I am using the jwt-go library in golang, and using the HS512 algorithm for signing the token. I want to make sure the token is valid and the example in the docs is like this:
token, err := jwt.Parse(myToken, func(token *jwt.Token) (interface{}, error) {
return myLookupKey(token.Header["kid"])
})
if err == nil && token.Valid {
fmt.Println("Your token is valid. I like your style.")
} else {
fmt.Println("This token is terrible! I cannot accept this.")
}
I understand that myToken
is the string token and the keyFunc
gets passed the parsed token, but I don't understand what myLookupKey
function is supposed to do?, and token.Header
doesn't have a kid
value when i print it to console and even thought the token has all the data I put in it, token.Valid
is always false. Is this a bug? How do I verify the token is valid?
Verify RS256-signed tokensGo to Dashboard > Applications. Go to the Settings view, and open Advanced Settings. Go to the Certificates view, locate the Signed Certificate field, and copy the Public Key. Navigate to the JWT.io website, locate the Algorithm dropdown, and select RS256.
Use github.com/dgrijalva/jwt-go go liabary for the implementation. we can extract JWT token information from the api request according to the following way. When post the JWT token from the using post request. you must extract JWT information in routing section.
The keyFunc
is supposed to return the private key that the library should use to verify the token's signature. How you obtain this key is entirely up to you.
The example from the documentation shows a non-standard (not defined in RFC 7519) additional feature that is offered by the jwt-go library. Using a kid
field in the header (short for key ID), clients can specify with which key the token was signed. On verification, you can then use the key ID to look up one of (possible several) known keys (how and if you implement this key lookup is up to you).
If you do not want to use this feature, just don't. Simply return a static byte stream from the keyFunc
without inspecting the token headers:
token, err := jwt.Parse(myToken, func(token *jwt.Token) (interface{}, error) {
key, err := ioutil.ReadFile("your-private-key.pem")
if err != nil {
return nil, errors.New("private key could not be loaded")
}
return key, nil
})
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With