You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Create a new type JWT which includes both the jws.Header and jwt.Claims
Take in a full signed JWT as input
Run jwt.Verify()
Parse out the header and claims parts
Decode the base64 URL encoded header and claims
Return both the decoded header and claims
Motivation
Rather than having the developer first do this...
parts:=strings.Split(signedJwt, ".")
// todo error handlebase64UrlEncodedHeader:=parts[0]
base64UrlEncodedClaims:=parts[1]
...we may want to embed that in a function, as well as also executing a call to jwt.Verify(). I originally had the idea that we could create a function like this...
typeJWTstruct {
Header jws.HeaderClaims jwt.Claims
}
funcParseJWT(signedJwtstring) (JWT, error) {
verified, err:=jwt.Verify(signedJwt)
iferr!=nil {
// TODO handle error
}
if!verified {
// TODO handle error
}
parts:=strings.Split(signedJwt, ".")
iflen(parts) !=3 {
// TODO handle error
}
base64UrlEncodedHeader:=parts[0]
base64UrlEncodedClaims:=parts[1]
// TODO check if base64UrlEncodedHeader & base64UrlEncodedClaims are proper base64 URL encoded strings?header, err:=jws.DecodeJWSHeader(base64UrlEncodedHeader)
iferr!=nil {
// TODO handle error
}
claims, err:=jwt.DecodeJWTClaims(base64UrlEncodedClaims)
iferr!=nil {
// TODO handle error
}
returnJWT{Header: header, Claims: claims}, nil
}
The text was updated successfully, but these errors were encountered:
good idea @KendallWeihe ! i think we can have jwt.Parse return a ParsedJWT which is a struct that:
contains HeaderClaims and Signature fields
has a Verify() receiver method
we can also keep jwt.Verify as a conveniece which just calls internally Parse and then parsedJWT.Verify().
q4u: does Parse simply decode? or does it also check for things whether exp has passed? i vote for decode in which case might make the most sense to call it jwt.Decode
@mistermoe yeah I agree with all of that. Started fleshing it out here earlier, but there are implications with the jws package which relies on the string JWT... so I'm still thinking through how it'll fit together.
Originally from this PR
JWT
which includes both thejws.Header
andjwt.Claims
jwt.Verify()
Motivation
Rather than having the developer first do this...
...we may want to embed that in a function, as well as also executing a call to
jwt.Verify()
. I originally had the idea that we could create a function like this...The text was updated successfully, but these errors were encountered: