How can I get expire date from jwt token in go?

huangapple go评论85阅读模式
英文:

How can I get expire date from jwt token in go?

问题

我有一个JWT令牌,并且我能够在https://jwt.io/网站上看到解码后的令牌。它不需要我设置任何密钥或声明。因此,我正在寻找一种在不提供任何密钥的情况下解码令牌以获取过期日期的方法。

我正在使用库gopkg.in/square/go-jose.v2/jwt,以下是我的代码:

token, err := jwt.ParseSigned(jwtToken)

返回的值token有一个Header字段,其中包括KeyId和Algorithm,但它不给我过期日期。

我在这个主题上进行了搜索,人们说使用github.com/auth0/go-jwt-middleware/v2/validator库,但它需要设置密钥/秘密。解析令牌的过期日期是否需要密钥?网站https://jwt.io/是如何知道过期日期的呢?

英文:

I have a jwt token and I am able to see the decoded token in https://jwt.io/ website. It doesn't require me to setup any secret or claims. so I am looking for a way to decode the token to get expire date without providing any secret.

I am using the library gopkg.in/square/go-jose.v2/jwt and below is my code:

token, err := jwt.ParseSigned(jwtToken)

the returned value token has a Header field which includes KeyId, Algorithm but it doesn't give me expire date.

I have searched on this topic and people say using github.com/auth0/go-jwt-middleware/v2/validator library but it requires setting up key/secret. Is secret required for parsing the expire date from the token. How does the website https://jwt.io/ knows the expire date?

答案1

得分: 0

使用来自jwt.io的示例JWT令牌,这段代码解析并提取声明,而不验证签名:

func main() {
    raw := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"

    t, err := jwt.ParseSigned(raw)
    if err != nil {
        panic(err)
    }

    var claims map[string]any
    if err := t.UnsafeClaimsWithoutVerification(&claims); err != nil {
        panic(err)
    }

    fmt.Println(claims)
}

在此示例中,到期时间应该作为claims映射中的一个字段出现。要提取它,使用exp, ok := claims["expire"](根据确切的名称而定)。

英文:

Using the sample JWT token from jwt.io, this code parses and retrieves the claims without verifying the signature:

func main() {
	raw := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"

	t, err := jwt.ParseSigned(raw)
	if err != nil {
		panic(err)
	}

	var claims map[string]any
	if err := t.UnsafeClaimsWithoutVerification(&claims); err != nil {
		panic(err)
	}

	fmt.Println(claims)
}

The expiration should appear as one of the fields in the claims map in this example. To retrieve it, use exp, ok := claims["expire"] (depending on the exact name).

答案2

得分: 0

根据Peter的回答,过期时间在Claims结构体中,如果你正在使用jose库,也许以下步骤可以帮到你:

// 创建JWT声明结构体,通常用于编码和解码令牌
type JWTClaim struct {
   *jwt.Claims
}

// 解码JWT令牌
parsedJwt, err := jwt.ParseSigned(rawToken)
result := JWTClaim{}
err := parsedJwt.Claims(key, &result)
expiryAt := result.ExpiresAt
mytime := time.Unix(expiryAt, 0)
fmt.Println(mytime)

我还不确定这个答案是否正确,但你可以尝试一下。我正在使用的jwt包是golang-jwt,还没有尝试过go-jose。

英文:

Based on Peter answer, the expires is in the Claims struct, if you are using jose library, maybe this step can help:

//create struct jwt claim, it usually for encode and decode token
type JWTClaim struct {
   *jwt.Claims
}
//decode the jwt token
parsedJwt, err := jwt.ParseSigned(rawToken)
result := JWTClaim{}
err := parsedJwt.Claims(key, &result)
expiryAt := result.ExpiresAt
mytime := time.Unix(expiryAt, 0)
fmt.Println(mytime)

I'm still not sure about the answer, but you can try it. jwt package that I'm using is golang-jwt, haven't try go-jose yet.

huangapple
  • 本文由 发表于 2023年2月21日 17:40:30
  • 转载请务必保留本文链接:https://go.coder-hub.com/75518656.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定