Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use go-jose v4 #275

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

use go-jose v4 #275

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d2cb4ab
use go-jose v4
Jun 5, 2024
9372d2a
amend test, HS256 secret needs at least 256 bit
Jun 5, 2024
6ec2b74
update example jwt signatures with new secret
Jun 7, 2024
909b84e
go mod tidy on examples
Jun 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
amend test, HS256 secret needs at least 256 bit
  • Loading branch information
Michael Wiesenbauer committed Jun 6, 2024
commit 9372d2aa018c0c9d2e2b5917b055ddc5dc8e34f9
6 changes: 3 additions & 3 deletions middleware_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,8 @@ import (

func Test_CheckJWT(t *testing.T) {
const (
validToken = "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0ZXN0SXNzdWVyIiwiYXVkIjoidGVzdEF1ZGllbmNlIn0.Bg8HXYXZ13zaPAcB0Bl0kRKW0iVF-2LTmITcEYUcWoo"
invalidToken = "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0ZXN0aW5nIn0.eM1Jd7VA7nFSI09FlmLmtuv7cLnv8qicZ8s76-jTOoE"
validToken = "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0ZXN0SXNzdWVyIiwiYXVkIjoidGVzdEF1ZGllbmNlIn0.PObulEU1cVh-gXvE9p9X7ljwqj_ySgPLOcdyVaWkBZ0"
invalidToken = "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJ0ZXN0aW5nIn0.7weA6mqBZrF5BFggsul_iB_69E5B1PptE7XIteygHZM"
issuer = "testIssuer"
audience = "testAudience"
)
Expand All @@ -31,7 +31,7 @@ func Test_CheckJWT(t *testing.T) {
}

keyFunc := func(context.Context) (interface{}, error) {
return []byte("secret"), nil
return []byte("your-256-bit-secret-is-just-enough"), nil
}

