jwt icon indicating copy to clipboard operation
jwt copied to clipboard

Published 20 hours ago verified publisher icon golang-jwt

Keyfunc usage and token Parsing examples

Open lggomez opened this issue 4 years ago • 3 comments

Migrated from https://github.com/dgrijalva/jwt-go/issues/456

moloch-- commented on Feb 28

The https://pkg.go.dev/github.com/dgrijalva/jwt-go#Keyfunc does not specify what should be returned, it simply says "supply the key for verification." Should the function return the JSON key structure? A byte array of the base64 encoded public key? A byte array of the raw key material? A PEM encoded key? A parsed RSA Key?

The documentation should specify what is returned when, assuming different values should be returned for different signing mechanism.

The function signature is also documented as func(token *jwt.Token) ([]byte, error), however in practice it seems the function must be implemented as func(token *jwt.Token) (interface{}, error)

lggomez avatar Aug 03 '21 12:08 lggomez

moloch-- commented on Mar 3 •

For anyone that finds this, you want to return the parsed rsa.* key or ecsda.* key, not a []byte.

lggomez avatar Aug 03 '21 12:08 lggomez

Also see: https://github.com/dgrijalva/jwt-go/issues/452

lggomez avatar Aug 03 '21 12:08 lggomez

Also related: https://github.com/dgrijalva/jwt-go/issues/386

lggomez avatar Aug 03 '21 12:08 lggomez