fossoreslp / go-jwt-ed25519 Goto Github PK
View Code? Open in Web Editor NEWA very basic GO implementation of JWT using ed25519
License: Boost Software License 1.0
A very basic GO implementation of JWT using ed25519
License: Boost Software License 1.0
Validate()
tries to check if exp
or nbf
are set by casting Content interface{}
to map[string]interface{}
.
This should work for any kind of struct
but will fail for types like int
, string
and []byte
.
These are valid JSON but cannot be handled by Validate()
so please do not use those as the only payload of a JWT you plan to use with this package. Storing them in a JSON object works totally fine, it just takes a small bit of additional space.
I will fix this at some point but there's an easy workaround so it's not a high priority for me. Feel free to open a PR if you want to fix it.
When creating a token with a struct, the struct is serialized and rendered properly. It also looks good on tools like jwt.io. When the token is decoded, any calls to validate it fails.
sample token:
eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6IkFEQUlMR1ZZMlc0UEpBVFlPTUhBT0lZTlREVUNNVlRaT1pCSUlDNlJXNEZNUERCNkY3QjZHSjNQIn0.eyJVc2VyS2V5IjoiVUFLSVpZSks3M0cyU1U3U1JaNzY1TlBGVENWVE1PUU5ENFdIUkVFQjIzT0g2WkVZRDRBWUtOVVkiLCJTdWJBY2wiOlsiZm9vIl0sIlB1YkFjbCI6WyJmb28iXSwiTGltaXRzIjp7Im1wcyI6MH19.9urPSuMpMZeEL2FkhL2bWN9MWJ-m6-92OtFUDcuzzGNWSgbXtwzabTIml_wrP66UQbFdkD5rlkKklvGz4OgZCQ
Error validating the JWT token: hash does not match content
If the same struct is serialized as a JSON into a map[string]interface{}, the token can be decoded and validated correctly. The JSON representation of the token is not nice to read on jwt.io (and it is larger):
eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6IkFEQUlMR1ZZMlc0UEpBVFlPTUhBT0lZTlREVUNNVlRaT1pCSUlDNlJXNEZNUERCNkY3QjZHSjNQIn0.eyJuYXRzIjoie1xuICBcIlVzZXJLZXlcIjogXCJVQUtJWllKSzczRzJTVTdTUlo3NjVOUEZUQ1ZUTU9RTkQ0V0hSRUVCMjNPSDZaRVlENEFZS05VWVwiLFxuICBcIlN1YkFjbFwiOiBbXG4gICAgXCJmb29cIlxuICBdLFxuICBcIlB1YkFjbFwiOiBbXG4gICAgXCJmb29cIlxuICBdLFxuICBcIkxpbWl0c1wiOiB7XG4gICAgXCJtcHNcIjogMFxuICB9XG59In0.dQAxuUZ04NgMbhbeE7Q53TnjWZYv4S543V3jQPTWe0mFXWMalDELYvwV6FY93QQ4SGEnMiQTWIJPF5IN27XADA
but decodes correctly
ngsauth decode eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6IkFEQUlMR1ZZMlc0UEpBVFlPTUhBT0lZTlREVUNNVlRaT1pCSUlDNlJXNEZNUERCNkY3QjZHSjNQIn0.eyJuYXRzIjoie1xuICBcIlVzZXJLZXlcIjogXCJVQUtJWllKSzczRzJTVTdTUlo3NjVOUEZUQ1ZUTU9RTkQ0V0hSRUVCMjNPSDZaRVlENEFZS05VWVwiLFxuICBcIlN1YkFjbFwiOiBbXG4gICAgXCJmb29cIlxuICBdLFxuICBcIlB1YkFjbFwiOiBbXG4gICAgXCJmb29cIlxuICBdLFxuICBcIkxpbWl0c1wiOiB7XG4gICAgXCJtcHNcIjogMFxuICB9XG59In0.dQAxuUZ04NgMbhbeE7Q53TnjWZYv4S543V3jQPTWe0mFXWMalDELYvwV6FY93QQ4SGEnMiQTWIJPF5IN27XADA
map[nats:{
"UserKey": "UAKIZYJK73G2SU7SRZ765NPFTCVTMOQND4WHREEB23OH6ZEYD4AYKNUY",
"SubAcl": [
"foo"
],
"PubAcl": [
"foo"
],
"Limits": {
"mps": 0
}
}]
This package has some basic tests to verify it's doing what it's supposed to do.
As of right now, they only cover 66% of the code in this package.
That is not really great for a security-focused package.
I'll try my best to improve it in the future but you might want to look into this yourself before using this package.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.