Code Monkey home page Code Monkey logo

go-jwt-ed25519's People

Contributors

fossoreslp avatar

Stargazers

avatar

Watchers

avatar avatar

go-jwt-ed25519's Issues

Validate fails when Content is not compatible with map[string]interface{}

Validate() tries to check if exp or nbf are set by casting Content interface{} to map[string]interface{}.
This should work for any kind of struct but will fail for types like int, string and []byte.
These are valid JSON but cannot be handled by Validate() so please do not use those as the only payload of a JWT you plan to use with this package. Storing them in a JSON object works totally fine, it just takes a small bit of additional space.

I will fix this at some point but there's an easy workaround so it's not a high priority for me. Feel free to open a PR if you want to fix it.

creating a token with a struct will fail validation

When creating a token with a struct, the struct is serialized and rendered properly. It also looks good on tools like jwt.io. When the token is decoded, any calls to validate it fails.
sample token:

eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6IkFEQUlMR1ZZMlc0UEpBVFlPTUhBT0lZTlREVUNNVlRaT1pCSUlDNlJXNEZNUERCNkY3QjZHSjNQIn0.eyJVc2VyS2V5IjoiVUFLSVpZSks3M0cyU1U3U1JaNzY1TlBGVENWVE1PUU5ENFdIUkVFQjIzT0g2WkVZRDRBWUtOVVkiLCJTdWJBY2wiOlsiZm9vIl0sIlB1YkFjbCI6WyJmb28iXSwiTGltaXRzIjp7Im1wcyI6MH19.9urPSuMpMZeEL2FkhL2bWN9MWJ-m6-92OtFUDcuzzGNWSgbXtwzabTIml_wrP66UQbFdkD5rlkKklvGz4OgZCQ

Error validating the JWT token: hash does not match content

If the same struct is serialized as a JSON into a map[string]interface{}, the token can be decoded and validated correctly. The JSON representation of the token is not nice to read on jwt.io (and it is larger):

eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6IkFEQUlMR1ZZMlc0UEpBVFlPTUhBT0lZTlREVUNNVlRaT1pCSUlDNlJXNEZNUERCNkY3QjZHSjNQIn0.eyJuYXRzIjoie1xuICBcIlVzZXJLZXlcIjogXCJVQUtJWllKSzczRzJTVTdTUlo3NjVOUEZUQ1ZUTU9RTkQ0V0hSRUVCMjNPSDZaRVlENEFZS05VWVwiLFxuICBcIlN1YkFjbFwiOiBbXG4gICAgXCJmb29cIlxuICBdLFxuICBcIlB1YkFjbFwiOiBbXG4gICAgXCJmb29cIlxuICBdLFxuICBcIkxpbWl0c1wiOiB7XG4gICAgXCJtcHNcIjogMFxuICB9XG59In0.dQAxuUZ04NgMbhbeE7Q53TnjWZYv4S543V3jQPTWe0mFXWMalDELYvwV6FY93QQ4SGEnMiQTWIJPF5IN27XADA

but decodes correctly

ngsauth decode eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSIsImtpZCI6IkFEQUlMR1ZZMlc0UEpBVFlPTUhBT0lZTlREVUNNVlRaT1pCSUlDNlJXNEZNUERCNkY3QjZHSjNQIn0.eyJuYXRzIjoie1xuICBcIlVzZXJLZXlcIjogXCJVQUtJWllKSzczRzJTVTdTUlo3NjVOUEZUQ1ZUTU9RTkQ0V0hSRUVCMjNPSDZaRVlENEFZS05VWVwiLFxuICBcIlN1YkFjbFwiOiBbXG4gICAgXCJmb29cIlxuICBdLFxuICBcIlB1YkFjbFwiOiBbXG4gICAgXCJmb29cIlxuICBdLFxuICBcIkxpbWl0c1wiOiB7XG4gICAgXCJtcHNcIjogMFxuICB9XG59In0.dQAxuUZ04NgMbhbeE7Q53TnjWZYv4S543V3jQPTWe0mFXWMalDELYvwV6FY93QQ4SGEnMiQTWIJPF5IN27XADA
map[nats:{
  "UserKey": "UAKIZYJK73G2SU7SRZ765NPFTCVTMOQND4WHREEB23OH6ZEYD4AYKNUY",
  "SubAcl": [
    "foo"
  ],
  "PubAcl": [
    "foo"
  ],
  "Limits": {
    "mps": 0
  }
}]

Improve test coverage

This package has some basic tests to verify it's doing what it's supposed to do.

As of right now, they only cover 66% of the code in this package.
That is not really great for a security-focused package.

I'll try my best to improve it in the future but you might want to look into this yourself before using this package.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.