Comments (5)
arawden
commented on May 18, 2024
I was unable to reproduce this issue this morning, so feel free to close this.
from go-jwt-middleware.
grounded042
commented on May 18, 2024
Hey @arawden. This sounds similar to #72. Any chance that issue gives any insight into the one you are having?
from go-jwt-middleware.
arawden
commented on May 18, 2024
Hey @grounded042, it definitely looks to be equivalent.
To expand a little bit, I have an integration test which creates a token and then tries to make a request to an endpoint wrapped with the AuthedEndpoint middleware I posted. I've checked the token that gets passed to the endpoint in the jwt.io decoder, and it looks fine to me. It is the same token, roughly, as the one passed from my frontend, except it is missing the userinfo audience (I assume because the token is generated programatically), so there's only the string and no array.
With that said, I get similar behavior. If i catch the error on the token, err := jwt.ParseWithClaims(tokenString, &CustomClaims{}, func(token *jwt.Token) (interface{}, error), I get the error specified in the original bug report. As a result, when the ParseWithClaims call returns, the token struct's Valid field is set to false.
In total, both my integration tests and requests from my frontend to the endpoint wrapped with the middleware fail. In the first case, the token is considered not valid (if ok && token.Valid { fails, however the audience is fine because it is not an array), and in the second case, the CheckJWT call in the AuthedEndpoint middleware fails because the audience cannot be verified
I see there is a solution which involves converting the types in the call to VerifyAudience, however, I believe this solution would not work for me because I would need to implement a similar solution to the ParseWithClaims function.
I also see that @aaronprice00 posted a modified version of the go-jwt-middleware, however, given that my project is not dependent on authorization to move forward, I'm happy to wait for a more permanent solution.
Please let me know if you need any further information for this ticket, and I'll keep an eye on the issue you linked and try to contribute there if I can.
from go-jwt-middleware.
grounded042
commented on May 18, 2024
Thanks @arawden. I just dropped a comment over in #72 if you could take a look when you get a chance: #72 (comment)
from go-jwt-middleware.
sergiught
commented on May 18, 2024
We just released the v2.0.0-beta 🥳 !
You can start testing it by running go get github.com/auth0/go-jwt-middleware/[email protected].
In case of issues fetching the v2 you might want to try go clean --modcache first before doing go get.
I'm closing this issue as now this is part of v2, but feel free to reopen if needed.
from go-jwt-middleware.
Related Issues (20)
- Token used before issued
- Failed to get decoded token using Go fiber HOT 1
- provide a gin gonic example HOT 2
- Missing cookie causes CookieTokenExtractor to return error HOT 7
- Custom `ValidateWithLeeway` in #176 Introduced Breaking Changes to Token Validation HOT 3
- Allow middleware to be used in a gRPC environment HOT 7
- Cannot import internal oidc package HOT 1
- An error occured while validating JWT: jwt invalid: error getting the keys from the key func: could not get well known endpoints from url https:///.well-known/openid-configuration: Get "https:///.well-known/openid-configuration": http: no Host in request URL HOT 3
- Improve performance of JWKS Caching Provider HOT 4
- Support validate multiple issuers HOT 1
- Example for IRIS Framework
- Allow custom http Client to be used by the JWKS Provider HOT 2
- issue with token validator HOT 4
- Audience Check Should Not Be Mandatory HOT 4
- v2.1.0 Diversions from JOSE By validating audiences when none expected HOT 4
- validationKeyGetter - can not use dgrijalva as form3tech-oss Keyfunc value in struct literal HOT 1
- issue with token validator
- go-jose v2 is deprecated, should be upgraded to v3 HOT 2
- Examples do not work. jwtmiddleware missing in v2.2.0 HOT 2
- Support for Gin HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go-jwt-middleware.