How am I supposed to parse tokens created with: jwt.NewSerializer. about jwx HOT 7 CLOSED

You are ENCRYPTING and then SIGNING. jwt.ParseXXXX only does signature verification/unwrapping. You need to use jwe.Decrypt yourself to decrypt your token before calling jwt.ParseXXX (or jws.Verify)

from jwx.

Ah, ok. Thank you for the super fast reply. I did try that (see below) but I got the error compact JWE format must have five parts (3) so I figured I should leave it to a higher level abstraction to do it. I wil do more research and learn about what "compact" means.

	decrypted, err := jwe.Decrypt([]byte(cookie.Value),
		jwe.WithKeySet(e.keys.encrypt.public))
	if err != nil {
		return "", fmt.Errorf("failed to decrypt session cookie: %w", err)
	}

from jwx.

An, sorry, in your case you need to jws.Verify, then jwe.Decrypt, and then finally jwt.Parse.

That is, you are doing signed = Sign(Encrypt(JWT_payload)), so in order to get back the JWT_payload, you need to do ParseJWT(Decrypt(Verify(signed)))
I highly suggest you look into how these messages are constructed from the RFCs or similar.

from jwx.

I'm now doing the following:

	verified, err := jws.Verify([]byte(cookie.Value), jws.WithKeySet(e.keys.signing.public))
	if err != nil {
		return "", fmt.Errorf("failed to verify session token: %w", err)
	}

	decrypted, err := jwe.Decrypt(verified, jwe.WithKeySet(e.keys.encrypt.private))
	if err != nil {
		return "", fmt.Errorf("failed to decrypt session token: %w", err)
	}

	fmt.Println(string(decrypted)) // {"rt":"some.refresh.token"}

	parsed, err := jwt.Parse(decrypted,
		jwt.WithClock(e.clock),
		jwt.WithKeySet(e.keys.signing.public))
	if err != nil {
		return "", fmt.Errorf("failed to parse session token: %w", err)
	}

But it will fail on the final parse because "decrypted" now just looks like this: {"rt":"some.refresh.token"}. I will look into how this exactly works but I just want to report it here in case it's unexpected. The error is : failed to unmarshal jws message: required field "signatures" not present

Ofcourse, I now have the data I was looking for so it is fine. Just reporting here in case it's unexpected

from jwx.

The last error is because you're trying to jwt.Parse with the key set -- that is, you're verifying the message signature. If the payload you end up with is a JSON message, you could either simply use json.Unmarshal, or use jwt.Parse with the jwt.WithVerify(false) option. I'm not claiming I have the best documentation, but these are all documented, so please take a bit of time looking at the documentation or the examples directory.

from jwx.

I will, thank you again for the quick responses (and the great library). I will close this, maybe others in the future have use for the information in this thread.

from jwx.

no prob. Thanks for the kind words

from jwx.