jwt

jwt copied to clipboard

`GetID` in the `Claims` interface ?

2

Is there a special consideration for the absence of the `GetID()` function? https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.7 https://github.com/golang-jwt/jwt/blob/8aa5d6cef84fa859f10fed5db50bee48efc5f160/claims.go#L9-L16

zaakn

Add ID to Claims interface

1

This patch adds the `jti` claim to the `Claims` interface with a `GetID()` method. It also implements `GetID()` for both `MapClaims` and `RegisteredClaims`. This makes it easier to use the...

st3fan

Currently, `Keyfunc` expects to return an `interface{}` and `SignedString` expects a `interface{}` parameter. This often lead to confusing, what exactly these functions expect. We should therefore constrain the types of...

oxisto

Now with `v5` landed, we reduced quite some technical debt in the department of the verifier, but let's not stop there. This will serve as a meta-issue detailing the current...

oxisto

Instead of the generic crypto key types. This is done in the other parse functions as well. The code already does the type assertion.

twz123

Token.New example is for the wrong func

2

The example for Token.New() actually demonstrates Token.NewWithClaims(). It should be demonstrating Token.New(). It additionally demonstrates signing, which I guess is ok but it seems out of scope, given that the...

notrobpike

Hello dear community. Here is a sample code that demonstrates the issue: ```go package main_test import ( "fmt" "testing" "time" "github.com/golang-jwt/jwt/v5" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) func TestClaimsMarshalBasic(t *testing.T) { claims :=...

erudenko

Replace HMAC with ED25519 in examples

5

While HMAC remains relatively popular in some contexts, it's generally considered as insecure, especially in untrustworthy environments, as it's easy for the verifier to forge the JWT token. [OWASP](https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html#jwt), for...

G1gg1L3s

Adding canonical `Keyfunc` functions for RSA, ECDSA, EdDSA and HMAC

1

This PR adds ready-to-use keyfunc functions for the various signing methods. This should simplify a lot of standard use-cases and also includes a proper signing method check. This allows for...

oxisto

Support pkcs8 from Apple APNs

1

Hi, After spending a few hours on trying to import Apple Mapkit p8 file, which is pkcs8, i have stumbled on someones post here: https://github.com/dgrijalva/jwt-go/issues/179 It includes a working function...

conotto