jwt icon indicating copy to clipboard operation
jwt copied to clipboard

Published 20 hours ago verified publisher icon golang-jwt

Bring over ValidationHelper functionality from v4 branch

Open oxisto opened this issue 4 years ago • 9 comments
trafficstars

The v4 branch has a nice validation helper struct which combines a lot of the functionality of the Validate functions. It might be nice to re-implement that and slowly move existing functionality to it.

This would include things that have been on the wishlist in other forks, such as having leeway when validating timestamps (see https://github.com/form3tech-oss/jwt-go/pull/12).

oxisto avatar May 28 '21 13:05 oxisto

I was wondering about the implementation of the leeway: Why does the incorporation of leeway depend on the validating server instead of the authorizing client? To me, it seems like it would be cleaner for the JWT to be the source of truth, with leeway built into the iat/exp

mcquackers avatar Oct 01 '21 17:10 mcquackers

Just ran into the "token used before issued" error today for the first time, after things had been working fine previously.

The discussion at https://github.com/golang-jwt/jwt/issues/98 referenced this issue. Are there any plans to implement it and disregard the pre-IAT check?

dgurns avatar Oct 13 '21 10:10 dgurns

Just ran into the "token used before issued" error today for the first time, after things had been working fine previously.

The discussion at #98 referenced this issue. Are there any plans to implement it and disregard the pre-IAT check?

In a world with infinite time, yes :) Currently I am waiting for https://github.com/golang-jwt/jwt/pull/108 to be merged. This one will be next.

oxisto avatar Oct 13 '21 11:10 oxisto

Awesome, appreciate your work!

dgurns avatar Oct 15 '21 13:10 dgurns

Currently I am waiting for #108 to be merged.

it's been merged 👀 :)

miparnisari avatar Nov 20 '21 21:11 miparnisari

I had a quick look yesterday and I am not sure if we can port this over in a backwards compatible manner, since the interface of Claims needs to be changed. Especially the Valid function needs to have an additional parameter for the ValidationHelper. I guess I will first focus on the functionality and then see whether we can port this to v4 or if this will then introduce a v5 branch with breaking changes.

oxisto avatar Nov 21 '21 09:11 oxisto

This is something we relied on from the old library as we ran on the preview version and would help us move to adopt this port.

ksegun avatar Dec 06 '21 16:12 ksegun

Yes, we also rely in this functionality from the old library :)

@oxisto , regarding your statement below:

I guess I will first focus on the functionality and then see whether we can port this to v4 or if this will then introduce a v5 branch with breaking changes.

So, what are the intended functionality that are targeted in v4.x?

arinto avatar Dec 10 '21 09:12 arinto

Please see https://github.com/golang-jwt/jwt/discussions/211 for an ongoing discussion how to proceed.

oxisto avatar May 28 '22 20:05 oxisto

Fixed by #234

oxisto avatar Feb 21 '23 18:02 oxisto