duanlie4621 2019-09-19 09:03
浏览 381
已采纳

JWT Go / Golang base64编码有效载荷产生不同的结果

i have the following JWT payload: {"exp": 4724377561} (some date 100 years from now)

Encoding it in Go yields ewogICAiZXhwIjogNDcyNDM3NzU2MQp9 Using jwt.io it is however encoded to eyJleHAiOjQ3MjQzNzc1NjF9 which yields a different signature when signed. I use jwt.io's signatures in test fixtures.

I would like to not use 3rd party JWT tools, to keep my dependencies slim. I am suspecting some sort of character encoding is the issue here.

To keep the tests readable, I am using plain-text JSON in the fixtures.

The way i use my test fixtures is the following (omitting other test cases): 

import (
    "encoding/base64"
    "reflect"
    "testing"
)

var testData = []struct {
    name      string
    header    string
    payload   string
    signature string
    pass      bool
    errorType reflect.Type
}{{
    name:      "Succeed if token not expired",
    header:    `{"typ":"JWT","alg":"HS256"}`,
    payload:   `{"exp": 4724377561}`,
    signature: "JHtMKvPSMa5BD22BsbxiP1-ELRh1XkIKkarRSev0ZjU",
    pass:      true,
}}

func TestParseJwt(t *testing.T) {
    HmacSecret = []byte("My super secret key")
    for _, tst := range testData {
        jwt64 :=
            base64.RawURLEncoding.EncodeToString([]byte(tst.header)) + "." +
            base64.RawURLEncoding.EncodeToString([]byte(tst.payload)) + "." +
            tst.signature

        _, err := ParseJwt(jwt64)

        if tst.pass {
            if err != nil {
                t.Fatal(tst.name, err)
            }
        } else {
            // If an error was expected to be thrown, assert that it is the correct one.
            if reflect.TypeOf(err).String() != tst.errorType.String() {
                t.Fatal(tst.name, err)
            }
        }
    }
}
  • 写回答

2条回答 默认 最新

  • douxianglu4370 2019-09-19 09:22
    关注

    The difference comes simply from the library "compacting" the JSON before applying Base64 encoding.

    See this example:

    ss := []string{
    `{"exp": 4724377561}`,
    `{"exp":4724377561}`,
}
for _, s := range ss {
    fmt.Println(base64.RawURLEncoding.EncodeToString([]byte(s)), s)
}

    Output (try it on the Go Playground):

    eyJleHAiOiA0NzI0Mzc3NTYxfQ {"exp": 4724377561}
eyJleHAiOjQ3MjQzNzc1NjF9 {"exp":4724377561}

    The second output matches what you expect. To remove insignificant whitespace in Go use json.Compact.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

  • JWT Go / Golang base64编码有效载荷产生不同的结果
    2019-09-19 09:03
    回答 2 已采纳 The difference comes simply from the library "compacting" the JSON before applying Base64 encoding
  • golang jwt-go中解码JWT
    2018-08-16 10:31
    回答 1 已采纳 From docs at: func (p *Parser) ParseUnverified(tokenString string, claims Claims) (token *Token,
  • 在net / http golang中链接中间件
    2018-07-08 15:27
    回答 1 已采纳 It's likely an attempt to dereference ah from (ah *ContextedHandler), when ah is not a pointer to
  • Golang 一日一库之jwt-go
    2023-04-11 14:11
    始識的博客 github地址:https://github.com/dgrijalva/jwt-go 何为 jwt token? 什么是JSON Web Token? JSON Web Token(JWT)是一个开放标准(RFC 7519),它定义了一种紧凑且自包含的方式,用于在各方之间以JS...
  • 去解析JWT:错误验证ID令牌:输入字节0处的非法base64数据 javascript
    2018-01-09 13:14
    回答 1 已采纳 Remove the leading space in Authorization header split strings.Split(reqToken, "Bearer ")
  • Golang中解码JWT令牌
    2017-07-30 23:18
    回答 3 已采纳 Function jwt.ParseWithClaims accept an interface of jwt.Claims as the second argument. Besides str
  • GolangJWT-简单注销
    2016-03-29 18:59
    回答 1 已采纳 First: Don't (ever) put sensitive credentials in the token. They are not encrypted, and you should
  • Golang/Gin-JWT身份验证
    2021-10-10 16:33
    ZibeSun的博客 Golang/Gin-JWT身份验证前言JWT验证简介JWT验证流程JWT的组成头部载荷签证JWT-hello worldJWT在实际项目中的使用 前言 如果我们编写的api不需要验证就可以随意调用,显然是不安全的。我们需要对用户进行身份验证,...
  • jwt-go中解析JWT Auth令牌时,密钥的类型无效
    2019-08-20 16:31
    回答 1 已采纳 Found the answer. It's not a real answer, but it did fix the problem. Instead of '-----BEGIN' and
  • 如何在Golang中获得JWT的响应
    2018-07-08 00:48
    回答 2 已采纳 net/http.Request has a Header field that you can directly edit, but this means you can't use the s
  • GolangJWT签名验证问题
    2016-03-11 21:16
    回答 1 已采纳 It's the Base64 encoding of the signature which can have the last letter changed to certain target
  • Gin中使用jwt-go实现JWT鉴权登陆
    2023-10-01 21:49
    mjiarong的博客 JWT全称Json web token ,是一种用于通信双方之间传递安全信息的简洁的、URL安全的表述性声明规范,是目前最流行的跨域身份验证解决方案。JWT基于token的鉴权机制类似于http协议也是无状态的,它不需要在服务端去...
  • JWT解码包括不需要的html标签 php
    2015-12-13 14:47
    回答 1 已采纳 From another answer on SO: The problem is related to the fact that the base64 alphabet is not
  • JWT原理及Golang语言的简单应用
    2022-01-12 21:39
    MiKogy_的博客 JWT原理及Golang语言的简单应用高能预警正文关于JWT分解JWTJWT第一部分:HeaderJWT第二部分:PayloadJWT第三部分:Signature小结附图 高能预警 本文参考JWT官方网站介绍:jwt.io 本文引用Golang库:github....
  • JWT(Golang)
    2022-03-02 20:02
    ~庞贝的博客 目录JWT什么是JWT为什么要用JWT传统Session认证的弊端JWT认证的优势JWT结构1.Header2.Payload3.SignatureJWT的种类1.nonsecure JWT2.JWSGo的运用structmap生成解析token JWT 什么是JWT 在介绍JWT之前,我们先来回顾...
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥15 #MATLAB仿真#车辆换道路径规划
  • ¥15 java 操作 elasticsearch 8.1 实现 索引的重建
  • ¥15 数据可视化Python
  • ¥15 要给毕业设计添加扫码登录的功能!!有偿
  • ¥15 kafka 分区副本增加会导致消息丢失或者不可用吗?
  • ¥15 微信公众号自制会员卡没有收款渠道啊
  • ¥100 Jenkins自动化部署—悬赏100元
  • ¥15 关于#python#的问题:求帮写python代码
  • ¥20 MATLAB画图图形出现上下震荡的线条
  • ¥15 关于#windows#的问题:怎么用WIN 11系统的电脑 克隆WIN NT3.51-4.0系统的硬盘