diff --git a/README.md b/README.md index 11ae672..c04b3dc 100644 --- a/README.md +++ b/README.md @@ -1,23 +1,27 @@ -[![Go Report Card](https://goreportcard.com/badge/github.com/MicahParks/keyfunc)](https://goreportcard.com/report/github.com/MicahParks/keyfunc) [![Go Reference](https://pkg.go.dev/badge/github.com/MicahParks/keyfunc.svg)](https://pkg.go.dev/github.com/MicahParks/keyfunc) +[![Go Report Card](https://goreportcard.com/badge/github.com/MicahParks/keyfunc/v2)](https://goreportcard.com/report/github.com/MicahParks/keyfunc/v2) [![Go Reference](https://pkg.go.dev/badge/github.com/MicahParks/keyfunc/v2.svg)](https://pkg.go.dev/github.com/MicahParks/keyfunc/v2) # keyfunc The purpose of this package is to provide a -[`jwt.Keyfunc`](https://pkg.go.dev/github.com/golang-jwt/jwt/v4#Keyfunc) for the -[github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt) package using a JSON Web Key Set (JWK Set or JWKS) for +[`jwt.Keyfunc`](https://pkg.go.dev/github.com/golang-jwt/jwt/v5#Keyfunc) for the +[github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) package using a JSON Web Key Set (JWK Set or JWKS) for parsing and verifying JSON Web Tokens (JWTs). +The last version to support `github.com/golang-jwt/jwt/v4` +is [`v1.9.0`](https://github.com/MicahParks/keyfunc/releases/tag/v1.9.0). + There is legacy support for `github.com/dgrijalva/jwt-go` and its popular forks. It's in a separate project to keep this project minimal. If your use case supports a legacy fork, please -see: [github.com/MicahParks/compatibility-keyfunc](https://github.com/MicahParks/compatibility-keyfunc). +see: [github.com/MicahParks/compatibility-keyfunc](https://github.com/MicahParks/compatibility-keyfunc). If an updated +to `keyfunc` is needed for `github.com/golang-jwt/jwt/v4` users, it will be placed into this separate project. It's common for an identity provider, such as [Keycloak](https://www.keycloak.org/) or [Amazon Cognito (AWS)](https://aws.amazon.com/cognito/) to expose a JWKS via an HTTPS endpoint. This package has the ability to consume that JWKS and produce a -[`jwt.Keyfunc`](https://pkg.go.dev/github.com/golang-jwt/jwt/v4#Keyfunc). It is important that a JWKS endpoint is using +[`jwt.Keyfunc`](https://pkg.go.dev/github.com/golang-jwt/jwt/v5#Keyfunc). It is important that a JWKS endpoint is using HTTPS to ensure the keys are from the correct trusted source. -This repository only depends on: [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt) +This repository only depends on: [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) `jwt.Keyfunc` signatures are imported from these, implemented, then exported as methods. @@ -50,14 +54,14 @@ this Go package, please open an issue or pull request. For complete examples, please see the `examples` directory. ```go -import "github.com/MicahParks/keyfunc" +import "github.com/MicahParks/keyfunc/v2" ``` #### A note on read-only keys -The [`JWKS.ReadOnlyKeys`](https://pkg.go.dev/github.com/MicahParks/keyfunc#JWKS.ReadOnlyKeys) method returns a read-only +The [`JWKS.ReadOnlyKeys`](https://pkg.go.dev/github.com/MicahParks/keyfunc/v2#JWKS.ReadOnlyKeys) method returns a read-only copy of a `map[string]interface{}`. The key to this map is the key ID, `kid`, and the value is the cryptographic key. -This is a useful map for use of keys within a JWKS outside of `github.com/golang-jwt/jwt/v4`. +This