iris icon indicating copy to clipboard operation
iris copied to clipboard
verified publisher icon kataras

[BUG] Trailing comma in JWT's payload

Open my3rs opened this issue 11 months ago • 2 comments

Describe the bug There's a syntax issue in the JWT token's payload: it contains a trailing comma. Here's how the decoded payload appears:

{
  "iat": 1736252478,
  "exp": 1736252838,
  "iss": "NAME",
  "sub": "admin",
}

Expected behavior

Expected decoded payload:

{
  "iat": 1736252478,
  "exp": 1736252838,
  "iss": "NAME",
  "sub": "admin"
}

To Reproduce

type JWTService struct {
	signer        *jwt.Signer
	verifier      *jwt.Verifier
}

func newJWTService() *JWTService {
	private, public := jwt.MustLoadRSA(config.PrivateKey, config.PublicKey)

	return &JWTService{
		signer:        jwt.NewSigner(jwt.RS256, private, config.AccessTokenMaxAge),
		verifier:      jwt.NewVerifier(jwt.RS256, public),
	}
}

func (s *JWTService) GenerateTokenPair(user model.User) (jwt.TokenPair, error) {
	now := time.Now()

	// Create refresh claims with user ID as subject
	refreshClaims := jwt.Claims{
		Subject:  fmt.Sprintf("%s", user.Username),
		Issuer:   "NAME",
		IssuedAt: now.Unix(),
		Expiry:   now.Add(time.Second * s.config.RefreshTokenMaxAge).Unix(),
	}

	// Create access claims with user details
	accessClaims := jwt.Claims{
		Subject:  fmt.Sprintf("%s", user.Username),
		Issuer:   "NAME",
		IssuedAt: now.Unix(),
		Expiry:   now.Add(time.Second * s.config.AccessTokenMaxAge).Unix(),
	}

	tokenPair, err := s.signer.NewTokenPair(accessClaims, refreshClaims, s.config.RefreshTokenMaxAge)
	if err != nil {
		return jwt.TokenPair{}, err
	}

	fmt.Printf("access token: %s\n", tokenPair.AccessToken)

	return tokenPair, nil
}

iris.Version

  • v12.2.11

my3rs avatar Jan 07 '25 12:01 my3rs

Hello @my3rs, this shoul be fixed on the latest revisions, try to update with go get github.com/kataras/iris/v14@main.

kataras avatar Mar 30 '25 09:03 kataras

@kataras v14?

lightglitch avatar May 25 '25 00:05 lightglitch