How to validate JWS using square/go-jose package

Asked Feb 26 '20 at 15:02

Active Feb 26 '20 at 21:24

Viewed 2,092 times

I am generating a JSON web signature in JavaScript using node-jws package (https://www.npmjs.com/package/jws). In Headers, I am giving crit: ["exp"] and exp: someTimeStamp. The snippet given below is used in generating the JWS:

let token = jws.sign({
  header: { alg: 'HS256', crit: ["exp"], exp: Math.floor(Date.now() / 1000) + (60 * 60) },
  payload: "somestring" ,
  privateKey: 'supersecret',
});

I am verifying this token in Golang using the snippet given below:

import (
    "github.com/square/go-jose"
)

func main() {
    jsonWebSig, err := jose.ParseSigned(token)

    if err != nil {
        panic(err)
    }
    payload, err := jsonWebSig.Verify([]byte("supersecret"))

    fmt.Println(string(payload))
    fmt.Println(err)
}

The above code in GO works if I don't give the crit: ["exp"] in header while generating the token in JS. Otherwise, it gives me the error saying square/go-jose: error in cryptographic primitive.

I have to use crit: ["exp"] in headers at any cost. Is there any way to verify this?

edited Feb 26 '20 at 21:24

Jonathan Hall

75,165
16
143
189

asked Feb 26 '20 at 15:02

Abdullah Danyal

1,106
1
9
25

1

If you can, try to avoid JOSE/JWT as the standard has some flaws that only an aware library would handle. (source : https://twitter.com/FiloSottile/status/1229805464810074114) – Dolanor Feb 26 '20 at 15:52

How to validate JWS using square/go-jose package

0 Answers0