Comments (2)
oxisto
commented on June 21, 2024
Just to double-check: Are you sure you want to check against multiple expected audiences?
What WithAudience does, it checks all supplied audience, whether one of them includes the expected one (or is equal to it, in the case of just one audience). Usually your application should define one expected audience (e.g., its own hostname or an application name or a similar semantic) and then check for that particular one. I am not so sure about what the semantics about multiple expected audiences would entail.
If there is a valid use case for it, I suppose we (or rather you ;) as part of a PR) could add the WithAudiences parser option. Although there is probably a discussion then whether all expected audiences must match or any of them.
We tried to do the most basic functionality first in v5 and then see where we could add additional features that make sense.
from jwt.
chamilto
commented on June 21, 2024
@oxisto Would you still be open to accepting a PR for this feature?
Although there is probably a discussion then whether all expected audiences must match or any of them.
Perhaps the option could be configurable in this sense, e.g.
func WithAudiences(auds []string, matchAll bool) ParserOption {}
from jwt.
Related Issues (20)
- Token.New example is for the wrong func HOT 2
- KeyFunc should be able to return a slice HOT 2
- ParseUnverified godoc update HOT 1
- Restore .Valid() Functionality Somehow HOT 9
- Is it possible to parse JWT without verifying signature?
- I've mad a small library to help with JWT
- v5.0.0/request/request.go: with WithLeeway support? HOT 2
- SigningString produces a string without a signature HOT 2
- RSA-PSS (RSASSA-PSS) keys are unusable in Go language
- Let KeyFunc take Context as parameter HOT 3
- Customize the unit of timestamp/exp in payload HOT 1
- ECDSA signature is invalid
- I found an error message "token has invalid claims: token is expired"
- Only some registered claims can be optionally required HOT 1
- I have no RegisteredClaims. I have error key is invalid HOT 4
- Question / FR: Subsequent Verification of an Unverified Token
- Consider validating key length HOT 5
- 希望可以校验token格式 I hope that the token format can be verified HOT 3
- token signature is invalid: signature is invalid HOT 11
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jwt.