Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

*jwt.Token, not *jwt.Token. middlware/jwt should be migrated from the current JWT project. #1938

Closed
ManuelLG92 opened this issue Jul 27, 2021 · 4 comments
Closed

*jwt.Token, not *jwt.Token. middlware/jwt should be migrated from the current JWT project. #1938

ManuelLG92 opened this issue Jul 27, 2021 · 4 comments

Comments

@ManuelLG92
Copy link

I've been having a bug using jwt middleware because it uses "github.com/dgrijalva/jwt-go" package but this package isn't maintained see issue 462 and it has been migrated to another project https://github.com/golang-jwt/jwt, in fact, it's the same project with others collaborators

Expected behaviour:
interface conversion: interface {} is *jwt.Token, equals to *jwt.Token

Actual behavior:

echo: http: panic serving 127.0.0.1:36350: interface conversion: interface {} is *jwt.Token, not *jwt.Token (types from different packages). As you can see are the same type but different package, It's because I use github.com/golang-jwt/jwt which is the recommended package by dgrijalva in his github page dgrijalva.

Code:

  `	config := middleware.JWTConfig{
	Claims:     &security.JwtCustomClaims{},
	SigningKey: []byte("secret"),
	ContextKey: "authenticated",
        }
   `

middleware.JWTConfig ( middleware/jwt) dependencies:
import ( "fmt" "net/http" "reflect" "strings" "github.com/dgrijalva/jwt-go" "github.com/labstack/echo/v4" )
This "github.com/dgrijalva/jwt-go" dependency should be changed by "github.com/golang-jwt/jwt", therefore the imports will so:

  `
   import (
"fmt"
"net/http"
"reflect"
"strings"
"github.com/golang-jwt/jwt"
"github.com/labstack/echo/v4"
     )
  `
@aldas
Copy link
Contributor

aldas commented Jul 27, 2021

Please see #1916 (comment)

@aldas
Copy link
Contributor

aldas commented Jul 27, 2021
edited
Loading

also use config.ParseTokenFunc with "github.com/golang-jwt/jwt" implementation. This way token type is from that repository. Example is here https://echo.labstack.com/middleware/jwt/

import (
  "github.com/golang-jwt/jwt"
)

...
...
...

signingKey := []byte("secret")

config := middleware.JWTConfig{
  TokenLookup: "query:token",
  ParseTokenFunc: func(auth string, c echo.Context) (interface{}, error) {
    keyFunc := func(t *jwt.Token) (interface{}, error) {
      if t.Method.Alg() != "HS256" {
        return nil, fmt.Errorf("unexpected jwt signing method=%v", t.Header["alg"])
      }
      return signingKey, nil
    }

    // claims are of type `jwt.MapClaims` when token is created with `jwt.Parse`
    token, err := jwt.Parse(auth, keyFunc)
    if err != nil {
      return nil, err
    }
    if !token.Valid {
      return nil, errors.New("invalid token")
    }
    return token, nil
  },
}

e.Use(middleware.JWTWithConfig(config))

@ManuelLG92
Copy link
Author

Thanks for your explanation mate, it's great. This project is for learning purposes then I'll use dgrijalva JWT at the moment.

Thanks to your keep to date on this amazing framework, it's my favorite.

Regards

@aldas
Copy link
Contributor

aldas commented Aug 2, 2021

done in #1946

@aldas aldas closed this as completed Aug 2, 2021
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aldas @ManuelLG92