I'm trying to duplicate functionality with PHP.

  $signer = new Sha256();

  // Set path of private_key.pem. Overwrite the default file as sample.
  $privateKeyString = new Key(
      "file:///box/" . $this->config['private_key_file'], $this->config['passphrase']
  );

  $assertion = (new Builder())
      ->setHeader('kid', $this->config['public_key_id'])
      ->setIssuer($this->config['au_client_id'])
      ->setSubject($id)
      ->set('box_sub_type', $type)
      ->setAudience($this->audience_url)
      ->setId(uniqid('ABC'))
      ->setIssuedAt(time())
      ->setExpiration(time() + $this->config['expiration'])
      ->sign($signer,  $privateKeyString)
      ->getToken();

Which outputs the following:

  ^ Lcobucci\JWT\Token^ {#985
    -headers: array:3 [
      "typ" => "JWT"
      "alg" => "RS256"
      "kid" => Lcobucci\JWT\Claim\Basic^ {#976
        -name: "kid"
        -value: "38u7xxxx"
      }
    ]
    -claims: array:7 [
      "iss" => Lcobucci\JWT\Claim\EqualsTo^ {#977
        -name: "iss"
        -value: "hd2meuymeq5erwineh2lt1vghxxx0000"
      }
      "sub" => Lcobucci\JWT\Claim\EqualsTo^ {#978
        -name: "sub"
        -value: "248410000"
      }
      "box_sub_type" => Lcobucci\JWT\Claim\Basic^ {#979
        -name: "box_sub_type"
        -value: "enterprise"
      }
      "aud" => Lcobucci\JWT\Claim\EqualsTo^ {#980
        -name: "aud"
        -value: "https://api.box.com/oauth2/token"
      }
      "jti" => Lcobucci\JWT\Claim\EqualsTo^ {#981
        -name: "jti"
        -value: "ABC5e0b3370a6458"
      }
      "iat" => Lcobucci\JWT\Claim\LesserOrEqualsTo^ {#982
        -name: "iat"
        -value: 1577792368
      }
      "exp" => Lcobucci\JWT\Claim\GreaterOrEqualsTo^ {#983
        -name: "exp"
        -value: 1577792428
      }
    ]
    -signature: Lcobucci\JWT\Signature^ {#984
    }
    -payload: array:3 [
      0 => "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjM4dTdwamxwIn0"
      1 => "eyJpc3MiOiJoZDJtZXV5bWVxNWVyd2luZWgybHQxdmdoY21rNDEwNCIsInN1YiI6IjI0ODQxOTQ2MCIsImJveF9zdWJfdHlwZSI6ImVudGVycHJpc2UiLCJhdWQiOiJodHRwczpcL1wvYXBpLmJveC5jb21cL29hdXRoMlwvdG9rZW4iLCJqdGkiOiJBQkM1ZTBiMzM3MGE2NDU4IiwiaWF0IjoxNTc3NzkyMzY4LCJleHAiOjE1Nzc3OTI0Mjh9"
      2 => "JUZqTydnL7UT4aksNAqXJpAYDqelvOXimc85p2qnrvCfr1ZV-DBQLt98GagwbHt2Wn0V5a6oYFgUwo5tfyHA5ElYBPYS7AeF96zTyDEJlCFe8IjzObRWP4tdTePsRiXlYGDt7CbWIQ_5mVLV5zrNF0o1ZBfwEenx0PBB1jbnGZ068rO7B5ejHIC7vy7sSmAb7Yn6xZFK5YLeZxBZUUmoch8bM59wFirAAyG8pkBZqUdHSExzt-Q7QisgeoqdLdc9QcklwROiBvDgOkWtCwgee77bsgc8V_m9BAltgu-zXnuIf2ztQRhlNFi-dp6GuNL15sxtz84uh13UroCM9A1hRw"
    ]
  }

With go, I have achieved the following result:

  {
    "aud": "https://api.box.com/oauth2/token",
    "exp": 1577792181,
    "iat": 1577792121,
    "iss": "hd2meuymeq5erwineh2lt1vghxxxxxxx",
    "jti": "ABC5e0b327973b533.11640101",
    "sub": "248000000",
    "alg": "RS256",
    "box_sub_type": "enterprise",
    "kid": "38u7xxxx",
    "typ": "JWT"
  }

The problem is that I'm getting from the service I wish to authenticate to:

{"error":"invalid_grant","error_description":"Algorithm not allowed"}

I'm not sure whether it's because I'm missing headers or that there's no password support for the pem?

Many thanks!

I just hit a situation where one user's tokens would decode and verify, and another user's would not, giving "failed to verify jws signature: failed to verify message: crypto/rsa: verification error".

I can supply a self-contained test case which compares behavior between this library and https://github.com/dgrijalva/jwt-go (which verifies both correctly) if you want to investigate.

jws/headers.go is very low. Bumping up..

Hi,

Filing two issues at once - I was just checking out your library hoping to use it, but hit two blockers.

1

jwk.Fetch("https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration")

Returns err = "nil is invalid kty", but when looking at that page (document), all the key types there are specified as "rsa", so the error message (and the failure itself) don't make sense.

2

The readme at the repository level (main example) starts out with jwk.New() but New now takes a parameter. I figured it was the signing method but then hit another inconsistency and couldn't get past that.

In sign/ecdsa.go there is a the following check:

	if curveBits != keysiz*8 {
		return nil, errors.New("key size does not match curve bit size")
	}

But this check is not ok. See for example https://tools.ietf.org/html/rfc7515 ECDSA P-521 SHA-512. The README says this algorithm is supported but it returns an error.

The code needs to account for such curves. Example solution: https://github.com/kelseyhightower/app/blob/master/vendor/github.com/dgrijalva/jwt-go/ecdsa.go

gopkg.in/square/go-jose.v2/cryptosigner/cryptosigner.go

Many top level JWT libraries have checks that verify the following claims.

• iss
• sub
• aud
• exp
• nbf
• iat
• jti

I was surprised when calling jws.Verify on an expired token did not return an error. The jwt package could probably benefit from a high level Verify function that verified the signature as well as the essential claims.

I would like to use jws.Sign() to parse any JSON payloads such as https://tools.ietf.org/html/rfc7515 Example A.1, A.2, etc

Unfortunately that is not possible because jws.Sign() strips whitespace, newlines and carriage return from the JWS Protected Header. Basically, jws.Sign() removes all whitespace from the JSON. So, instead of signing:

     {"typ":"JWT",
      "alg":"HS256"}

[123, 34, 116, 121, 112, 34, 58, 34, 74, 87, 84, 34, 44, 13, 10, 32,
   34, 97, 108, 103, 34, 58, 34, 72, 83, 50, 53, 54, 34, 125]

It is signing (no whitespace, no new lines):

{"typ":"JWT","alg":"HS256"}

jws.Sign() should be able to take the protected headers "as is", without trying to add to a structure and then serialize it. If it changes the JWS headers as presented, it will generate different signatures from other systems or that the original document holder expected.

When marshalling a JWK which contains an X.509 certificate chain (x5c) to JSON, the resulting JSON contains the actual JSON representation of the x509.Certificate struct, instead of the base64 encoded ASN.1 structure.

When you currently marshal a JWK with X.509 certificates, the result looks like this:

{
  "x5c": [
    {
      "Raw": "(clipped)",
      "RawTBSCertificate": "(clipped)",
      "RawSubjectPublicKeyInfo": "(clipped)",
      "RawSubject": "MBQxEjAQBgNVBAMTCVVuaXQgVGVzdA==",
      "RawIssuer": "MBQxEjAQBgNVBAMTCVVuaXQgVGVzdA==",
      "Signature": "(clipped)",
      "SignatureAlgorithm": 4,
      "PublicKeyAlgorithm": 1,
      "PublicKey": {
        "N": 24671087878926420765627594405100525472964852601392231600603270272161299869337708785559107093049690228584918572462867403668529786789555679458627290437270277064189717437664227011651887425808413331631123547651751178895658287613669051000122863770197975516965641305376431979431040052344634464408824817509747799621210526684428659090983239786693723934635095941965764398368338277672722674150808556704457344599250279636287247318930241951584729037497647296155529294298849498530189942558795798487951622261355315681698747217964838395441155647679174746086691141741172431393044470804431335408467980805992517414782405277307499944769,
        "E": 65537
      },

     ... etc

I used the following to examine coverage.

go test -v ./... -coverprofile=coverage.out
go tool cover -html=coverage.out

• Many components are below 70% and quite a few under 50%.
• Some functions do not seem to be used throughout the code and have no coverage. In my copy of the repo I just removed most of these functions, rerun the tests and they all passed.

Hello,
I try to get JWK from AWS Cognito, but I got the error message and I have no idea why return illegal base64 data.