is a useful map for use of keys within a JWKS outside of `github.com/golang-jwt/jwt/v5`. The map itself is a copy. So it can be modified safely. However, the values are of type `interface{}`. If these values are modified, it may cause undefined behavior. @@ -65,7 +69,7 @@ are modified, it may cause undefined behavior. ### Preconditions: Acquire the JWKS URL, JSON, or gather cryptographic keys (given keys) A JWKS URL is not required, one can be created directly from JSON with the -[`keyfunc.NewJSON`](https://pkg.go.dev/github.com/MicahParks/keyfunc#NewJSON) function. +[`keyfunc.NewJSON`](https://pkg.go.dev/github.com/MicahParks/keyfunc/v2#NewJSON) function. ```go // Get the JWKS URL from an environment variable. @@ -115,11 +119,11 @@ jwks := keyfunc.NewGiven(map[string]keyfunc.GivenKey{ }) ``` -Additional options can be passed to the [`keyfunc.Get`](https://pkg.go.dev/github.com/golang-jwt/jwt/v4/keyfunc#Get) -function. See [`keyfunc.Options`](https://pkg.go.dev/github.com/golang-jwt/jwt/v4/keyfunc#Options) and the additional +Additional options can be passed to the [`keyfunc.Get`](https://pkg.go.dev/github.com/golang-jwt/jwt/v5/keyfunc#Get) +function. See [`keyfunc.Options`](https://pkg.go.dev/github.com/golang-jwt/jwt/v5/keyfunc#Options) and the additional features mentioned at the bottom of this `README.md`. -### Step 2: Use the [`JWKS.Keyfunc`](https://pkg.go.dev/github.com/golang-jwt/jwt/v4/keyfunc#JWKS.Keyfunc) method as the [`jwt.Keyfunc`](https://pkg.go.dev/github.com/golang-jwt/jwt/v4#Keyfunc) when parsing tokens +### Step 2: Use the [`JWKS.Keyfunc`](https://pkg.go.dev/github.com/golang-jwt/jwt/v5/keyfunc#JWKS.Keyfunc) method as the [`jwt.Keyfunc`](https://pkg.go.dev/github.com/golang-jwt/jwt/v5#Keyfunc) when parsing tokens ```go // Parse the JWT. @@ -129,7 +133,7 @@ if err != nil { } ``` -The [`JWKS.Keyfunc`](https://pkg.go.dev/github.com/MicahParks/keyfunc#JWKS.Keyfunc) method will automatically select the +The [`JWKS.Keyfunc`](https://pkg.go.dev/github.com/MicahParks/keyfunc/v2#JWKS.Keyfunc) method will automatically select the key with the matching `kid` (if present) and return its public key as the correct Go type to its caller. ## Test coverage @@ -143,8 +147,8 @@ coded JWTs cannot check for parsing and validation errors, just errors within th ## Additional features These features can be configured by populating fields in the -[`keyfunc.Options`](https://pkg.go.dev/github.com/MicahParks/keyfunc#Options) argument to the -[`keyfunc.Get`](https://pkg.go.dev/github.com/MicahParks/keyfunc#Get) function. +[`keyfunc.Options`](https://pkg.go.dev/github.com/MicahParks/keyfunc/v2#Options) argument to the +[`keyfunc.Get`](https://pkg.go.dev/github.com/MicahParks/keyfunc/v2#Get) function. * A background refresh of the JWKS keys can be performed. * A custom background refresh interval can be specified. For an example, please see the `examples/interval` @@ -164,10 +168,10 @@ These features can be configured by populating fields in the * A custom HTTP response extractor can be provided to get the raw JWKS JSON from the `*http.Response`. For example, the HTTP response code could be checked. Implementations are responsible for closing the response body. * By default, - the [`keyfunc.ResponseExtractorStatusOK`](https://pkg.go.dev/github.com/MicahParks/keyfunc#ResponseExtractorStatusOK) + the [`keyfunc.ResponseExtractorStatusOK`](https://pkg.go.dev/github.com/MicahParks/keyfunc/v2#ResponseExtractorStatusOK) function is used. The default behavior changed in `v1.4.0`. * A custom whitelist of acceptable JSON Web Key `"use"` parameter values can be specified. Values not whitelisted will - cause an error from the [`.Keyfunc`](https://pkg.go.dev/github.com/MicahParks/keyfunc#JWKS.Keyfunc) method. This + cause an error from the [`.Keyfunc`](https://pkg.go.dev/github.com/MicahParks/keyfunc/v2#JWKS.Keyfunc) method. This whitelist can be disabled with the `JWKUseNoWhitelist` option. * By default, only JSON Web Keys with a `"use"` parameter value of `"sig"`, an empty string `""`, or a completely omitted `"use"` parameter will be returned. The default behavior changed in `v1.5.0`. @@ -178,7 +182,7 @@ These features can be configured by populating fields in the the `examples/given` directory. * A copy of the latest raw JWKS `[]byte` can be returned. * Custom cryptographic algorithms can be used. Make sure to - use [`jwt.RegisterSigningMethod`](https://pkg.go.dev/github.com/golang-jwt/jwt/v4#RegisterSigningMethod) before + use [`jwt.RegisterSigningMethod`](https://pkg.go.dev/github.com/golang-jwt/jwt/v5#RegisterSigningMethod) before parsing JWTs. For an example, see the `examples/custom` directory. * The remote JWKS resource can be refreshed manually using the `.Refresh` method. This can bypass the rate limit, if the option is set. diff --git a/alg_test.go b/alg_test.go index 9fafae1..391497b 100644 --- a/alg_test.go +++ b/alg_test.go @@ -5,9 +5,9 @@ import ( "errors" "testing" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" - "github.com/MicahParks/keyfunc" + "github.com/MicahParks/keyfunc/v2" ) func TestAlgMismatch(t *testing.T) { diff --git a/checksum_test.go b/checksum_test.go index a5f11eb..f5de47b 100644 --- a/checksum_test.go +++ b/checksum_test.go @@ -9,9 +9,9 @@ import ( "reflect" "testing" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" - "github.com/MicahParks/keyfunc" + "github.com/MicahParks/keyfunc/v2" ) // TestChecksum confirms that the JWKS will only perform a refresh if a new JWKS is read from the remote resource. diff --git a/ecdsa_test.go b/ecdsa_test.go index c71cacb..b5d7e0b 100644 --- a/ecdsa_test.go +++ b/ecdsa_test.go @@ -5,9 +5,9 @@ import ( "errors" "testing" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" - "github.com/MicahParks/keyfunc" + "github.com/MicahParks/keyfunc/v2" ) func TestBadCurve(t *testing.T) { diff --git a/examples/aws_cognito/main.go b/examples/aws_cognito/main.go index 8359b42..f9af653 100644 --- a/examples/aws_cognito/main.go +++ b/examples/aws_cognito/main.go @@ -5,9 +5,9 @@ import ( "log" "time" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" - "github.com/MicahParks/keyfunc" + "github.com/MicahParks/keyfunc/v2" ) func main() { diff --git a/examples/ctx/main.go b/examples/ctx/main.go index f854715..bd81fac 100644 --- a/examples/ctx/main.go +++ b/examples/ctx/main.go @@ -4,9 +4,9 @@ import ( "log" "time" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" - "github.com/MicahParks/keyfunc" + "github.com/MicahParks/keyfunc/v2" ) func main() { diff --git a/examples/custom/main.go b/examples/custom/main.go index 1f09865..8fe366c 100644 --- a/examples/custom/main.go +++ b/examples/custom/main.go @@ -3,10 +3,10 @@ package main import ( "log" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" - "github.com/MicahParks/keyfunc" - "github.com/MicahParks/keyfunc/examples/custom/method" + "github.com/MicahParks/keyfunc/v2" + "github.com/MicahParks/keyfunc/v2/examples/custom/method" ) func main() { @@ -29,7 +29,7 @@ func main() { // Create the JWKS from the given signing method's key. jwks := keyfunc.NewGiven(map[string]keyfunc.GivenKey{ - exampleKID: keyfunc.NewGivenCustomWithOptions(key, keyfunc.GivenKeyOptions{ + exampleKID: keyfunc.NewGivenCustom(key, keyfunc.GivenKeyOptions{ Algorithm: method.CustomAlgHeader, }), }) diff --git a/examples/custom/method/method.go b/examples/custom/method/method.go index 7e03ab5..c431d1e 100644 --- a/examples/custom/method/method.go +++ b/examples/custom/method/method.go @@ -7,13 +7,13 @@ const CustomAlgHeader = "customalg" type EmptyCustom struct{} // Verify helps implement the jwt.SigningMethod interface. It does not verify. -func (e EmptyCustom) Verify(_, _ string, _ interface{}) error { +func (e EmptyCustom) Verify(_ string, _ []byte, _ interface{}) error { return nil } // Sign helps implement the jwt.SigningMethod interface. It does not sign anything. -func (e EmptyCustom) Sign(_ string, _ interface{}) (string, error) { - return CustomAlgHeader, nil +func (e EmptyCustom) Sign(_ string, _ interface{}) ([]byte, error) { + return []byte{}, nil } // Alg helps implement the jwt.SigningMethod. It returns the `alg` JSON attribute for JWTs signed with this method. diff --git a/examples/given/main.go b/examples/given/main.go index 2787b0c..c8b3c51 100644 --- a/examples/given/main.go +++ b/examples/given/main.go @@ -5,9 +5,9 @@ import ( "log" "time" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" - "github.com/MicahParks/keyfunc" + "github.com/MicahParks/keyfunc/v2" ) func main() { @@ -23,7 +23,7 @@ func main() { hmacSecret := []byte("example secret") const givenKID = "givenKID" givenKeys := map[string]keyfunc.GivenKey{ - givenKID: keyfunc.NewGivenHMACCustomWithOptions(hmacSecret, keyfunc.GivenKeyOptions{ + givenKID: keyfunc.NewGivenHMAC(hmacSecret, keyfunc.GivenKeyOptions{ Algorithm: jwt.SigningMethodHS256.Alg(), }), } diff --git a/examples/hmac/main.go b/examples/hmac/main.go index 79eba13..f987771 100644 --- a/examples/hmac/main.go +++ b/examples/hmac/main.go @@ -3,9 +3,9 @@ package main import ( "log" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" - "github.com/MicahParks/keyfunc" + "github.com/MicahParks/keyfunc/v2" ) func main() { @@ -23,7 +23,7 @@ func main() { // Create the JWKS from the HMAC key. jwks := keyfunc.NewGiven(map[string]keyfunc.GivenKey{ - exampleKID: keyfunc.NewGivenHMACCustomWithOptions(key, keyfunc.GivenKeyOptions{ + exampleKID: keyfunc.NewGivenHMAC(key, keyfunc.GivenKeyOptions{ Algorithm: jwt.SigningMethodHS512.Alg(), }), }) diff --git a/examples/interval/main.go b/examples/interval/main.go index 130d72d..9516736 100644 --- a/examples/interval/main.go +++ b/examples/interval/main.go @@ -4,9 +4,9 @@ import ( "log" "time" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" - "github.com/MicahParks/keyfunc" + "github.com/MicahParks/keyfunc/v2" ) func main() { diff --git a/examples/json/main.go b/examples/json/main.go index cb890e2..8ef1cb5 100644 --- a/examples/json/main.go +++ b/examples/json/main.go @@ -4,9 +4,9 @@ import ( "encoding/json" "log" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" - "github.com/MicahParks/keyfunc" + "github.com/MicahParks/keyfunc/v2" ) func main() { diff --git a/examples/keycloak/main.go b/examples/keycloak/main.go index 90cf375..aaea404 100644 --- a/examples/keycloak/main.go +++ b/examples/keycloak/main.go @@ -4,9 +4,9 @@ import ( "log" "time" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" - "github.com/MicahParks/keyfunc" + "github.com/MicahParks/keyfunc/v2" ) func main() { diff --git a/examples/recommended_options/main.go b/examples/recommended_options/main.go index d7d73b0..d67228b 100644 --- a/examples/recommended_options/main.go +++ b/examples/recommended_options/main.go @@ -5,9 +5,9 @@ import ( "log" "time" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" - "github.com/MicahParks/keyfunc" + "github.com/MicahParks/keyfunc/v2" ) func main() { diff --git a/get_test.go b/get_test.go index 4fc9cdb..30fbbe6 100644 --- a/get_test.go +++ b/get_test.go @@ -8,7 +8,7 @@ import ( "testing" "time" - "github.com/MicahParks/keyfunc" + "github.com/MicahParks/keyfunc/v2" ) func TestJWKS_Refresh(t *testing.T) { diff --git a/given.go b/given.go index 68c8abd..f66df81 100644 --- a/given.go +++ b/given.go @@ -42,28 +42,14 @@ func NewGiven(givenKeys map[string]GivenKey) (jwks *JWKS) { } } -// NewGivenCustom creates a new GivenKey given an untyped variable. The key argument is expected to be a supported +// NewGivenCustom creates a new GivenKey given an untyped variable. The key argument is expected to be a type supported // by the jwt package used. // -// See the https://pkg.go.dev/github.com/golang-jwt/jwt/v4#RegisterSigningMethod function for registering an unsupported -// signing method. -// -// Deprecated: This function does not allow the user to specify the JWT's signing algorithm. Use -// NewGivenCustomWithOptions instead. -func NewGivenCustom(key interface{}) (givenKey GivenKey) { - return GivenKey{ - inter: key, - } -} - -// NewGivenCustomWithOptions creates a new GivenKey given an untyped variable. The key argument is expected to be a type -// supported by the jwt package used. -// // Consider the options carefully as each field may have a security implication. // -// See the https://pkg.go.dev/github.com/golang-jwt/jwt/v4#RegisterSigningMethod function for registering an unsupported +// See the https://pkg.go.dev/github.com/golang-jwt/jwt/v5#RegisterSigningMethod function for registering an unsupported // signing method. -func NewGivenCustomWithOptions(key interface{}, options GivenKeyOptions) (givenKey GivenKey) { +func NewGivenCustom(key interface{}, options GivenKeyOptions) (givenKey GivenKey) { return GivenKey{ algorithm: options.Algorithm, inter: key, @@ -72,18 +58,8 @@ func NewGivenCustomWithOptions(key interface{}, options GivenKeyOptions) (givenK // NewGivenECDSA creates a new GivenKey given an ECDSA public key. // -// Deprecated: This function does not allow the user to specify the JWT's signing algorithm. Use -// NewGivenECDSACustomWithOptions instead. -func NewGivenECDSA(key *ecdsa.PublicKey) (givenKey GivenKey) { - return GivenKey{ - inter: key, - } -} - -// NewGivenECDSACustomWithOptions creates a new GivenKey given an ECDSA public key. -// // Consider the options carefully as each field may have a security implication. -func NewGivenECDSACustomWithOptions(key *ecdsa.PublicKey, options GivenKeyOptions) (givenKey GivenKey) { +func NewGivenECDSA(key *ecdsa.PublicKey, options GivenKeyOptions) (givenKey GivenKey) { return GivenKey{ algorithm: options.Algorithm, inter: key, @@ -92,18 +68,8 @@ func NewGivenECDSACustomWithOptions(key *ecdsa.PublicKey, options GivenKeyOption // NewGivenEdDSA creates a new GivenKey given an EdDSA public key. // -// Deprecated: This function does not allow the user to specify the JWT's signing algorithm. Use -// NewGivenEdDSACustomWithOptions instead. -func NewGivenEdDSA(key ed25519.PublicKey) (givenKey GivenKey) { - return GivenKey{ - inter: key, - } -} - -// NewGivenEdDSACustomWithOptions creates a new GivenKey given an EdDSA public key. -// // Consider the options carefully as each field may have a security implication. -func NewGivenEdDSACustomWithOptions(key ed25519.PublicKey, options GivenKeyOptions) (givenKey GivenKey) { +func NewGivenEdDSA(key ed25519.PublicKey, options GivenKeyOptions) (givenKey GivenKey) { return GivenKey{ algorithm: options.Algorithm, inter: key, @@ -112,18 +78,8 @@ func NewGivenEdDSACustomWithOptions(key ed25519.PublicKey, options GivenKeyOptio // NewGivenHMAC creates a new GivenKey given an HMAC key in a byte slice. // -// Deprecated: This function does not allow the user to specify the JWT's signing algorithm. Use -// NewGivenHMACCustomWithOptions instead. -func NewGivenHMAC(key []byte) (givenKey GivenKey) { - return GivenKey{ - inter: key, - } -} - -// NewGivenHMACCustomWithOptions creates a new GivenKey given an HMAC key in a byte slice. -// // Consider the options carefully as each field may have a security implication. -func NewGivenHMACCustomWithOptions(key []byte, options GivenKeyOptions) (givenKey GivenKey) { +func NewGivenHMAC(key []byte, options GivenKeyOptions) (givenKey GivenKey) { return GivenKey{ algorithm: options.Algorithm, inter: key, @@ -132,18 +88,8 @@ func NewGivenHMACCustomWithOptions(key []byte, options GivenKeyOptions) (givenKe // NewGivenRSA creates a new GivenKey given an RSA public key. // -// Deprecated: This function does not allow the user to specify the JWT's signing algorithm. Use -// NewGivenRSACustomWithOptions instead. -func NewGivenRSA(key *rsa.PublicKey) (givenKey GivenKey) { - return GivenKey{ - inter: key, - } -} - -// NewGivenRSACustomWithOptions creates a new GivenKey given an RSA public key. -// // Consider the options carefully as each field may have a security implication. -func NewGivenRSACustomWithOptions(key *rsa.PublicKey, options GivenKeyOptions) (givenKey GivenKey) { +func NewGivenRSA(key *rsa.PublicKey, options GivenKeyOptions) (givenKey GivenKey) { return GivenKey{ algorithm: options.Algorithm, inter: key, diff --git a/given_test.go b/given_test.go index 91e4e88..4039317 100644 --- a/given_test.go +++ b/given_test.go @@ -11,10 +11,10 @@ import ( "fmt" "testing" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" - "github.com/MicahParks/keyfunc" - "github.com/MicahParks/keyfunc/examples/custom/method" + "github.com/MicahParks/keyfunc/v2" + "github.com/MicahParks/keyfunc/v2/examples/custom/method" ) const ( @@ -54,7 +54,7 @@ func TestNewGivenCustomAlg(t *testing.T) { const key = "test-key" givenKeys := make(map[string]keyfunc.GivenKey) - givenKeys[testKID] = keyfunc.NewGivenCustomWithOptions(key, keyfunc.GivenKeyOptions{ + givenKeys[testKID] = keyfunc.NewGivenCustom(key, keyfunc.GivenKeyOptions{ Algorithm: method.CustomAlgHeader, }) @@ -76,7 +76,7 @@ func TestNewGivenCustomAlg_NegativeCase(t *testing.T) { const key = jwt.UnsafeAllowNoneSignatureType // Allow the "none" JWT "alg" header value for golang-jwt. givenKeys := make(map[string]keyfunc.GivenKey) - givenKeys[testKID] = keyfunc.NewGivenCustomWithOptions(key, keyfunc.GivenKeyOptions{ + givenKeys[testKID] = keyfunc.NewGivenCustom(key, keyfunc.GivenKeyOptions{ Algorithm: method.CustomAlgHeader, }) @@ -206,7 +206,7 @@ func TestNewGivenKeysFromJSON_BadParse(t *testing.T) { // addCustom adds a new key wto the given keys map. The new key is using a test jwt.SigningMethod. func addCustom(givenKeys map[string]keyfunc.GivenKey, kid string) (key string) { key = "" - givenKeys[kid] = keyfunc.NewGivenCustomWithOptions(key, keyfunc.GivenKeyOptions{ + givenKeys[kid] = keyfunc.NewGivenCustom(key, keyfunc.GivenKeyOptions{ Algorithm: method.CustomAlgHeader, }) return key @@ -219,7 +219,7 @@ func addECDSA(givenKeys map[string]keyfunc.GivenKey, kid string) (key *ecdsa.Pri return nil, fmt.Errorf("failed to create ECDSA key: %w", err) } - givenKeys[kid] = keyfunc.NewGivenECDSACustomWithOptions(&key.PublicKey, keyfunc.GivenKeyOptions{ + givenKeys[kid] = keyfunc.NewGivenECDSA(&key.PublicKey, keyfunc.GivenKeyOptions{ Algorithm: jwt.SigningMethodES256.Alg(), }) @@ -233,7 +233,7 @@ func addEdDSA(givenKeys map[string]keyfunc.GivenKey, kid string) (key ed25519.Pr return nil, fmt.Errorf("failed to create ECDSA key: %w", err) } - givenKeys[kid] = keyfunc.NewGivenEdDSACustomWithOptions(pub, keyfunc.GivenKeyOptions{ + givenKeys[kid] = keyfunc.NewGivenEdDSA(pub, keyfunc.GivenKeyOptions{ Algorithm: jwt.SigningMethodEdDSA.Alg(), }) @@ -248,7 +248,7 @@ func addHMAC(givenKeys map[string]keyfunc.GivenKey, kid string) (secret []byte, return nil, fmt.Errorf("failed to create HMAC secret: %w", err) } - givenKeys[kid] = keyfunc.NewGivenHMACCustomWithOptions(secret, keyfunc.GivenKeyOptions{ + givenKeys[kid] = keyfunc.NewGivenHMAC(secret, keyfunc.GivenKeyOptions{ Algorithm: jwt.SigningMethodHS256.Alg(), }) @@ -262,7 +262,7 @@ func addRSA(givenKeys map[string]keyfunc.GivenKey, kid string) (key *rsa.Private return nil, fmt.Errorf("failed to create RSA key: %w", err) } - givenKeys[kid] = keyfunc.NewGivenRSACustomWithOptions(&key.PublicKey, keyfunc.GivenKeyOptions{ + givenKeys[kid] = keyfunc.NewGivenRSA(&key.PublicKey, keyfunc.GivenKeyOptions{ Algorithm: jwt.SigningMethodRS256.Alg(), }) diff --git a/go.mod b/go.mod index ce7ffcf..104d0e2 100644 --- a/go.mod +++ b/go.mod @@ -1,7 +1,5 @@ -module github.com/MicahParks/keyfunc +module github.com/MicahParks/keyfunc/v2 -go 1.16 +go 1.18 -require github.com/golang-jwt/jwt/v4 v4.4.2 - -retract v1.3.0 // Contains a bug in ResponseExtractorStatusOK where the *http.Response body is not closed. https://github.com/MicahParks/keyfunc/issues/51 +require github.com/golang-jwt/jwt/v5 v5.0.0 diff --git a/go.sum b/go.sum index f214fed..fcfb224 100644 --- a/go.sum +++ b/go.sum @@ -1,2 +1,2 @@ -github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQAYs= -github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE= +github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= diff --git a/jwks_test.go b/jwks_test.go index a0b6b77..527e5da 100644 --- a/jwks_test.go +++ b/jwks_test.go @@ -18,9 +18,9 @@ import ( "testing" "time" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" - "github.com/MicahParks/keyfunc" + "github.com/MicahParks/keyfunc/v2" ) const ( diff --git a/keyfunc.go b/keyfunc.go index 1f082bd..ae62503 100644 --- a/keyfunc.go +++ b/keyfunc.go @@ -6,7 +6,7 @@ import ( "fmt" "strings" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" ) var ( @@ -14,7 +14,7 @@ var ( ErrKID = errors.New("the JWT has an invalid kid") ) -// Keyfunc matches the signature of github.com/golang-jwt/jwt/v4's jwt.Keyfunc function. +// Keyfunc matches the signature of github.com/golang-jwt/jwt/v5's jwt.Keyfunc function. func (j *JWKS) Keyfunc(token *jwt.Token) (interface{}, error) { kid, alg, err := kidAlg(token) if err != nil { @@ -23,6 +23,7 @@ func (j *JWKS) Keyfunc(token *jwt.Token) (interface{}, error) { return j.getKey(alg, kid) } +// Keyfunc matches the signature of github.com/golang-jwt/jwt/v5's jwt.Keyfunc function. func (m *MultipleJWKS) Keyfunc(token *jwt.Token) (interface{}, error) { return m.keySelector(m, token) } diff --git a/multiple.go b/multiple.go index 61ea30b..08946b0 100644 --- a/multiple.go +++ b/multiple.go @@ -4,7 +4,7 @@ import ( "errors" "fmt" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" ) // ErrMultipleJWKSSize is returned when the number of JWKS given are not enough to make a MultipleJWKS. @@ -46,6 +46,8 @@ func GetMultiple(multiple map[string]Options, options MultipleOptions) (multiJWK return multiJWKS, nil } +// JWKSets returns a copy of the map of JWK Sets. The map itself is a copy, but the JWKS are not and should be treated +// as read-only. func (m *MultipleJWKS) JWKSets() map[string]*JWKS { sets := make(map[string]*JWKS, len(m.sets)) for u, jwks := range m.sets { @@ -54,6 +56,7 @@ func (m *MultipleJWKS) JWKSets() map[string]*JWKS { return sets } +// KeySelectorFirst returns the first key found in the multiple JWK Sets. func KeySelectorFirst(multiJWKS *MultipleJWKS, token *jwt.Token) (key interface{}, err error) { kid, alg, err := kidAlg(token) if err != nil { diff --git a/multiple_test.go b/multiple_test.go index 5762c8a..8227864 100644 --- a/multiple_test.go +++ b/multiple_test.go @@ -5,9 +5,9 @@ import ( "net/http/httptest" "testing" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" - "github.com/MicahParks/keyfunc" + "github.com/MicahParks/keyfunc/v2" ) const ( diff --git a/options.go b/options.go index fbcb3ba..b4ab35c 100644 --- a/options.go +++ b/options.go @@ -9,7 +9,7 @@ import ( "net/http" "time" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" ) // ErrInvalidHTTPStatusCode indicates that the HTTP status code is invalid. diff --git a/options_test.go b/options_test.go index 70ff741..3d7abad 100644 --- a/options_test.go +++ b/options_test.go @@ -7,7 +7,7 @@ import ( "sync" "testing" - "github.com/MicahParks/keyfunc" + "github.com/MicahParks/keyfunc/v2" ) func TestResponseExtractorStatusOK(t *testing.T) { diff --git a/override_test.go b/override_test.go index e0f2099..30df8a5 100644 --- a/override_test.go +++ b/override_test.go @@ -14,9 +14,9 @@ import ( "path/filepath" "testing" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" - "github.com/MicahParks/keyfunc" + "github.com/MicahParks/keyfunc/v2" ) const ( diff --git a/padding_test.go b/padding_test.go index 8ae0bc8..ca837bf 100644 --- a/padding_test.go +++ b/padding_test.go @@ -3,7 +3,7 @@ package keyfunc_test import ( "testing" - "github.com/MicahParks/keyfunc" + "github.com/MicahParks/keyfunc/v2" ) const (