search

golang-jwt / jwt

Go implementation of JSON Web Tokens (JWT).
https://golang-jwt.github.io/jwt/
MIT License
7.22k stars 347 forks source link

Keyfunc usage and token Parsing examples #58

Open lggomez opened 3 years ago

lggomez commented 3 years ago

Migrated from https://github.com/dgrijalva/jwt-go/issues/456

moloch-- commented on Feb 28

The https://pkg.go.dev/github.com/dgrijalva/jwt-go#Keyfunc does not specify what should be returned, it simply says "supply the key for verification." Should the function return the JSON key structure? A byte array of the base64 encoded public key? A byte array of the raw key material? A PEM encoded key? A parsed RSA Key?

The documentation should specify what is returned when, assuming different values should be returned for different signing mechanism.

The function signature is also documented as func(token jwt.Token) ([]byte, error), however in practice it seems the function must be implemented as func(token jwt.Token) (interface{}, error)

lggomez commented 3 years ago

moloch-- commented on Mar 3 •

For anyone that finds this, you want to return the parsed rsa. key or ecsda. key, not a []byte.

lggomez commented 3 years ago

Also see: https://github.com/dgrijalva/jwt-go/issues/452

lggomez commented 3 years ago

Also related: https://github.com/dgrijalva/jwt-go/issues/386