Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

enable jwt.ParsePublicKeyFromPEM to parse PKCS1 Public Key #120

Merged
merged 46 commits into from
Apr 17, 2023
Merged

enable jwt.ParsePublicKeyFromPEM to parse PKCS1 Public Key #120

merged 46 commits into from
Apr 17, 2023

Commits on Nov 6, 2021

  1. Parse PKCS1 or PKCS8 public key 

    Resolves golang-jwt#119
    @twocs
    twocs committed Nov 6, 2021
    Configuration menu
    Copy the full SHA
    810825e View commit details
    Browse the repository at this point in the history

  2. Add test for parsing PKCS1 Public Key

    Tom Anderson committed Nov 6, 2021
    Configuration menu
    Copy the full SHA
    38ebe4b View commit details
    Browse the repository at this point in the history

  3. Parsing PKCS1 Public Key

    Tom Anderson committed Nov 6, 2021
    Configuration menu
    Copy the full SHA
    6296976 View commit details
    Browse the repository at this point in the history

  4. Ensure passing unit tests

    Tom Anderson committed Nov 6, 2021
    Configuration menu
    Copy the full SHA
    327371d View commit details
    Browse the repository at this point in the history

Commits on Mar 29, 2023

  1. Revert Encoding/Decoding changes for better compatibility (golang-jwt… 

    …#117)
    @ajermaky @oxisto
    ajermaky authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    a8b39b0 View commit details
    Browse the repository at this point in the history

  2. Allow none algorithm in jwt command (golang-jwt#121)

    @AlexanderYastrebov @oxisto
    AlexanderYastrebov authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    d2c1236 View commit details
    Browse the repository at this point in the history

  3. Unwrap for ValidationError (golang-jwt#125)

    @kdeberk @oxisto
    kdeberk authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    7cda0ca View commit details
    Browse the repository at this point in the history

  4. cmd: list supported algorithms (-alg flag) (golang-jwt#123)

    @AlexanderYastrebov @oxisto
    AlexanderYastrebov authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    1680a87 View commit details
    Browse the repository at this point in the history

  5. golang-jwt#129: Added VerifyIssuer method to RegisteredClaims (golang… 

    …-jwt#130)
    @tfonfara @oxisto
    tfonfara authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    0d1fcaa View commit details
    Browse the repository at this point in the history

  6. use errors.Is for extractor errors (golang-jwt#141)

    @stefantds @oxisto
    stefantds authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    682e394 View commit details
    Browse the repository at this point in the history

  7. Implementing Is(err) bool to support Go 1.13 style error checking (g… 

    …olang-jwt#136)
    @oxisto
    oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    e8aec33 View commit details
    Browse the repository at this point in the history

  8. remove unnecessary for loop in token signing string for readability (g… 

    …olang-jwt#34)

* remove unnecessary for loop in token signing string for readability

 - add testcase
 - add benchmark
 - improve performance slightly

* Fix benchtests on token_test.go

* Update token_test.go to v4

Co-authored-by: hyeonjae <hyeonjae@ip-192-168-1-3.ap-northeast-2.compute.internal>
Co-authored-by: Luis Gabriel Gomez <lggomez@users.noreply.github.com>
    @hyeonjae @lggomez @oxisto
    3 people authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    8f8aa33 View commit details
    Browse the repository at this point in the history

  9. updated README.md to contain more extensions (golang-jwt#155) 

    * updated README.md to contain more extensions

* Update README.md

Co-authored-by: Luis Gabriel Gomez <lggomez@users.noreply.github.com>

Co-authored-by: Luis Gabriel Gomez <lggomez@users.noreply.github.com>
    @lggomez @oxisto
    2 people authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    112e1d4 View commit details
    Browse the repository at this point in the history

  10. Add JWT logo image attribution (golang-jwt#161)

    @mfridman @oxisto
    mfridman authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    ab7eab6 View commit details
    Browse the repository at this point in the history

