Comments (11)
I will try your suggestion above - thanks.
from jwt.
@cristaloleg thanks for the fix, it is not very intuitive for an optional header but it does work!
from jwt.
Hey, sorry for the trouble. That's an interesting case.
Can you clarify why your tokens don't have 'typ:"JWT"' ? (or another value if any)
Also https://datatracker.ietf.org/doc/html/rfc7519#section-5.1
from jwt.
Hi @cristaloleg The "typ" field in a JSON Web Token (JWT) is an optional field. According to the JWT specification (RFC 7519), it's used to specify the token type. However, it's not required, and many JWT implementations don't include it. So, maybe we should check the type only when it exists?
from jwt.
Yeah, that's another solution that came to my mind.
However, it looks very unintuitive 'cause sometimes it does a check and sometimes not.
from jwt.
Right now I see this as the simplest fix:
token, err := jwt.Parse(...) // or any other parse function from jwt
if err != nil {
if !errors.Is(err, jwt.ErrNotJWTType) {
// bad token data or bad signature or ...
}
// proper token BUT 'typ' field is not 'JWT'
}
from jwt.
Hi, I do not own the service that provides the token but as far as I can see the header only contains alg
and kid
.
from jwt.
Again, sorry for the trouble. I hope it didn't end up as an emergency.
Please confirm if the solution above works for you. If so, I will document that. Thanks!
from jwt.
Hi, unfortunately your suggestion does not work because the token is coming back as nil
?
from jwt.
Ah, indeed, can you check this PR #148 ?
from jwt.
New minor version https://github.com/cristalhq/jwt/releases/tag/v5.3.0
from jwt.
Related Issues (20)
- docs: example code: token.Bytes undefined HOT 3
- Key size check in getHashRS() in algo_rs.go is invalid HOT 4
- The jwt format is incorrect and panic directly HOT 13
- Add clear warnings for HS256 secret length HOT 6
- JWK Set jwt.Verifier implementation HOT 7
- Crypto Go :we are a research group to help developers build secure applications. HOT 3
- IsValidAt with CustomClaims ? HOT 3
- Document Parse & ErrNotJWTType relation in GUIDE.md
- Rewrite fuzzing test with a new Go fuzzer from Go 1.19
- Add PASETO note in README
- Add Parsing tests
- Go Version Inconsistency HOT 2
- Where should I give the secret on validation? HOT 8
- Optimisation causing incorrect header to encode HOT 3
- v2 preparations HOT 3
- Slow Sign HOT 18
- Cannot find package "github.com/cristalhq/jwt/v3" HOT 3
- KeyID support for RFC7517 HOT 1
- Error in readme -> Parse and verify token exemple HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jwt.