Code

package main

import(
  "log"
  "github.com/lestrrat-go/jwx/jwk"
)

func main() {
  set, err := jwk.FetchHTTP("https://cognito-identity.amazonaws.com/.well-known/jwks_uri")
    if err != nil {
      log.Printf("failed to parse JWK: %s", err)
      return
    }

    log.Println(set)
}

Result:
2020/02/24 19:01:58 failed to parse JWK: failed to extract from map: failed to construct key from map: failed to extract key from map: failed to get required key n: failed to base64 decode key n: illegal base64 data at input byte 64

Change the test to the below and it will fail.

[
         {"kty":"EC",
		  "crv":"P-256",
		  "key_ops": [
			"verify"
		  ],
          "x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
          "y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
          "d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE"
				 }
       ]
  }`

Error Trace:	ecdsa_test.go:30
    			Error:      	Received unexpected error:
    			            	invalid value for key_ops key: []interface {}

I changed headers_gen.go to the below to fix it.

case KeyOpsKey:
		if v, ok := value.([]interface{}); ok {
			for _, s := range v {
				h.keyops = append(h.keyops, KeyOperation(s.(string)))
			}
			return nil
		}

Can u publish this on https://jwt.io/

Examples on https://jwt.io/

1. github.com/dvsekhvalnov/jose2go
2. github.com/dgrijalva/jwt-go
3. github.com/SermoDigital/jose
4. github.com/robbert229/jwt

Also are there any tutorials using this in client facing examples?

In jwt_test.go we use NumericDate as string in all tests.

Source: {" + jwt.IssuedAtKey + ": + aLongLongTimeAgoString + },

There are no tests for NumericDate as a number, actually there is no coverage for:

func (n *NumericDate) UnmarshalJSON(b []byte) error {}

The RFC does not seem to allow NumbericDate as string, only JSON numeric value.

NumericDate
A JSON numeric value representing the number of seconds from
1970-01-01T00:00:00Z UTC until the specified UTC date/time,
ignoring leap seconds. This is equivalent to the IEEE Std 1003.1,
2013 Edition [POSIX.1] definition "Seconds Since the Epoch", in
which each day is accounted for by exactly 86400 seconds, other
than that non-integer values can be represented. See RFC 3339
[RFC3339] for details regarding date/times in general and UTC in
particular.

Due to the way that EssentialClaims are parsed from JSON, the aud claim must always be an array in the source data.

For example, this sample app will fail the audience check:

package main 

import "github.com/lestrrat/go-jwx/jwt"
import "fmt"
import "encoding/json"

func main() {
    var claimSet jwt.ClaimSet
    err := json.Unmarshal([]byte(`{
      "ver": 1,
      "jti": "AT.yhqxyRwZa5koTnwWQ8G1QV4s2cGYqApe6s22lLjzqJg",
      "iss": "https://my.issuer.domain",
      "aud": "http://my.audience",
      "iat": 1504131487,
      "exp": 1514678399,
      "cid": "1234",
      "uid": "5678",
      "scp": ["users"],
      "sub": "[email protected]"
    }`), &claimSet)

  if err != nil {
    panic(err)
  }
  // will print "aud not satisfied" assuming the `exp` time hasn't passed
  fmt.Println(claimSet.Verify(jwt.WithAudience("http://my.audience")))
}

On this the JWT RFC says, basically, aud can be an array or a string: https://tools.ietf.org/html/rfc7519#section-4.1.3

Planning to file a pull request for a fix later... submitting this partly as a reminder.

This test runs a 1000 iteration loop and prints every single signature in:

t.Logf("%x", s)

Would be greatly appreciate if the library was released with a proper sematic release versioning.

Hi, I'm trying to cache my JWKS to avoid an external web request every time I need it, however I am running into this error:

json: cannot unmarshal object into Go struct field Set.keys of type jwk.Key

It seems to be marshaling fine because I see the object stored in my cache, so I'm not sure what the issue is unmarshaling.

Here are the lines attempting to unmarshal:

var keySet jwk.Set
err := json.Unmarshal(cacheValue, &keySet)

Thanks,
Ben

I wrote a test to reproduce:

func Test_Signature(t *testing.T) {
    for i := 0; i < 1000; i++ {
        tok := jwt.New()
        priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
        assert.FatalError(t, err)
        pub := &priv.PublicKey
        assert.FatalError(t, err)
        s, err := tok.Sign(jwa.ES256, priv)
        assert.FatalError(t, err)
        _, err = jws.Verify([]byte(s), jwa.ES256, pub)
        assert.FatalError(t, err)
    }
}

This breaks consistently within 1000 iterations whether I use the verify method from jws or one from another package.

