Assymmetric key validation should have to use private key file

[JamesPiggott]

I am trying to implement an asymmetric validation middleware that uses RS256. In theory this should only need the public key to verify the JWT, but not including the private key does not work. I do not want to include the private key with the project. Below is my implementation. ` authMiddleware, _ := app.New(&app.GinJWTMiddleware {

	Realm:            "zone",
	SigningAlgorithm: "RS256",
	PrivKeyFile:      "keys/jwtRS256.key",
	PubKeyFile:       "keys/jwtRS256.key.pub",

	PayloadFunc: func(data interface{}) app.MapClaims {
		if v, ok := data.(*JWTToken); ok {
			return app.MapClaims{
				userName: v.UserName,
			}
		}
		return app.MapClaims{}
	},

	IdentityHandler: func(c *gin.Context) interface{} {
		claims := app.ExtractClaims(c)
		return &JWTToken{
			UserName:  claims[userName].(string),
			TokenType: claims[tokenType].(string),
		}
	},

	Authorizator: func(data interface{}, c *gin.Context) bool {
		if v, ok := data.(*JWTToken); ok && v.UserName == "admin" {
			return true
		}

		return false
	},

	Unauthorized: func(c *gin.Context, code int, message string) {
		c.JSON(code, gin.H{
			"code":    code,
			"message": message,
		})
	},

	TokenLookup:   "header: Authorization, query: token, cookie: jwt",
	TokenHeadName: "Bearer",
	TimeFunc:      time.Now,
})`

[aesadde]

@JamesPiggott I've been trying to do the same. No need to use private key if the service only needs to extract claims and validate the token.

For now I've resorted to my own solution but it would be nice to have the option here as well.

[DanielKrolopp]

I have the same issue. I've found that including a dummy private key works---as long as it is a valid key (ie: all '0's doesn't work). I just generated a random one from here: https://travistidwell.com/jsencrypt/demo/ and included it with my project as a placeholder until this bug is resolved.