I'm trying out JWT (JSON Web Tokens) in a Go web service. Here's what I've done so far:
package jwt
import(
"fmt"
"net/http"
"github.com/gorilla/mux"
"github.com/dgrijalva/jwt-go"
"io/ioutil"
)
var privateKey []byte
var publicKey []byte
func JSONWebTokensHandler(w http.ResponseWriter, r * http.Request){
// Create the token
encodeToken := jwt.New(jwt.SigningMethodHS256)
// Set some claims
encodeToken.Claims["Latitude"] = "25.000"
encodeToken.Claims["Longitude"] = "27.000"
// Sign and get the complete encoded token as a string
tokenString, err := encodeToken.SignedString(privateKey)
decodeToken, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
}
return publicKey,nil
})
if decodeToken.Valid {
fmt.Fprintf(w,"Lat: %s, Lng: %s",decodeToken.Claims["Latitude"],decodeToken.Claims["Longitude"])
} else {
fmt.Fprintf(w,"Couldn't handle this token: %s", err)
}
}
func init(){
privateKey,_ = ioutil.ReadFile("demo.rsa")
publicKey,_ = ioutil.ReadFile("demo.rsa.pub")
r := mux.NewRouter()
r.HandleFunc("/jwt",JSONWebTokensHandler).Methods("GET")
http.Handle("/", r)
}
Now if my understanding is correct, A token that is encoded using a private key can be decoded using the public key. That is what I've presumed in the code above however when I run the code I get the error:
Couldn't handle this token: signature is invalid
If I use the same key for encoding and decoding, then the code works.
What I'd like to know is, is there something wrong with my understanding or in the code?