Low coverage in rsautil.go hid a bug in (un)marshal and creation of keys. The field "Precomputed.CRTValues" was not populated or copied throughout the APIs. A roundtrip test detected the issue. I will submit a PR shortly.

https://github.com/lestrrat-go/jwx/blob/9871a5674c2ca011d6156f4cd5200301be523104/jwt/jwt.go

Functions ParseString() and ParseBytes() are not used or covered.

func VerifyWithJKU() is not used

No error path is covered or exercised

Just wondering if this logic: https://github.com/lestrrat/go-jwx/blob/76ff5fd46c773bcf15f019da4b5247780efec796/jws/jws.go#L184 is also supposed to deal with a JWK that has the use "sig"?

Also, the specification states that the "alg" parameter of a JWK can be optional. Azure AD's OpenID implementation does not send this. Their own library seems to use RSA256 by default if the kty is RSA. Do you believe it is safe to always fallback to one of the "recommended" algorithms defined by the specification when the "alg" parameter is blank?

Some functions in ecdsa.go have no coverage such as (un)Marshal public and private keys.

Remove package name from const names
Use "name" instead of "method". We do not use "method" per se anymore after all changes, i.e., there is no direct call to any method.
Use GetAlgorithm() instead of Algorithm()
Added PrivateParams as a JSON tag. But if we want flattened we can change asap.

I am trying to get all generate code to look similar and follow a pattern.

I was using v0.9.0, jws.VerifyWithJKU() validation worked fine. But once I updated to the newer version v0.9.1, it no longer validates the signature, returns no error. This is a serious issue. Could I get any help regarding this?

Thank you.

Hello,

I'm trying to verify a HS256-signed jwt token.

In the jwt module, there's a jwt.Parse() function with the comment that it returns an error if the signature fails, but it doesn't take a key or algorithm as parameter when calling jws.Parse(); so it doesn't actually check the signature.

If I call jws.Verify(), I get back a []byte payload, but there is no clear way to feed this to anything in the jwt module. Feeding it to jwt.ParseBytes panics with an invalid address or nil pointer at github.com/lestrrat/go-jwx/jws/jws.go:422:

	plain.payload, err = base64.RawURLEncoding.DecodeString(wrapper.Payload)

... I assume wrapper.Payload is a nil pointer.

If I call jws.Verify(), throw away the []byte but keep the verification status and then call jwt.ParseString() on the original token to get a jwt struct, I think I have both a valid signature and token with claims, but I guess with double parsing.

I'm a bit confused about the way to go here and would appreciate some insight. Thanks!

https://github.com/lestrrat-go/jwx/blob/master/internal/option/option.go

Is there a better place to ask these kind of questions? I'm digging through the library.

Instead of having to cast all method calls to jws.Verify(), it is better to have a helper function of that the entire call path is independent of key type.

OLD:

	ecdsaPrivateKey := key.(*ecdsa.PrivateKey)

	// Verify with API library
	verifiedPayload, err := jws.Verify(jwsCompact, alg, &ecdsaPrivateKey.PublicKey)		

NEW:

             publicKey, err := jwk.GetPublicKey(key)
	if err != nil {
		t.Fatal("Failed to get public from private key")
	}
	verifiedPayload, err := jws.Verify(jwsCompact, alg, publicKey)

I need to communicate with a service, which requires the kid to be set to a specific value and can't figure out how to do it. The sample code supplied by the service suggests the following in Python:

 protected_header = {
        "alg": ""RSA-OAEP",
        "enc": "A256CBC-HS512",
        "typ": "JWE",
        "kid": "MY_KEY_ID",
    }
    jwetoken = jwe.JWE(payload_bytes, recipient=public_key, protected=protected_header)
    return jwetoken.serialize(compact=True)

Sorry about being new to jwx! I am grateful for any suggestions you could give.

Function JWKSetURL() is not used or covered

None of these functions are used or covered

None of these switch cases are covered

None of these switch cases are covered

None of these lines are covered

This switch case is not exercised

Error paths are largely not covered, specially:

/cc @wvh

Similar issues to #70

https://tools.ietf.org/html/rfc7515#appendix-A.6

I was trying to get coverage for protected header and key lookup in LookupSignature(kid string) and noticed a few things.

• While running t.Run("CompleteJSON", func(t *testing.T)..) I noticed that after unmarshal:

• Protected header structure was empty

• Header structure contained both protected and unprotected headers.