  11. fix: fixed typo detect by cSpell (golang-jwt#164)

    @giautm @oxisto
    giautm authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    661e258 View commit details
    Browse the repository at this point in the history

  12. Set json encoding precision (golang-jwt#162)

    @mfridman @oxisto
    mfridman authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    0f99f76 View commit details
    Browse the repository at this point in the history

  13. fix: expired token error message (golang-jwt#165)

    @ydylla @oxisto
    ydylla authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    92549f2 View commit details
    Browse the repository at this point in the history

  14. feat: port clockskew support (golang-jwt#139) 

    Co-authored-by: Kolawole Segun <Kolawole.Segun@kyndryl.com>
Co-authored-by: Christian Banse <oxisto@aybaze.com>
    @ksegun @oxisto
    3 people committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    42eb419 View commit details
    Browse the repository at this point in the history

  15. Add go1.18 to ci pipeline (golang-jwt#173)

    @mfridman @oxisto
    mfridman authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    11636c8 View commit details
    Browse the repository at this point in the history

  16. Revert "feat: port clockskew support (golang-jwt#139)" (golang-jwt#184) 

    This reverts commit d489c99.
    @mfridman @oxisto
    mfridman authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    ad1bcff View commit details
    Browse the repository at this point in the history

  17. Added MicahParks/keyfunc to extensions (golang-jwt#194)

    @oxisto
    oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    d85463c View commit details
    Browse the repository at this point in the history

  18. docs: update link to pkg.go.dev page (golang-jwt#195)

    @polRk @oxisto
    polRk authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    0c8bc44 View commit details
    Browse the repository at this point in the history

  19. add installation guidelines to the README file (golang-jwt#204)

    @luigimorel @oxisto
    luigimorel authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    3558b63 View commit details
    Browse the repository at this point in the history

  20. chore: replace ioutil with io and os (golang-jwt#198)

    @oxisto
    oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    0eef781 View commit details
    Browse the repository at this point in the history

  21. CI check for Go code formatting (golang-jwt#206) 

    Signed-off-by: jay-dee7 <jasdeepsingh.uppal@gmail.com>
Co-authored-by: jay-dee7 <jasdeepsingh.uppal@gmail.com>
    @mfridman @jay-dee7 @oxisto
    2 people authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    519e4fe View commit details
    Browse the repository at this point in the history

  22. Create SECURITY.md (golang-jwt#171)

    @mfridman @oxisto
    mfridman authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    d2de1da View commit details
    Browse the repository at this point in the history

  23. Update SECURITY.md (golang-jwt#207)

    @oxisto
    oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    8f40bbd View commit details
    Browse the repository at this point in the history

  24. Fixed integer overflow in NumericDate.MarshalJSON (golang-jwt#200)

    @qqiao @oxisto
    qqiao authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    780e930 View commit details
    Browse the repository at this point in the history

  25. chore: remove unused claims in RSA table driven test (golang-jwt#212)

    @gkech @oxisto
    gkech authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    a73dea4 View commit details
    Browse the repository at this point in the history

  26. fix: link update for README.md for v4 (golang-jwt#217) 

    Co-authored-by: Christian Banse <oxisto@aybaze.com>
    @krokite @oxisto
    krokite and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    c2a8826 View commit details
    Browse the repository at this point in the history

  27. Implement a BearerExtractor (golang-jwt#226) 

    * Implement a BearerExtractor

This is a rather common extractor; it extracts the JWT from the HTTP
Authorization header, expecting it to include the "Bearer " prefix.

This patterns is rather common and this snippet is repeated in enough
applications that it's probably best to just include it upstream and
allow reusing it.

