search

golang-jwt / jwt

Go implementation of JSON Web Tokens (JWT).
https://golang-jwt.github.io/jwt/
MIT License
7k stars 337 forks source link

modify header claims #238

Closed alzrck closed 2 years ago

alzrck commented 2 years ago

Hello, im trying jwt-go and found no way to modify header claims. Is there a way that im missing or i need to modify the code to accept it?

If you dont mind i can provide the diff after the change.

thanks in advance, BR

alzrck commented 2 years ago

sorry, my mistake on last note, deleted to avoid confusion.

mfridman commented 2 years ago

What is the header you're referring to, any chance you can share some code snippet or link so we can better understand?

The smallest reproducible example would help us here..

alzrck commented 2 years ago

for sure. im working with something called stir and shaken (specs: atis100082, atis100074, atis 100085 and the rfc's referenced from those documents, 8224, 8225,8226,7519, and others) One thing stir and shaken does is to use the ability to extend the passport token (a jwt) and this extension (at least part of it) is done in the Header. This is an example of this header for non-diverted call scenarios (atis100082)

{ "alg": "ES256", "typ": "passport", "ppt": "shaken", "x5u": "https://cert.example.org/passport.crt"}

for diverted/re routed calls (atis100085) header is

{"alg":"ES256","ppt":"div","typ":"passport","x5u":"https://cert.example2.net/passport.cer"} So had the need to put extra headers manually, i modified the token.go to create a new method to allow this (maybe is not the better way but it works :) )

func NewWithClaimsAndHeaders(method SigningMethod, claims Claims, headers map[string]interface{}) *Token {
    customHeader := make(map[string]interface{})
    customHeader["typ"] = "JWT"
    customHeader["alg"] = method.Alg()

    for k, v := range headers {
        if k != "alg" {
            customHeader[k] = v
        }
    }
    return &Token{
        Header: customHeader,
        Claims: claims,
        Method: method,
    }
}

BR

oxisto commented 2 years ago

You can just use jwt.NewWithClaims to retrieve a Token object and just modify the Header of it before signing it with SignedString.

You can see an example here https://github.com/oxisto/oauth2go/blob/b135c891f36ea062cb72a9f8d34a7900e0bf3783/server_test.go#L61-L66

alzrck commented 2 years ago

great!! thanks, that helped.