2

We currently implement a scenario where generate a token in node.js javascript with jwt . We use RS512 with certificates for token generation. The token has an expiration limit. Sign and verify work perfect if we use the node.js implementation only.

In addition we run a golang server where we want to use the same token for access control. Means the golang implementation has just to do the token verification. We tried a number of golang libs, recommended on jwt.io. None of them was able to handle a valid token in the expected manner so far. Or they do not support exp or they do not support RS512. The furthest we got was hitting a "crypto/rsa: verification error" when using

github.com/dvsekhvalnov/jose2go 

payload, headers, err := jose.Decode(token,sharedKey)

Any are ideas welcome.

Grokify
  • 15,092
  • 6
  • 60
  • 81
Belarophon01
  • 31
  • 4
  • 1
    I've used `github.com/dgrijalva/jwt-go` in a project and it supports `RS512`. It looks like many of these libraries verify the hash in their methods, but don't ever enforce `exp`. Guess you have to do that yourself. Means I need to fix my own project... `jwt-go` does say it is `exp` check compatible though. – RayfenWindspear Sep 26 '17 at 16:00
  • `jwt-go` does verify time based claims. Is there any particular reason you chose `jose2go`? https://github.com/dgrijalva/jwt-go/blob/24c63f56522a87ec5339cc3567883f1039378fdb/map_claims.go#L70 – RayfenWindspear Sep 26 '17 at 16:20

0 Answers0