* Ignore case-sensitivity for "Bearer"
    @WhyNotHugo @oxisto
    WhyNotHugo authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    f677bad View commit details
    Browse the repository at this point in the history

  28. Bump matrix to support latest go version (go1.19) (golang-jwt#231) 

    * Bump matrix to support latest go version (go1.19)

* Fix comment
    @mfridman @oxisto
    mfridman authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    ece1575 View commit details
    Browse the repository at this point in the history

  29. Include https://github.com/golang-jwt/jwe in README (golang-jwt#229)

    @oxisto
    oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    8a02da3 View commit details
    Browse the repository at this point in the history

  30. Add doc comment to ParseWithClaims (golang-jwt#232)

    @jkopczyn @oxisto
    jkopczyn authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    6abd521 View commit details
    Browse the repository at this point in the history

  31. Removed unneeded if statement (golang-jwt#241)

    @Krout0n @oxisto
    Krout0n authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    057b27f View commit details
    Browse the repository at this point in the history

  32. No pointer embedding in the example (golang-jwt#255) 

    Fixes golang-jwt#223
    @oxisto
    oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    e4fcde4 View commit details
    Browse the repository at this point in the history

  33. Using tparse for nicer CI test display (golang-jwt#251)

    @oxisto
    oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    28173c8 View commit details
    Browse the repository at this point in the history

  34. Allow strict base64 decoding (golang-jwt#259) 

    By default base64 decoder works in non-strict mode which
allows tweaking signatures having padding without failing validation.

This creates a potential problem if application treats token value as an identifier.

For example ES256 signature has length of 64 bytes and two padding symbols (stripped by default).
Therefore its base64-encoded value can only end with A, Q, g and w.
In non-strict mode last symbol could be tweaked resulting in 16 distinct
token values having the same signature and passing validation.

This change adds backward-compatible global config variable DecodeStrict
(similar to existing DecodePaddingAllowed) that enables strict base64 decoder mode.

See also golang/go#15656.

Signed-off-by: Alexander Yastrebov <yastrebov.alex@gmail.com>
    @AlexanderYastrebov @oxisto
    AlexanderYastrebov authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    bfff091 View commit details
    Browse the repository at this point in the history

  35. Added GitHub Actions Markdown (golang-jwt#260)

    @oxisto
    oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    54ef79d View commit details
    Browse the repository at this point in the history

  36. v5 Pre-Release (golang-jwt#234) 

    Co-authored-by: Micah Parks <66095735+MicahParks@users.noreply.github.com>
Co-authored-by: Michael Fridman <mf192@icloud.com>
    @oxisto @MicahParks @mfridman
    3 people committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    a02d89c View commit details
    Browse the repository at this point in the history

  37. remove string slice and strings.join (golang-jwt#115)

    @moneszarrugh @oxisto
    moneszarrugh authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    03042d1 View commit details
    Browse the repository at this point in the history

  38. Update MIGRATION_GUIDE.md (golang-jwt#289) 

    * Update MIGRATION_GUIDE.md

Saw one typo, spent a few minutes improving a few paragraphs.
    @liam-verta @oxisto
    liam-verta authored and oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    17b0e60 View commit details
    Browse the repository at this point in the history

  39. Moving DecodeSegement to Parser (golang-jwt#278) 

    * Moving `DecodeSegement` to `Parser`

This would allow us to remove some global variables and move them to parser options as well as potentially introduce interfaces for json and b64 encoding/decoding to replace the std lib, if someone wanted to do that for performance reasons.

We keep the functions exported because of explicit user demand.

* Sign/Verify does take the decoded form now
    @oxisto
    oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    7efc1c8 View commit details
    Browse the repository at this point in the history

  40. Adjusting the error checking example (golang-jwt#270) 

    This PR adjusts the error checking example so that a check for an invalid signature is also included.

See discussion in golang-jwt#143
    @oxisto
    oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    b6ef509 View commit details
    Browse the repository at this point in the history

  41. Moved test

    @oxisto
    oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    1dc9063 View commit details
    Browse the repository at this point in the history

  42. Merge branch 'main' into patch-1

    @oxisto
    oxisto committed Mar 29, 2023
    Configuration menu
    Copy the full SHA
    ca71027 View commit details
    Browse the repository at this point in the history