oauth2/jws creates "invalid" signatures
156 views
Skip to first unread message
mi...@ubo.ro
May 1, 2022, 6:32:54 PM5/1/22
to golang-nuts
Does anyone know why the jws signatures created by the golang.org/x/oauth2/jws are displayed as "invalid signature" on jwt.io ? As far as I'm concerned it seems compliant with the JWS creation specs[0] but it looks like jwt.io is expecting a public key or "jwk string" as well ?
Below is an example of signatures that appears as "invalid" on jwt.io [1] and the code[2]
[1] eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwOi8vZ29vZ2xlLmNvbS8iLCJhdWQiOiIiLCJleHAiOjM2MTAsImlhdCI6MTB9.iIT1HnaZbpbN80TUunM_FAPgerBD4LilNZIX-M55tzRqgE8nDC57inkQF0KcVyLk4Y55WOtBlSj045u35twKkHokEGjSpSSQT31Rcf6ugxqYMKnqIvw9quzwaPJA_RmiudJVuCe_zyVka008M7fZfblwcaTWr1AXZ3iUrwOZnnP9Hli0merjPicVhNIG7SbZTyGFh6P9NUiX0y54iqsV_3yXQZep_UGJYuLR7v1hRRr1tphEiNUt4lBtcp_7nraLnUDTyMraZ8WpTwvn57GAQ4ShzxotEkR3z_5zDxsHRirJcLSBWZ-SNHl3XYXhGV48ePiMJlZ-PR6OQfJ35f-WiQ
[2]
// You can edit this code!
// Click here and start typing.
package main
import (
"crypto/rand"
"crypto/rsa"
"fmt"
jws "golang.org/x/oauth2/jws"
)
func main() {
header := &jws.Header{
Algorithm: "RS256",
Typ: "JWT",
}
payload := &jws.ClaimSet{
Iss: "http://google.com/",
Aud: "",
Exp: 3610,
Iat: 10,
}
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
panic(err)
}
token, err := jws.Encode(header, payload, privateKey)
if err != nil {
panic(err)
}
fmt.Println(token)
}
// Click here and start typing.
package main
import (
"crypto/rand"
"crypto/rsa"
"fmt"
jws "golang.org/x/oauth2/jws"
)
func main() {
header := &jws.Header{
Algorithm: "RS256",
Typ: "JWT",
}
payload := &jws.ClaimSet{
Iss: "http://google.com/",
Aud: "",
Exp: 3610,
Iat: 10,
}
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
panic(err)
}
token, err := jws.Encode(header, payload, privateKey)
if err != nil {
panic(err)
}
fmt.Println(token)
}
Reply all
Reply to author
Forward
0 new messages