jwtValidator, err := validator.New(keyFunc, validator.HS256, issuer, []string{audience})
Expand Down
50 changes: 25 additions & 25 deletions validator/validator_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,9 +40,9 @@ func TestValidator_ValidateToken(t *testing.T) {
}{
{
name: "it successfully validates a token",
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdfQ.-R2K2tZHDrgsEh9JNWcyk4aljtR6gZK0s2anNGlfwz0",
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdfQ.Gc76TzJG4-yYm6VOPPHBrGZYX5Bk9NUl97By9IPFPzk",
keyFunc: func(context.Context) (interface{}, error) {
return []byte("secret"), nil
return []byte("your-256-bit-secret-is-just-enough"), nil
},
algorithm: HS256,
expectedClaims: &ValidatedClaims{
Expand All @@ -55,9 +55,9 @@ func TestValidator_ValidateToken(t *testing.T) {
},
{
name: "it successfully validates a token with custom claims",
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJzY29wZSI6InJlYWQ6bWVzc2FnZXMifQ.oqtUZQ-Q8un4CPduUBdGVq5gXpQVIFT_QSQjkOXFT5I",
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJzY29wZSI6InJlYWQ6bWVzc2FnZXMifQ.LIf0zKcy-PphIivCngfYwaCY9pHrLpcwuVzhDpsgfds",
keyFunc: func(context.Context) (interface{}, error) {
return []byte("secret"), nil
return []byte("your-256-bit-secret-is-just-enough"), nil
},
algorithm: HS256,
customClaims: func() CustomClaims {
Expand All @@ -76,18 +76,18 @@ func TestValidator_ValidateToken(t *testing.T) {
},
{
name: "it throws an error when token has a different signing algorithm than the validator",
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdfQ.-R2K2tZHDrgsEh9JNWcyk4aljtR6gZK0s2anNGlfwz0",
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdfQ.Gc76TzJG4-yYm6VOPPHBrGZYX5Bk9NUl97By9IPFPzk",
keyFunc: func(context.Context) (interface{}, error) {
return []byte("secret"), nil
return []byte("your-256-bit-secret-is-just-enough"), nil
},
algorithm: RS256,
expectedError: errors.New(`signing method is invalid: expected "RS256" signing algorithm but token specified "HS256"`),
expectedError: errors.New(`could not parse the token: go-jose/go-jose: unexpected signature algorithm "HS256"; expected ["RS256"]`),
},
{
name: "it throws an error when it cannot parse the token",
token: "",
keyFunc: func(context.Context) (interface{}, error) {
return []byte("secret"), nil
return []byte("your-256-bit-secret-is-just-enough"), nil
},
algorithm: HS256,
expectedError: errors.New("could not parse the token: go-jose/go-jose: compact JWS format must have three parts"),
Expand All @@ -112,18 +112,18 @@ func TestValidator_ValidateToken(t *testing.T) {
},
{
name: "it throws an error when it fails to validate the registered claims",
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIn0.VoIwDVmb--26wGrv93NmjNZYa4nrzjLw4JANgEjPI28",
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIn0.Dg-euBraYMiF3ZT1pSsx43lFJHQtpH9dWGNABNOAbb8",
keyFunc: func(context.Context) (interface{}, error) {
return []byte("secret"), nil
return []byte("your-256-bit-secret-is-just-enough"), nil
},
algorithm: HS256,
expectedError: errors.New("expected claims not validated: go-jose/go-jose/jwt: validation failed, invalid audience claim (aud)"),
},
{
name: "it throws an error when it fails to validate the custom claims",
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJzY29wZSI6InJlYWQ6bWVzc2FnZXMifQ.oqtUZQ-Q8un4CPduUBdGVq5gXpQVIFT_QSQjkOXFT5I",
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJzY29wZSI6InJlYWQ6bWVzc2FnZXMifQ.LIf0zKcy-PphIivCngfYwaCY9pHrLpcwuVzhDpsgfds",
keyFunc: func(context.Context) (interface{}, error) {
return []byte("secret"), nil
return []byte("your-256-bit-secret-is-just-enough"), nil
},
algorithm: HS256,
customClaims: func() CustomClaims {
Expand All @@ -135,9 +135,9 @@ func TestValidator_ValidateToken(t *testing.T) {
},
{
name: "it successfully validates a token even if customClaims() returns nil",
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJzY29wZSI6InJlYWQ6bWVzc2FnZXMifQ.oqtUZQ-Q8un4CPduUBdGVq5gXpQVIFT_QSQjkOXFT5I",
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJzY29wZSI6InJlYWQ6bWVzc2FnZXMifQ.LIf0zKcy-PphIivCngfYwaCY9pHrLpcwuVzhDpsgfds",
keyFunc: func(context.Context) (interface{}, error) {
