Skip to content

Tags: golang-jwt/jwt

Tags

v5.2.1

Toggle v5.2.1's commit message

Verified

This tag was signed with the committer’s verified signature.
mfridman Michael Fridman
SSH Key Fingerprint: eZwhISKBUqae5UnixEND7un7fgr/uigRwTfPA/EwZbo Learn about vigilant mode 
Release v5.2.1

v5.2.0

Toggle v5.2.0's commit message

Verified

This tag was signed with the committer’s verified signature.
mfridman Michael Fridman
SSH Key Fingerprint: eZwhISKBUqae5UnixEND7un7fgr/uigRwTfPA/EwZbo Learn about vigilant mode 
Release v5.2.0

v5.1.0

Toggle v5.1.0's commit message

Verified

This tag was signed with the committer’s verified signature.
mfridman Michael Fridman
SSH Key Fingerprint: eZwhISKBUqae5UnixEND7un7fgr/uigRwTfPA/EwZbo Learn about vigilant mode 
Release v5.1.0

v5.0.0

Toggle v5.0.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode 
enable jwt.ParsePublicKeyFromPEM to parse PKCS1 Public Key (#120)

v5.0.0-rc.2

Toggle v5.0.0-rc.2's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode 
Adjusting the error checking example (#270)

This PR adjusts the error checking example so that a check for an invalid signature is also included.

See discussion in #143

v5.0.0-rc.1

Toggle v5.0.0-rc.1's commit message

Partially verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
We cannot verify signatures from co-authors, and some of the co-authors attributed to this commit require their commits to be signed. 
`v5` Pre-Release (#234)

Co-authored-by: Micah Parks <[email protected]>
Co-authored-by: Michael Fridman <[email protected]>

v4.5.0

Toggle v4.5.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode 
Allow strict base64 decoding (#259)

By default base64 decoder works in non-strict mode which
allows tweaking signatures having padding without failing validation.

This creates a potential problem if application treats token value as an identifier.

For example ES256 signature has length of 64 bytes and two padding symbols (stripped by default).
Therefore its base64-encoded value can only end with A, Q, g and w.
In non-strict mode last symbol could be tweaked resulting in 16 distinct
token values having the same signature and passing validation.

This change adds backward-compatible global config variable DecodeStrict
(similar to existing DecodePaddingAllowed) that enables strict base64 decoder mode.

See also golang/go#15656.

Signed-off-by: Alexander Yastrebov <[email protected]>

v4.4.3

Toggle v4.4.3's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode 
No pointer embedding in the example (#255)

Fixes #223

v4.4.2

Toggle v4.4.2's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode 
chore: remove unused claims in RSA table driven test (#212)

v4.4.1

Toggle v4.4.1's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode 
Revert "feat: port clockskew support (#139)" (#184)

This reverts commit d489c99.