git-gateway icon indicating copy to clipboard operation
git-gateway copied to clipboard

Published 20 hours ago verified publisher icon netlify

Cannot unmarshal array into Go struct field GatewayClaims.aud of type string

Open vnugent opened this issue 2 years ago • 0 comments

- Do you want to request a feature or report a bug? Bug

- What is the current behavior?

git-gateway can't handle Auth0 token with audience formatted as array.

Auth0 JWT:

{
  "iss": "...",
  "sub": " ...",
  "aud": [
    "https://git-gateway" <-- array
   ],
  ...
}

git-gateway returns:  {"code":401,"msg":"Invalid token: json: cannot unmarshal array into Go struct field GatewayClaims.aud of type string"}

- If the current behavior is a bug, please provide the steps to reproduce.

  1. Go to jwt.io and generate a new token.
  2. Change aud in the payload from a string to an array. Ex:

From

 "aud": "https://git-gateway"

to

"aud": [
    "https://git-gateway"
   ],

- What is the expected behavior? git-gateway can handle audience as an array

- Please mention your Go version, and operating system version. Running in a container built with the included Dockerfile.

Edit: it is a known issue the jwt library: https://github.com/dgrijalva/jwt-go/pull/308

https://github.com/netlify/git-gateway/blob/4988d0282ed19a4f9ee8d14c88373838a6c4666b/api/auth.go#L40

Update: I have made a fix. Upgrading jwt library to the latest. PR to come.

vnugent avatar Aug 27 '21 12:08 vnugent