return []byte("secret"), nil
return []byte("your-256-bit-secret-is-just-enough"), nil
},
algorithm: HS256,
customClaims: func() CustomClaims {
Expand All @@ -154,9 +154,9 @@ func TestValidator_ValidateToken(t *testing.T) {
},
{
name: "it successfully validates a token with exp, nbf and iat",
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJpYXQiOjE2NjY5Mzc2ODYsIm5iZiI6MTY2NjkzOTAwMCwiZXhwIjo5NjY3OTM3Njg2fQ.FKZogkm08gTfYfPU6eYu7OHCjJKnKGLiC0IfoIOPEhs",
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJpYXQiOjE2NjY5Mzc2ODYsIm5iZiI6MTY2NjkzOTAwMCwiZXhwIjo5NjY3OTM3Njg2fQ.ivtod4R8ASSx29w2qCgE1M1I5EhW-ZpxYWoAd-qYrrw",
keyFunc: func(context.Context) (interface{}, error) {
return []byte("secret"), nil
return []byte("your-256-bit-secret-is-just-enough"), nil
},
algorithm: HS256,
expectedClaims: &ValidatedClaims{
Expand All @@ -172,36 +172,36 @@ func TestValidator_ValidateToken(t *testing.T) {
},
{
name: "it throws an error when token is not valid yet",
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJpYXQiOjE2NjY5Mzc2ODYsIm5iZiI6OTY2NjkzOTAwMCwiZXhwIjoxNjY3OTM3Njg2fQ.yUizJ-zK_33tv1qBVvDKO0RuCWtvJ02UQKs8gBadgGY",
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJpYXQiOjE2NjY5Mzc2ODYsIm5iZiI6OTY2NjkzOTAwMCwiZXhwIjoxNjY3OTM3Njg2fQ.wO9bj2hweCg5rBqRFHGzqZ1E9pWH3RRfvOCwhMz1Je8",
keyFunc: func(context.Context) (interface{}, error) {
return []byte("secret"), nil
return []byte("your-256-bit-secret-is-just-enough"), nil
},
algorithm: HS256,
expectedError: fmt.Errorf("expected claims not validated: %s", jwt.ErrNotValidYet),
},
{
name: "it throws an error when token is expired",
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJpYXQiOjE2NjY5Mzc2ODYsIm5iZiI6MTY2NjkzOTAwMCwiZXhwIjo2Njc5Mzc2ODZ9.SKvz82VOXRi_sjvZWIsPG9vSWAXKKgVS4DkGZcwFKL8",
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJpYXQiOjE2NjY5Mzc2ODYsIm5iZiI6MTY2NjkzOTAwMCwiZXhwIjo2Njc5Mzc2ODZ9.httCY_WC4yIiq1TRnOWxIEDcebNKv4rPvhFFoaMmEEQ",
keyFunc: func(context.Context) (interface{}, error) {
return []byte("secret"), nil
return []byte("your-256-bit-secret-is-just-enough"), nil
},
algorithm: HS256,
expectedError: fmt.Errorf("expected claims not validated: %s", jwt.ErrExpired),
},
{
name: "it throws an error when token is issued in the future",
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJpYXQiOjkxNjY2OTM3Njg2LCJuYmYiOjE2NjY5MzkwMDAsImV4cCI6ODY2NzkzNzY4Nn0.ieFV7XNJxiJyw8ARq9yHw-01Oi02e3P2skZO10ypxL8",
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLmV1LmF1dGgwLmNvbS8iLCJzdWIiOiIxMjM0NTY3ODkwIiwiYXVkIjpbImh0dHBzOi8vZ28tand0LW1pZGRsZXdhcmUtYXBpLyJdLCJpYXQiOjkxNjY2OTM3Njg2LCJuYmYiOjE2NjY5MzkwMDAsImV4cCI6ODY2NzkzNzY4Nn0.-XKXOAXFK8vdWA8qPVsTLEemQ_G-0um-UyIWVt_ngSg",
keyFunc: func(context.Context) (interface{}, error) {
return []byte("secret"), nil
return []byte("your-256-bit-secret-is-just-enough"), nil
},
algorithm: HS256,
expectedError: fmt.Errorf("expected claims not validated: %s", jwt.ErrIssuedInTheFuture),
},
{
name: "it throws an error when token issuer is invalid",
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2hhY2tlZC1qd3QtbWlkZGxld2FyZS5ldS5hdXRoMC5jb20vIiwic3ViIjoiMTIzNDU2Nzg5MCIsImF1ZCI6WyJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLWFwaS8iXSwiaWF0Ijo5MTY2NjkzNzY4NiwibmJmIjoxNjY2OTM5MDAwLCJleHAiOjg2Njc5Mzc2ODZ9.b5gXNrUNfd_jyCWZF-6IPK_UFfvTr9wBQk9_QgRQ8rA",
token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2hhY2tlZC1qd3QtbWlkZGxld2FyZS5ldS5hdXRoMC5jb20vIiwic3ViIjoiMTIzNDU2Nzg5MCIsImF1ZCI6WyJodHRwczovL2dvLWp3dC1taWRkbGV3YXJlLWFwaS8iXSwiaWF0Ijo5MTY2NjkzNzY4NiwibmJmIjoxNjY2OTM5MDAwLCJleHAiOjg2Njc5Mzc2ODZ9.v1r03tuBF9Jv6OavAHIedCV8mW-9ardKS3WakweL70E",
keyFunc: func(context.Context) (interface{}, error) {
return []byte("secret"), nil
return []byte("your-256-bit-secret-is-just-enough"), nil
},
algorithm: HS256,
expectedError: fmt.Errorf("expected claims not validated: %s", jwt.ErrInvalidIssuer),
Expand Down Expand Up @@ -243,7 +243,7 @@ func TestNewValidator(t *testing.T) {
)

var keyFunc = func(context.Context) (interface{}, error) {
return []byte("secret"), nil
return []byte("your-256-bit-secret-is-just-enough"), nil
}

t.Run("it throws an error when the keyFunc is nil", func(t *testing.T) {
Expand Down