Comments (6)
You should be fine as long as you follow some basic rules:
- Don't call modifying methods from multiple threads without synchronization
- Don't call const methods concurrently with any modifying methods
There are no global objects used by this library and create
, decode
and verify
return by value.
So the library on its own should be fine. However it uses OpenSSL under the hood which might not be fully thread safe. Most people I talked to and read on the internet said that the way I use it should be fine (i.e. all the verify and sign methods of algorithms should be thread safe) but I am yet to find a definitive answer in the OpenSSL docs.
The only real info I found on this is here, which means that it might be a problem.
I do run it in multithreaded code (in microservices to be precise) and I generally use a thread_local verifier just to be sure (however a single global one should be fine too) and did not have any problems with OpenSSL so far (however I might have just been lucky). I construct builders as needed because signing a token does not happen that often in my apps.
I hope this helps, if you have further questions feel free to ask.
from jwt-cpp.
Thanks for reply!
About Claims, i saw in "ClaimTest.cpp" a example to set array of int as claim on payload. It would be common to have different type of data inside array? Ex an integer, a string, a bool , etc.
from jwt-cpp.
The constructor used in the example is templated on the iterator type and supports
- std::string
- int64_t
- double
- picojson::array
- picojson::object
However if you need more control over the structure, you have to build a picojson::value yourself.
You can then pass picojson::value to the claim constructor.
from jwt-cpp.
Hi Thalhammer
Thanks for reply!
I am building my application and i have another question. When i have a token with claim of number type and i want to verify as example:
double c = 10.55; picojson::value val(c); auto verify = jwt::verify() .allow_algorithm(jwt::algorithm::none{}) .with_issuer("auth0") .with_claim("myclaim", jwt::claim(val);
The verify method don't check the number type and and throws the exception( token_verification_exception("internal error")). Also missing for boolean.
For my application, I added the check.
else if (c.get_type() == claim::type::number) { if (c.as_number() != jc.as_number()) throw token_verification_exception("claim " + key + " does not match expected"); }
... and others...
Is there any reason why this check was not done there? May I make to pull request?
Thanks!
Best regards.
from jwt-cpp.
No this indeed looks like an oversight on my part. Feel free to make a PR.
Note however that you can not safely use operator != for double (or float).
from jwt-cpp.
Closing due to inactivity
from jwt-cpp.
Related Issues (20)
- Create a test for the undefined sanitizer
- HMAC key should be an array of bytes, not a character string HOT 9
- x86/Win32 compilation and using boost json HOT 2
- Private Key Signing vs Signing from Service Account file HOT 5
- undefined reference error in compiling HOT 9
- what secret format should i use for HS512 algorithm HOT 1
- Release status of 0.7.0-rc.0 HOT 3
- Guide to Setting Up jwt-cpp? HOT 4
- Building example: no matching function for call to ‘decode(std::string&)’ HOT 1
- Compilation error: no matching function for call to ‘decode(std::string&)’ HOT 2
- Build Errors For picojson.h? HOT 8
- Getting Error - namespace "jwt" has no member "claims" HOT 6
- Unable to generate token using ed25519 HOT 2
- Use of Builder explicitly
- Need help : How to Implement JWT Operations from Python Using jwt-cpp ? HOT 5
- How to use payload and get the payload data HOT 7
- Boost JSON traits kind of buggy HOT 5
- How to verify a jwt HOT 3
- Invalid input: not within alphabet HOT 6
- Locking in libcrypto in multi threaded app HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jwt-cpp.