英文:
Golang JWT is invalid with go-jwt-middleware
问题
在使用新版本的"github.com/auth0/go-jwt-middleware/v2"时,出现了JWT is invalid的错误。
我成功使用了"github.com/golang-jwt/jwt/v4"插件生成了令牌,并尝试在请求中使用它,但在中间件中被拒绝了,我猜测问题出在go-jwt-middleware中。实现中可能有一些缺失,也许有人已经实现并愿意分享。
以下是代码:
type Claims struct {Username string `json:"username"`Role string `json:"role"`Id string `json:"id"`Avatar string `json:"avatar"`jwt.StandardClaims}func (c *Claims) Validate(ctx context.Context) error {return nil}var jwtKey = []byte("secret")func Middleware(h http.Handler) http.Handler {keyFunc := func(ctx context.Context) (interface{}, error) {return jwtKey, nil}customClaims := func() validator.CustomClaims {return &Claims{}}jwtValidator, err := validator.New(keyFunc,validator.HS256,"issuer",[]string{"audience"},validator.WithCustomClaims(customClaims),validator.WithAllowedClockSkew(30*time.Second),)if err != nil {log.Fatalf("Failed to set up the validator: %v", err)}// 设置中间件。middleware := jwtmiddleware.New(jwtValidator.ValidateToken)return middleware.CheckJWT(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {_, token, err := ParseToken(r)if !token.Valid || err != nil {w.WriteHeader(401)w.Write([]byte("Unauthorized"))return}h.ServeHTTP(w, r)}))}func GenerateToken(id string, username string, role string, avatar string) (string, int64, error) {expirationTime := time.Now().Add(time.Hour * 24).Unix()claims := &Claims{Id: id,Username: username,Role: role,Avatar: avatar,StandardClaims: jwt.StandardClaims{ExpiresAt: expirationTime,},}token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)tokenString, err := token.SignedString(jwtKey)if err != nil {return "", 0, err}return tokenString, expirationTime, nil}
我没有找到关于validator中issuer和audience选项的任何文档,只是按照示例进行操作:
jwtValidator, err := validator.New(keyFunc,validator.HS256,"issuer", <------------ issuer[]string{"audience"}, <------------ audiencevalidator.WithCustomClaims(customClaims),validator.WithAllowedClockSkew(30*time.Second),)
英文:
Got JWT is invalid with new version of "github.com/auth0/go-jwt-middleware/v2"
successfully generate token with "github.com/golang-jwt/jwt/v4" plugin, and try to use it on request but rejected on middleware, i guess the issues in go-jwt-middleware. there is some missing with implementation, maybe anyone has already implement and want to share please
Here is the code:
type Claims struct {Username string `json:"username"`Role string `json:"role"`Id string `json:"id"`Avatar string `json:"avatar"`jwt.StandardClaims}func (c *Claims) Validate(ctx context.Context) error {return nil}var jwtKey = []byte("secret")func Middleware(h http.Handler) http.Handler {keyFunc := func(ctx context.Context) (interface{}, error) {return jwtKey, nil}customClaims := func() validator.CustomClaims {return &Claims{}}jwtValidator, err := validator.New(keyFunc,validator.HS256,"issuer",[]string{"audience"},validator.WithCustomClaims(customClaims),validator.WithAllowedClockSkew(30*time.Second),)if err != nil {log.Fatalf("Failed to set up the validator: %v", err)}// Set up the middleware.middleware := jwtmiddleware.New(jwtValidator.ValidateToken)return middleware.CheckJWT(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {_, token, err := ParseToken(r)if !token.Valid || err != nil {w.WriteHeader(401)w.Write([]byte("Unauthorized"))return}h.ServeHTTP(w, r)}))}func GenerateToken(id string, username string, role string, avatar string) (string, int64, error) {expirationTime := time.Now().Add(time.Hour * 24).Unix()claims := &Claims{Id: id,Username: username,Role: role,Avatar: avatar,StandardClaims: jwt.StandardClaims{ExpiresAt: expirationTime,},}token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)tokenString, err := token.SignedString(jwtKey)if err != nil {return "", 0, err}return tokenString, expirationTime, nil}
And i don't found any doccumentation for the value for issuer && audience option on validator. just follow the example:
jwtValidator, err := validator.New(keyFunc,validator.HS256,"issuer", <------------ issuer[]string{"audience"}, <------------ audiencevalidator.WithCustomClaims(customClaims),validator.WithAllowedClockSkew(30*time.Second),)
答案1
得分: 1
发行者:issuerURL,
受众:audience,
受众值是一个字符串,通常是正在访问的资源的基本地址。例如,哪些服务、API、产品应该接受此令牌作为服务的访问令牌。对于 Stackoveflow 的令牌不应该被 Stack exchange 网站接受,即使它们具有相同的发行者,它们的受众也会不同。
发行者值是一个类似于 https://<issuer-url>/ 的字符串,表示谁创建了令牌。例如,由 GitHub 或 LinkedIn 发行的令牌,可以通过使用 OpenID 配置端点进行验证。
英文:
Issuer: issuerURL,Audience: audience,
The audience value is a string -- typically, the base address of the resource being accessed. for example which services, APIs, products should accept this token as an access token for the service. A token valid for Stackoveflow should not be accepted for the Stack exchange website, even if both of them have the same issuer, they’ll have different audiences.
Issuer value is a string like this https://<issuer-url>/ Who created the token. like token issued by GitHub or LinkedIn and this can be verified by using the OpenID configuration endpoint
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论