Comments (7)
You are ENCRYPTING and then SIGNING. jwt.ParseXXXX
only does signature verification/unwrapping. You need to use jwe.Decrypt
yourself to decrypt your token before calling jwt.ParseXXX
(or jws.Verify
)
from jwx.
Ah, ok. Thank you for the super fast reply. I did try that (see below) but I got the error compact JWE format must have five parts (3)
so I figured I should leave it to a higher level abstraction to do it. I wil do more research and learn about what "compact" means.
decrypted, err := jwe.Decrypt([]byte(cookie.Value),
jwe.WithKeySet(e.keys.encrypt.public))
if err != nil {
return "", fmt.Errorf("failed to decrypt session cookie: %w", err)
}
from jwx.
An, sorry, in your case you need to jws.Verify
, then jwe.Decrypt
, and then finally jwt.Parse
.
That is, you are doing signed = Sign(Encrypt(JWT_payload))
, so in order to get back the JWT_payload
, you need to do ParseJWT(Decrypt(Verify(signed)))
I highly suggest you look into how these messages are constructed from the RFCs or similar.
from jwx.
I'm now doing the following:
verified, err := jws.Verify([]byte(cookie.Value), jws.WithKeySet(e.keys.signing.public))
if err != nil {
return "", fmt.Errorf("failed to verify session token: %w", err)
}
decrypted, err := jwe.Decrypt(verified, jwe.WithKeySet(e.keys.encrypt.private))
if err != nil {
return "", fmt.Errorf("failed to decrypt session token: %w", err)
}
fmt.Println(string(decrypted)) // {"rt":"some.refresh.token"}
parsed, err := jwt.Parse(decrypted,
jwt.WithClock(e.clock),
jwt.WithKeySet(e.keys.signing.public))
if err != nil {
return "", fmt.Errorf("failed to parse session token: %w", err)
}
But it will fail on the final parse because "decrypted" now just looks like this: {"rt":"some.refresh.token"}
. I will look into how this exactly works but I just want to report it here in case it's unexpected. The error is : failed to unmarshal jws message: required field "signatures" not present
Ofcourse, I now have the data I was looking for so it is fine. Just reporting here in case it's unexpected
from jwx.
The last error is because you're trying to jwt.Parse
with the key set -- that is, you're verifying the message signature. If the payload you end up with is a JSON message, you could either simply use json.Unmarshal
, or use jwt.Parse
with the jwt.WithVerify(false)
option. I'm not claiming I have the best documentation, but these are all documented, so please take a bit of time looking at the documentation or the examples
directory.
from jwx.
I will, thank you again for the quick responses (and the great library). I will close this, maybe others in the future have use for the information in this thread.
from jwx.
no prob. Thanks for the kind words
from jwx.
Related Issues (20)
- `WithInferAlgorithmFromKey` should cache inferences alas HOT 3
- Simple custom field on a JWT token HOT 5
- Update go version within go.mod
- `jwk.SetGlobalFetcher` requires object implementing interface with unexported methods HOT 19
- Expose function to check if `jws.Verify` failed with `verifyError` or not HOT 6
- [v3] Deprecate jwk's global fetcher
- [doc] CVE-2024-21664 - Missing v1 fix version HOT 9
- [v1][v2] Add option to disallow JSON format for JWTs HOT 2
- Disabling kid check with jws.Verify on a JWKSet HOT 2
- jwt.ParseRequest should also look for the token in cookies HOT 3
- How to Sign a jwt token with just a string and not publicKey and privateKey HOT 2
- [v2] Accessing registered claims during verification (keyprovider) HOT 6
- Support the new fully-specified JOSE algorithms HOT 2
- Support for custom key usage types in JWKs HOT 3
- Ability to work with PEM/DER for secp256k1 HOT 14
- jwx command-line tool does not support PEM output for secp256k1 HOT 2
- [v3] Change KeyUsageType's Accept behavior to be by default strict, and allow toggling the feature
- Validate everything but expiration HOT 6
- Unable to get expiration date HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jwx.