Comments (4)
seh
commented on August 15, 2024
You can use jwtutil.Resolver for this purpose. Pass a Resolver value to the jwt.Verify function as the second "alg" parameter, as Resolver satisfies the Algorithm interface. This assumes that the reason you want the "kid" field value is to look up a key with which to verify the token's signature.
There was some previous discussion in #23 and, more recently for the current interface in #30 (comment). It's an odd design, difficult to discover on your own, but I can confirm that it does work if your goal is to look up a key by its ID.
from jwt.
pf512
commented on August 15, 2024
Thank you! Solved my issue.
We also store custom data in our payload that we use prior to verification. The previous 3.0 beta we used allowed us to get the payload. Is there a way to still get the payload without verifying the token?
from jwt.
gbrlsnchs
commented on August 15, 2024
Sorry, all this oddity is due to the design decision of not allowing to decode the JWT without also verifying it. It might be possible to export the functions that parse header and payload, though.
from jwt.
gbrlsnchs
commented on August 15, 2024
I decided not to allow checking the payload without verifying the whole token. The intention is to make a safer API, although boring. You can always Base64 decode the raw incoming token to get whatever information you need, at your own risk. I advise against trusting information of unverified tokens.
from jwt.
Related Issues (20)
- Invalid JWT token HOT 3
- What the difference from that? HOT 1
- What's the difference between verifying and validating? HOT 2
- Support ed25519 in go 1.13
- Documentation seems to be outdated or modules not working as expected HOT 1
- Create template for issues and PRs HOT 1
- golang.org/x/xerrors removal HOT 1
- Issue with verificiation of JWT tokens HOT 1
- Example HOT 3
- Can I use map[string]interface{} in place of the CustomPayload? HOT 2
- Why not release V3.0 ? HOT 2
- Default Check ExpirationTime HOT 1
- Extract claims without jwt verification HOT 2
- Unable to install this package HOT 5
- jwt: malformed token HOT 4
- jwt.ValidateHeader possible bug with ed25519 / EdDSA headers HOT 1
- Will `sub` support other types? For example, int/map... HOT 1
- Providing functions for parsing JWK from a File or URL HOT 1
- Parsing token and getting payload HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jwt.