search

golang-jwt / jwt

Go implementation of JSON Web Tokens (JWT).
https://golang-jwt.github.io/jwt/
MIT License
6.98k stars 335 forks source link

SigningString produces a string without a signature #359

Closed vault-thirteen closed 10 months ago

vault-thirteen commented 10 months ago

The SigningString method produces a string without a signature. A simple example is following.

import (
    "github.com/golang-jwt/jwt/v5"
)

const (
    WebTokenField_UserId    = "userId"
    WebTokenField_SessionId = "sessionId"
)

func (srv *Server) makeJWToken(userId uint, sessionId uint) (tokenString string, err error) {
    signingMethod := jwt.SigningMethodPS512

    claims := jwt.MapClaims{
        WebTokenField_UserId:    userId,
        WebTokenField_SessionId: sessionId,
    }

    token := jwt.NewWithClaims(signingMethod, claims, nil)

    tokenString, err = token.SigningString()
    if err != nil {
        return "", err
    }

    return tokenString, nil
}

When I use the function with arguments 2 and 2 like this 

tokenString, err = srv.makeJWToken(2, 2)

it returns a following token string consisting of only two segments instead of three:

eyJhbGciOiJQUzUxMiIsInR5cCI6IkpXVCJ9.eyJzZXNzaW9uSWQiOjIsInVzZXJJZCI6Mn0.

Where is the signature ? What am I doing wrong ?

Thank you.

mfridman commented 10 months ago

Most users don't need this method, instead use SignedString()

https://github.com/golang-jwt/jwt/blob/0cb4fa15e31b969784c7133f6b3a6dc65508cdbd/token.go#L58-L63

vault-thirteen commented 10 months ago

Thank you !