Comments (2)
@geordee I decided to modify the Audience []string
to a custom type of Audience Audience
which it is still a []string
so we have no breaking changes on Sign and Verify methods and how the standard "aud" claims is stored.
The issue is fixed by implemting the json unmarshal interface on that Audience
new type (its code is identical to my previous comment).
from jwt.
Hello @geordee, you are right, there is no need to skip this claim though, you can use your own structure for standard claims too. We have two solutions for that:
1
On the claims.go
:
Audience []string `json:"-"`
// RawAudience is used for encoding and decoding the Audience field, it can be a string or a []string.
RawAudience json.RawMessage `json:"aud,omitempty"`
On the claims.go#ApplyClaims
:
// ...
if v := c.Audience; len(v) > 0 {
dest.Audience = v
dest.RawAudience, _ = json.Marshal(v) // lint: ignore
}
On the verify.go#VerifyEncrypted
:
if aud := standardClaims.RawAudience; len(aud) > 0 {
switch aud[0] {
case '"': // it's a single string.
var audString string
err = json.Unmarshal(aud, &audString)
if err == nil {
standardClaims.Audience = []string{audString}
}
case '[': // it's an array of strings.
err = json.Unmarshal(aud, &standardClaims.Audience)
}
}
This fixes the decoding issue you described above. However, on Sign
mehods the value will be produced will be always a json array of strings, we can fix it by checking if the Audience == 1 and put the RawAudience to a single string (on the ApplyClaims method) but I think it is cleaner if we just keep it as []string
always and let the decisions on the decode side as we did on 1.
2
If you want to explictly produce a single or a []string we must change the Audience
type to a custom type or interface{}
but it doesn't look right to me... waiting for your opinion.
from jwt.
Related Issues (14)
- How to refresh jwt token? HOT 3
- jwt: unexpected token algorithm "Error" HOT 2
- "Unexpected token algorithm" error when validating CloudFlare's JWT HOT 1
- ignore expired tokens on certain routes HOT 1
- jwt: invalid token form
- Generating the wrong token when customising claims
- Header decode compatibility issue HOT 9
- [BUG] jwt Claims - Invalid for individual custom struct fields HOT 2
- Unnecessary custom base64 implementation HOT 2
- Audience parsing doesn't reject unexpected items HOT 1
- JWT not rejected when audience claim present but not specified by verifying party HOT 1
- payload is not a type of JSON error
- CompareHeader function fails when key id (kid) included HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jwt.