Skip to content
This repository has been archived by the owner on May 24, 2023. It is now read-only.

Upgrade to github.com/golang-jwt/jwt/v5 and use github.com/MicahParks/keyfunc/v2 for JWK Set client #129

Merged
merged 19 commits into from
May 19, 2023
Merged

Upgrade to github.com/golang-jwt/jwt/v5 and use github.com/MicahParks/keyfunc/v2 for JWK Set client #129

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
1aa0e2d
Upgrade to github.com/golang-jwt/v5 and use github.com/MicahParks/key…
Apr 24, 2023
991a3f9
Update go.mod
Apr 24, 2023
b24bc36
Log when keyfunc background goroutine fails to refresh JWK Set
May 7, 2023
8b3a6c0
Correct /v3 import to /v4 and run go mod tidy
May 8, 2023
db90618
Update the keyfunc patch version
May 13, 2023
f023b1c
Change keyfunc creation to be less complex
May 13, 2023
127cfdd
Auto-format Markdown table
May 13, 2023
00ea1fd
Update import path and config table in README.md
May 13, 2023
5115c4e
Update testing note in README.md
May 13, 2023
9b226ca
Update title of JWK Set test in README.md
May 13, 2023
17f68b1
Specify JWK acronym in README.md
May 13, 2023
4ae7395
Update import paths for golang-jwt in README.md
May 13, 2023
3d9362d
Merge branch 'master' into master
MicahParks May 13, 2023
3cbd1ea
Redo version bump from merge conflict
May 14, 2023
c190943
Update Go version in GitHub Actions
May 14, 2023
363e7ee
Remove 1.17 Go version from GitHub Actions
May 14, 2023
16b3811
Remove review TODOs
May 17, 2023
fbe2883
Change how users can specify signing algorithms
May 17, 2023
d355447
Remove unused global and export reused error
May 17, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/gotidy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.17
go-version: 1.18
-
name: Tidy
run: |
Expand Down
1 change: 0 additions & 1 deletion .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ jobs:
strategy:
matrix:
go-version:
- 1.17.x
- 1.18.x
- 1.20.x
platform:
Expand Down
64 changes: 29 additions & 35 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ This middleware supports Fiber v1 & v2, install accordingly.

```
go get -u github.com/gofiber/fiber/v2
go get -u github.com/gofiber/jwt/v3
go get -u github.com/golang-jwt/jwt/v4
go get -u github.com/gofiber/jwt/v4
go get -u github.com/golang-jwt/jwt/v5
```

### Signature
Expand All @@ -29,27 +29,19 @@ jwtware.New(config ...jwtware.Config) func(*fiber.Ctx) error
```

### Config
| Property | Type | Description | Default |
|:-------------------------| :--- |:-----------------------------------------------------------------------------------------------------------------------------------------------------| :--- |
| Filter | `func(*fiber.Ctx) bool` | Defines a function to skip middleware | `nil` |
| SuccessHandler | `func(*fiber.Ctx) error` | SuccessHandler defines a function which is executed for a valid token. | `nil` |
| ErrorHandler | `func(*fiber.Ctx, error) error` | ErrorHandler defines a function which is executed for an invalid token. | `401 Invalid or expired JWT` |
| SigningKey | `interface{}` | Signing key to validate token. Used as fallback if SigningKeys has length 0. | `nil` |
| SigningKeys | `map[string]interface{}` | Map of signing keys to validate token with kid field usage. | `nil` |
| SigningMethod | `string` | Signing method, used to check token signing method. Possible values: `HS256`, `HS384`, `HS512`, `ES256`, `ES384`, `ES512`, `RS256`, `RS384`, `RS512` | `"HS256"` |
| ContextKey | `string` | Context key to store user information from the token into context. | `"user"` |
| Claims | `jwt.Claim` | Claims are extendable claims data defining token content. | `jwt.MapClaims{}` |
| TokenLookup | `string` | TokenLookup is a string in the form of `<source>:<name>` that is used | `"header:Authorization"` |
| AuthScheme | `string` | AuthScheme to be used in the Authorization header. The default value (`"Bearer"`) will only be used in conjuction with the default `TokenLookup` value. | `"Bearer"` |
| KeySetURL(deprecated) | `string` | KeySetURL location of JSON file with signing keys. | `""` |
| KeySetURLs | `string` | KeySetURL locations of JSON file with signing keys. | `""` |
| KeyRefreshSuccessHandler | `func(j *KeySet)` | KeyRefreshSuccessHandler defines a function which is executed for a valid refresh of signing keys. | `nil` |
| KeyRefreshErrorHandler | `func(j *KeySet, err error)` | KeyRefreshErrorHandler defines a function which is executed for an invalid refresh of signing keys. | `nil` |
| KeyRefreshInterval | `*time.Duration` | KeyRefreshInterval is the duration to refresh the JWKs in the background via a new HTTP request. | `nil` |
| KeyRefreshRateLimit | `*time.Duration` | KeyRefreshRateLimit limits the rate at which refresh requests are granted. | `nil` |
| KeyRefreshTimeout | `*time.Duration` | KeyRefreshTimeout is the duration for the context used to create the HTTP request for a refresh of the JWKs. | `1min` |
| KeyRefreshUnknownKID | `bool` | KeyRefreshUnknownKID indicates that the JWKs refresh request will occur every time a kid that isn't cached is seen. | `false` |
| KeyFunc | `func() jwt.Keyfunc` | KeyFunc defines a user-defined function that supplies the public key for a token validation. | `jwtKeyFunc` |
| Property | Type | Description | Default |
|:---------------|:--------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------|
| Filter | `func(*fiber.Ctx) bool` | Defines a function to skip middleware | `nil` |
| SuccessHandler | `func(*fiber.Ctx) error` | SuccessHandler defines a function which is executed for a valid token. | `nil` |
| ErrorHandler | `func(*fiber.Ctx, error) error` | ErrorHandler defines a function which is executed for an invalid token. | `401 Invalid or expired JWT` |
| SigningKey | `interface{}` | Signing key to validate token. Used as fallback if SigningKeys has length 0. | `nil` |
| SigningKeys | `map[string]interface{}` | Map of signing keys to validate token with kid field usage. | `nil` |
| ContextKey | `string` | Context key to store user information from the token into context. | `"user"` |
| Claims | `jwt.Claim` | Claims are extendable claims data defining token content. | `jwt.MapClaims{}` |
| TokenLookup | `string` | TokenLookup is a string in the form of `<source>:<name>` that is used | `"header:Authorization"` |
| AuthScheme | `string` | AuthScheme to be used in the Authorization header. The default value (`"Bearer"`) will only be used in conjuction with the default `TokenLookup` value. | `"Bearer"` |
| KeyFunc | `func() jwt.Keyfunc` | KeyFunc defines a user-defined function that supplies the public key for a token validation. | `jwtKeyFunc` |
| JWKSetURLs | `[]string` | A slice of unique JSON Web Key (JWK) Set URLs to used to parse JWTs. | `nil` |


### HS256 Example
Expand All @@ -61,8 +53,8 @@ import (

"github.com/gofiber/fiber/v2"

jwtware "github.com/gofiber/jwt/v3"
"github.com/golang-jwt/jwt/v4"
jwtware "github.com/gofiber/jwt/v4"
"github.com/golang-jwt/jwt/v5"
)

func main() {
Expand All @@ -76,7 +68,7 @@ func main() {

// JWT Middleware
app.Use(jwtware.New(jwtware.Config{
SigningKey: []byte("secret"),
SigningKey: SigningKey{Key: []byte("secret")},
}))

// Restricted Routes
Expand Down Expand Up @@ -160,8 +152,9 @@ import (

"github.com/gofiber/fiber/v2"

jwtware "github.com/gofiber/jwt/v3"
"github.com/golang-jwt/jwt/v4"
"github.com/golang-jwt/jwt/v5"

jwtware "github.com/gofiber/jwt/v4"
)

var (
Expand Down Expand Up @@ -190,8 +183,10 @@ func main() {

// JWT Middleware
app.Use(jwtware.New(jwtware.Config{
SigningMethod: "RS256",
SigningKey: privateKey.Public(),
SigningKey: jwtware.SigningKey{
JWTAlg: jwtware.RS256,
Key: privateKey.Public(),
},
}))

// Restricted Routes
Expand Down Expand Up @@ -239,14 +234,13 @@ func restricted(c *fiber.Ctx) error {
name := claims["name"].(string)
return c.SendString("Welcome " + name)
}

```

### RS256 Test
The RS256 is actually identical to the HS256 test above.

### JWKs Test
The tests are identical to basic `JWT` tests above, with exception that `KeySetURL`(deprecated) or `KeySetUrls` to valid public keys collection in JSON format should be supplied.
### JWK Set Test
The tests are identical to basic `JWT` tests above, with exception that `JWKSetURLs` to valid public keys collection in JSON Web Key (JWK) Set format should be supplied. See [RFC 7517](https://www.rfc-editor.org/rfc/rfc7517).

### Custom KeyFunc example

Expand All @@ -267,8 +261,8 @@ import (
"fmt"
"github.com/gofiber/fiber/v2"

jwtware "github.com/gofiber/jwt/v3"
"github.com/golang-jwt/jwt/v4"
jwtware "github.com/gofiber/jwt/v4"
"github.com/golang-jwt/jwt/v5"
)

func main() {
Expand Down
Loading