dgrijalva / jwt-go

ARCHIVE - Golang implementation of JSON Web Tokens (JWT). This project is now maintained at:
https://github.com/golang-jwt/jwt
MIT License
10.79k stars 995 forks source link

[Documentation] Keyfunc #456

Open moloch-- opened 3 years ago

moloch-- commented 3 years ago

The https://pkg.go.dev/github.com/dgrijalva/jwt-go#Keyfunc does not specify what should be returned, it simply says "supply the key for verification." Should the function return the JSON key structure? A byte array of the base64 encoded public key? A byte array of the raw key material? A PEM encoded key? A parsed RSA Key?

The documentation should specify what is returned when, assuming different values should be returned for different signing mechanism.

The function signature is also documented as func(token *jwt.Token) ([]byte, error), however in practice it seems the function must be implemented as func(token *jwt.Token) (interface{}, error)

moloch-- commented 3 years ago

For anyone that finds this, you want to return the parsed rsa.* key or ecsda.* key, not a []byte.