• Entries were not delete from map

• Not checking length of map before assignment.

The HTTP client used for HTTP operations is fixed to the default HTTP client of Go.
This means we can't configure timeouts, additional CA certificates etc.
An additional method at least for jwk.Fetch and jwk.FetchHTTP with HTTP Client as argument would be helpful.

For refreshing token, we use all the claims from previous tokens and modify the iat and exp claims. If we have several claims, it's painful to extract all claims from the token and sign a new one.

Use JSON struct tags for most (un)marshal. Use custom (un)marshal only when strictly necessary, therefore removing most extract/populate map functions.

These functions are not used or covered

These functions are not used:

These lines are not covered

This function is not used or covered.

Hello,

When doing JWT claim validation, iat and Now() are rounded to the nearest second before the comparison with now.After() (see jwt/verify.go:174). This means that by default, tokens are always invalid in the same second they are created. It's probably very common for a server to respond with a token to a client which then immediately tries to validate it, which will very likely result in a validation error because of iat.

Setting skew works, but maybe the default skew could be 1 second or the comparison could be done without rounding the times, so by default, tokens are not invalid in the same second they are created.

Go has a time.After() and time.Equal, but no time.AfterOrEqual. Another option could also be to reverse the condition and use time.Before().

errors.Wrap() returns nil if the first argument 'err' is nil.
https://github.com/lestrrat-go/jwx/blob/master/jws/jws.go#L267
so, even if the above error occurs, you will receive err = nil as a result.

https://github.com/lestrrat-go/jwx/blob/9871a5674c2ca011d6156f4cd5200301be523104/jwt/token_gen.go

Get() has very low coverage
functions JwtID(), NotBefore() and Expiration() are not used
Error pats in Set() are not covered.

Verifying with RS256 succeeds while ES256 fails, returning an "empty buffer" error.

You can copy and paste the below into jwt_test.go. I haven't gotten to the bottom of the issue yet.

func TestVerifyWithRS(t *testing.T) {
	alg := jwa.RS256
	key, err := rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		return
	}

	t1 := jwt.New()
	t1.Set("example", "RS256")
	signed, err := t1.Sign(alg, key)

	_, err = jwt.ParseVerify(bytes.NewReader(signed), alg, &key.PublicKey)
	if !assert.NoError(t, err, `jwt.ParseVerify should succeed`) {
		return
	}
}

func TestVerifyWithES(t *testing.T) {
	alg := jwa.ES256
	key, err := rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		return
	}

	t1 := jwt.New()
	t1.Set("example", "ES256")
	signed, err := t1.Sign(alg, key)

	_, err = jwt.ParseVerify(bytes.NewReader(signed), alg, &key.PublicKey)
	if !assert.NoError(t, err, `jwt.ParseVerify should succeed`) {
		return
	}
}

I use an IDE and can step and debug the entire code without pdebug. I removed the entire pdebug dependency in a branch to experiment and coverage overall went up 12% and the number of lines of code went down considerably.

This isn't a bug, but damn if I cannot figure out how to load keys from a Array or String, not a URL

set, err := jwk.Fetch(keyUrl) //This works
I'm trying to figure out how to load them directly, or create them from the keys I already have.

I kicked around doing something like this:

set,err:=jwk.New(array_like_json_string_below) //This is what I want to do
I'm trying to persist them, and not load them everytime.

The keys are the JSON format.

{"keys":
[{"alg":"RS256","e":"AQAB","n":"jqm5oX5Vth4JW1gZQHywIki2beYCgBSL-
EYlefDUlI6SShtEKfi-vWYbFh2pNNUAE4NHuYpYP-
FG1uRSKs6WK2k6KMB2Hyx3hBkWyu7Aqo_pb1WItkPSZS-AWOMp4N-

Thanks for help, great library

https://github.com/lestrrat-go/jwx/blob/9871a5674c2ca011d6156f4cd5200301be523104/jwt/date.go

Error paths are not covered.
The following switch cases are not covered.

    case int32:
            t = time.Unix(int64(x), 0)
    case int16:
            t = time.Unix(int64(x), 0)
    case int8:
            t = time.Unix(int64(x), 0)
    case float32:
            t = time.Unix(int64(x), 0)

The alg attribute is optional according to the RFC and some providers do not permit configuration of keys to include it. If the alg attribute is missing, there should probably be a default fallback depending on the type of key. Another option is to trust the header of the JWT, although because this is before verification that is a security concern.