Comments (4)
mfridman
commented on June 8, 2024
2
Thanks for the report, indeed this (or any other code in this package) should never panic.
I think returning an invalid error defined in this package should be sufficient.
from jwt.
oxisto
commented on June 8, 2024
1
That is indeed something that golang-jwt should avoid and probably can avoid by not using reflect.TypeOf on a nil value. I will prepare a fix for that.
from jwt.
oxisto
commented on June 8, 2024
Ok, after having another look I would say that you should probably report this to the golang team. I initially thought that the usage of reflect.TypeOf panics, but only the Error() function inside encoding/json panics. We could of course avoid this by not using this particular type of error in this case.
from jwt.
FlorianSW
commented on June 8, 2024
Thanks for the quick fix, awesome :)
One little caveat: I think, any additional information to the app code (using this library) which claim or type was invalid, would be nice. However, this was barely the case with the UnsupportedTypeError as well, as it only said which type the claim was. Maybe something for a future PR :)
from jwt.
Related Issues (20)
- Add a specific return type / type constraint to `Keyfunc` and `SignedString`
- Token.New example is for the wrong func HOT 2
- KeyFunc should be able to return a slice HOT 2
- ParseUnverified godoc update HOT 1
- Verifying multiple audiences HOT 2
- Restore .Valid() Functionality Somehow HOT 9
- Is it possible to parse JWT without verifying signature?
- I've mad a small library to help with JWT
- v5.0.0/request/request.go: with WithLeeway support? HOT 2
- SigningString produces a string without a signature HOT 2
- RSA-PSS (RSASSA-PSS) keys are unusable in Go language
- Let KeyFunc take Context as parameter HOT 3
- Customize the unit of timestamp/exp in payload HOT 1
- ECDSA signature is invalid
- I found an error message "token has invalid claims: token is expired"
- Only some registered claims can be optionally required HOT 1
- I have no RegisteredClaims. I have error key is invalid HOT 4
- Question / FR: Subsequent Verification of an Unverified Token
- Consider validating key length HOT 5
- 希望可以校验token格式 I hope that the token format can be verified HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jwt.