如何使用jwt-go库验证JSON Web令牌？

I am using the jwt-go library in golang, and using the HS512 algorithm for signing the token. I want to make sure the token is valid and the example in the docs is like this:

token, err := jwt.Parse(myToken, func(token *jwt.Token) (interface{}, error) {
    return myLookupKey(token.Header["kid"])
})

if err == nil && token.Valid {
    fmt.Println("Your token is valid.  I like your style.")
} else {
    fmt.Println("This token is terrible!  I cannot accept this.")
}

I understand that myToken is the string token and the keyFunc gets passed the parsed token, but I don't understand what myLookupKey function is supposed to do?, and token.Header doesn't have a kid value when i print it to console and even thought the token has all the data I put in it, token.Valid is always false. Is this a bug? How do I verify the token is valid?

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dongsonghen9931 2016-01-03 16:20
关注
The keyFunc is supposed to return the private key that the library should use to verify the token's signature. How you obtain this key is entirely up to you.

The example from the documentation shows a non-standard (not defined in RFC 7519) additional feature that is offered by the jwt-go library. Using a kid field in the header (short for key ID), clients can specify with which key the token was signed. On verification, you can then use the key ID to look up one of (possible several) known keys (how and if you implement this key lookup is up to you).

If you do not want to use this feature, just don't. Simply return a static byte stream from the keyFunc without inspecting the token headers:

token, err := jwt.Parse(myToken, func(token *jwt.Token) (interface{}, error) { key, err := ioutil.ReadFile("your-private-key.pem") if err != nil { return nil, errors.New("private key could not be loaded") } return key, nil })
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

如何使用jwt-go库验证JSON Web令牌？
2016-01-03 15:41

回答 1 已采纳 The keyFunc is supposed to return the private key that the library should use to verify the token'
在jwt-go中解析JWT Auth令牌时，密钥的类型无效
2019-08-20 16:31

回答 1 已采纳 Found the answer. It's not a real answer, but it did fix the problem. Instead of '-----BEGIN' and
使用jwt-go库-密钥无效或无效类型
2015-01-28 23:28

回答 3 已采纳 config struct { Key string } Key needs to be a []byte
jwt-go：JSON Web令牌（JWT）的Golang实现
2021-02-21 02:06

jwt-go （或为搜索引擎友好的“ golang”）实现新版本即将发布：自2016年发布3.0.0版本以来，已经提出了许多改进建议。我现在正在努力削减两个不同的版本：3.2.0将包含... JWT.io对JSON Web令牌进行。简而言之，它
Go和JWT-简单身份验证
2016-03-26 13:56

回答 4 已采纳 To start, you need to import a JWT library in Golang (go get github.com/dgrijalva/jwt-go). You can
使用jwt-go的Google登录验证错误
2016-02-15 18:42

回答 1 已采纳 I finally made it work, more details here : https://github.com/dgrijalva/jwt-go/issues/116#issueco
当在循环内创建jwt令牌时在jwt-go中获得相同的令牌
2019-08-31 06:08

回答 2 已采纳 A JWT contains three parts: a mostly-fixed header, a set of claims, and a signature. RFC 7519 has
Golang 一日一库之jwt-go
2023-04-11 14:11

始識的博客 github地址：https://github.com/dgrijalva/jwt-go 何为 jwt token？什么是JSON Web Token？...JSON Web Token(JWT)是一个开放标准(RFC 7519)，它定义了一种紧凑且自包含的方式，用于在各方之间以JS...
在jwt-auth中可以使用一个令牌用于两个模型吗？ laravel php
2019-05-11 15:51

回答 1 已采纳 Generally speaking, this is not proper way. User should be authenticated, and not the Company, but
去并用jwt-go解析令牌
2014-09-15 12:31

回答 1 已采纳 The function Parse expects type Keyfunc func(*Token) (interface{}, error) You need to return in
在golang jwt-go中解码JWT
2018-08-16 10:31

回答 1 已采纳 From docs at: func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Token,
Go实战--golang中使用JWT(JSON Web Token)
2019-01-08 13:59

cbmljs的博客今天就来跟大家简单介绍一下golang中如何使用token，当然是要依赖一下github上的优秀的开源库了。首先，要搞明白一个问题，token、cookie、session的区别。 token、cookie、session的区别Cookie Cookie总是保存...
PHP Laravel 5.7 Tymon / jwt-auth无法安装 laravel php
2018-12-23 02:08

回答 2 已采纳 It would be nice to get this released soon you can just using this "tymon/jwt-auth": "dev-develop
Gin中使用jwt-go实现JWT鉴权登陆
2023-10-01 21:49

mjiarong的博客 JWT全称Json web token ，是一种用于通信双方之间传递安全信息的简洁的、URL安全的表述性声明规范，是目前最流行的跨域身份验证解决方案。JWT基于token的鉴权机制类似于http协议也是无状态的，它不需要在服务端去...
go 进阶三方库之 jwt-go
2023-05-11 16:08

苹果香蕉西红柿的博客根据JWT Token中是否存在Signature签名又将JWT分为两类: 不使用Signature签名的JWT称为nonsecure JWT未经过签名,不安全的JWT,其header部分也没有指定签名算法, 使用了Signature签名的通过签名保证jwt不能被他人随意...
没有解决我的问题, 去提问

悬赏问题

¥20 机器学习能否像多层线性模型一样处理嵌套数据
¥20 西门子S7-Graph,S7-300，梯形图
¥50 用易语言http 访问不了网页
¥50 safari浏览器fetch提交数据后数据丢失问题
¥15 matlab不知道怎么改，求解答！！
¥15 永磁直线电机的电流环pi调不出来
¥15 用stata实现聚类的代码
¥15 请问paddlehub能支持移动端开发吗？在Android studio上该如何部署？
¥20 docker里部署springboot项目，访问不到扬声器
¥15 netty整合springboot之后自动重连失效

如何使用jwt-go库验证JSON Web令牌？

1条回答 默认 最新

悬赏问题

1条回答默认最新