英文:
How to parse a JWT token with RSA in jwt-go ParseWithClaims?
问题
我已经开发了以下方法,应该可以实现基于令牌的身份验证(jwt)。应该使用异步进程来生成令牌。
源代码似乎在生成签名令牌时工作正常。当使用ParseWithClaims查询令牌时,我遇到了一个问题。有人可以帮忙吗?
package controllers
import (
"crypto/rand"
rsaKeys "crypto/rsa"
"fmt"
jwtgo "github.com/dgrijalva/jwt-go"
"github.com/gofiber/fiber"
)
func Login(c *fiber.Ctx) error {
type TestClaims struct {
HAPP string `json:"happ"`
jwtgo.StandardClaims
}
currentPrivateKey, err := rsaKeys.GenerateKey(rand.Reader, 512)
claims := TestClaims{
"owa",
jwtgo.StandardClaims{
Issuer: "test",
ExpiresAt: 15000,
},
}
token := jwtgo.NewWithClaims(jwtgo.SigningMethodRS256, claims)
tokenSigned, err := token.SignedString(currentPrivateKey)
if err != nil {
fmt.Printf("Failed to sign in account %v", err)
}
//Issue is in this statement
_, errTest := jwtgo.ParseWithClaims(tokenSigned, &TestClaims{"owa", jwtgo.StandardClaims{}}, func(token *jwtgo.Token) (interface{}, error) {
return currentPrivateKey, nil
})
if errTest != nil {
fmt.Printf("Error Message: %v", errTest) //Does throw error: key is of invalid type
}
return c.JSON(fiber.Map{
"message": "success",
})
}
英文:
I have developed the following method, which should enable token-based authentication (jwt). An asynchronous process should be used to generate the token.
The source code seems to work up to and including the generation of the signed token.
I encountered an issue when querying the token with ParseWithClaims. Can someone help please?
package controllers
import (
"crypto/rand"
rsaKeys "crypto/rsa"
"fmt"
jwtgo "github.com/dgrijalva/jwt-go"
"github.com/gofiber/fiber"
)
func Login(c *fiber.Ctx) error {
type TestClaims struct {
HAPP string `json:"happ"`
jwtgo.StandardClaims
}
currentPrivateKey, err := rsaKeys.GenerateKey(rand.Reader, 512)
claims := TestClaims{
"owa",
jwtgo.StandardClaims{
Issuer: "test",
ExpiresAt: 15000,
},
}
token := jwtgo.NewWithClaims(jwtgo.SigningMethodRS256, claims)
tokenSigned, err := token.SignedString(currentPrivateKey)
if err != nil {
fmt.Printf("Failed to sign in account %v", err)
}
//Issue is in this statement
_, errTest := jwtgo.ParseWithClaims(tokenSigned, &TestClaims{"owa", jwtgo.StandardClaims{}}, func(token *jwtgo.Token) (interface{}, error) {
return currentPrivateKey, nil
})
if errTest != nil {
fmt.Printf("Error Message: %v", errTest) //Does throw error: key is of invalid type
}
return c.JSON(fiber.Map{
"message": "success",
})
}
答案1
得分: 3
要验证JWT,你需要使用公钥,具体来说,ParseWithClaims函数需要一个*rsa.PublicKey类型的密钥。
你可以使用PrivateKey.Public从私钥中获取公钥:
tok, err := jwtgo.ParseWithClaims(tokenSigned, &TestClaims{"owa", jwtgo.StandardClaims{}}, func(token *jwtgo.Token) (interface{}, error) {
return currentPrivateKey.Public(), nil
})
请注意,dgrijalva/jwt-go已经不再维护。如果可以的话,请切换到社区分支golang-jwt/jwt,它包含了关键的安全修复。
英文:
To validate the JWT you need the public key, specifically ParseWithClaims expects a key of type *rsa.PublicKey.
You can get it from the private key with PrivateKey.Public:
tok, err := jwtgo.ParseWithClaims(tokenSigned, &TestClaims{"owa", jwtgo.StandardClaims{}}, func(token *jwtgo.Token) (interface{}, error) {
return currentPrivateKey.Public(), nil
})
Please note that dgrijalva/jwt-go is unmaintained. If you can, switch to the community fork golang-jwt/jwt, which includes critical security fixes.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论