
      
      The idea is to then be able to check the `Errors`-member:
      
        } else if ve.Errors&jwt.ValidationErrorSignatureInvalid != 0 {
          return fmt.Errorf("Authentication Token has invalid signature")
        }
      cb914dd5
  5. 08 Jun, 2017 2 commits
  6. 08 May, 2017 1 commit
  7. 01 Apr, 2017 1 commit
    • Yuri's avatar
      A better error msg · c1d75b01
      Yuri authored
      Change ErrInvalidKey to ErrInvalidKeyType
      c1d75b01
  8. 16 Mar, 2017 1 commit
  9. 01 Feb, 2017 3 commits
  10. 31 Jan, 2017 1 commit
  11. 04 Jan, 2017 2 commits
  12. 21 Nov, 2016 1 commit
  13. 03 Nov, 2016 1 commit
  14. 01 Nov, 2016 2 commits
  15. 14 Sep, 2016 2 commits
    • zimbatm's avatar
      ParseUnverified: add tests · f46fb7ef
      zimbatm authored
      f46fb7ef
    • zimbatm's avatar
      Introduce (*Parser).ParseUnverified · bf316c48
      zimbatm authored
      This is not something users of this library would commonly use but I'm
      hitting a case where I still want to transmit the values contained
      inside of the token trough the system, after it's been verified by the
      frontend.
      
      In that case it would be easier just to transmit the token around and be
      able to parse the values within, without having to verify the signature.
      The backend services also don't have access to the user secrets to
      validate the signature.
      bf316c48
  16. 31 Aug, 2016 1 commit
  17. 27 Aug, 2016 1 commit
  18. 29 Jul, 2016 1 commit
  19. 20 Jul, 2016 1 commit
  20. 05 Jul, 2016 1 commit
  21. 21 Jun, 2016 1 commit