-
-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JWT middleware doesn't support RS256 tokens (auth0) #2192
Comments
Hello @mark2b, The iris/middleware/jwt package allows passing header validators on two spots:
For extra information, the If any of the above didn't help, please post an example of your validator which you can pass on kataras/jwt but not on iris/middleware/jwt so I can provide further assistance. Thank you, |
Hi Gerasimos, The problem is: Verifier calls jwt.VerifyEncrypted
and jwt.VerifyEncrypted calls verifyToken with enforced nil for header validator I'm a new in JWT. Sure I'm missing something. Thanks you |
Hello @mark2b , I'm new working with Go and consequently with Iris, I'm going to do the auth wito Autho0.com and I found this example which maybe can help you. https://github.com/auth0/go-jwt-middleware/tree/master/examples/iris-example |
I have client native application and RESTful backend uses iris for REST API
Client protected by user authentication by Auth0.com
Server protected by JWT, received by client during login.
Auth0.com for native application generates JTW token in RS256 format only
iris validates this token and failes on the header validation step.
iris assumes that header contains only "alg" and "typ" parts
{ "alg": "HS256", "typ": "JWT" }
but RS256 token received from auth0.com contains "kid" part as well
{ "alg": "RS256", "typ": "JWT", "kid": "*********" }
The problem itself happens in katanas/jwt, but although this package allows pass header validation function.
iris/middleware/jwt doesn't allow pass header validation function to fix this problem.
The text was updated successfully, but these errors were encountered: