jwt-go
Version HistoryParseUnverified
to allow users to split up the tasks of parsing and validationErrInvalidKeyType
instead of ErrInvalidKey
where appropriaterequest.ParseFromRequest
, which allows for an arbitrary list of modifiers to parsing behavior. Initial set include WithClaims
and WithParser
. Existing usage of this function will continue to work as before.ParseFromRequestWithClaims
to simplify API in the future.jwt
command line toolSkipClaimsValidation
option to Parser
[]byte
keys when using RSA signing methods. This convenience feature could contribute to security vulnerabilities involving mismatched key types with signing methods.ParseFromRequest
has been moved to request
subpackage and usage has changedClaims
property on Token
is now type Claims
instead of map[string]interface{}
. The default value is type MapClaims
, which is an alias to map[string]interface{}
. This makes it possible to use a custom type when decoding claims.Claims
interface type to allow users to decode the claims into a custom typeParseWithClaims
, which takes a third argument of type Claims
. Use this function instead of Parse
if you have a custom type you'd like to decode into.ParseFromRequest
, which is now in the request
subpackageParseFromRequestWithClaims
which is the FromRequest
equivalent of ParseWithClaims
Extractor
, which is used for extracting JWT strings from http requests. Used with ParseFromRequest
and ParseFromRequestWithClaims
.ValidationError
, which contains the raw error returned by calls made by parse/verify (such as those returned by keyfunc or json parser)This will likely be the last backwards compatible release before 3.0.0, excluding essential bug fixes.
-show
to the jwt
command that will just output the decoded token without verifyingParseRSAPublicKeyFromPEM
BEARER
json.Number
type instead of float64
when parsing token JSONnil
Keyfunc
being passed to Parse
. Result will now be the parsed token and an error, instead of a panic.Backwards compatible API change that was missed in 2.0.0.
SignedString
method on Token
now takes interface{}
instead of []byte
There were two major reasons for breaking backwards compatibility with this update. The first was a refactor required to expand the width of the RSA and HMAC-SHA signing implementations. There will likely be no required code changes to support this change.
The second update, while unfortunately requiring a small change in integration, is required to open up this library to other signing methods. Not all keys used for all signing methods have a single standard on-disk representation. Requiring []byte
as the type for all keys proved too limiting. Additionally, this implementation allows for pre-parsed tokens to be reused, which might matter in an application that parses a high volume of tokens with a small set of keys. Backwards compatibilty has been maintained for passing []byte
to the RSA signing methods, but they will also accept *rsa.PublicKey
and *rsa.PrivateKey
.
It is likely the only integration change required here will be to change func(t *jwt.Token) ([]byte, error)
to func(t *jwt.Token) (interface{}, error)
when calling Parse
.
SigningMethodHS256
is now *SigningMethodHMAC
instead of type struct
SigningMethodRS256
is now *SigningMethodRSA
instead of type struct
KeyFunc
now returns interface{}
instead of []byte
SigningMethod.Sign
now takes interface{}
instead of []byte
for the keySigningMethod.Verify
now takes interface{}
instead of []byte
for the keySigningMethodHS256
to SigningMethodHMAC
. Specific sizes are now just instances of this type.
SigningMethodHS256
SigningMethodHS384
SigningMethodHS512
SigningMethodRS256
to SigningMethodRSA
. Specific sizes are now just instances of this type.
SigningMethodRS256
SigningMethodRS384
SigningMethodRS512
ParseRSAPrivateKeyFromPEM
and ParseRSAPublicKeyFromPEM