I'm trying out JWT (JSON Web Tokens) in a Go web service. Here's what I've done so far:
package jwt
import(
"fmt"
"net/http"
"github.com/gorilla/mux"
"github.com/dgrijalva/jwt-go"
"io/ioutil"
)
var privateKey []byte
var publicKey []byte
func JSONWebTokensHandler(w http.ResponseWriter, r * http.Request){
// Create the token
encodeToken := jwt.New(jwt.SigningMethodHS256)
// Set some claims
encodeToken.Claims["Latitude"] = "25.000"
encodeToken.Claims["Longitude"] = "27.000"
// Sign and get the complete encoded token as a string
tokenString, err := encodeToken.SignedString(privateKey)
decodeToken, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
}
return publicKey,nil
})
if decodeToken.Valid {
fmt.Fprintf(w,"Lat: %s, Lng: %s",decodeToken.Claims["Latitude"],decodeToken.Claims["Longitude"])
} else {
fmt.Fprintf(w,"Couldn't handle this token: %s", err)
}
}
func init(){
privateKey,_ = ioutil.ReadFile("demo.rsa")
publicKey,_ = ioutil.ReadFile("demo.rsa.pub")
r := mux.NewRouter()
r.HandleFunc("/jwt",JSONWebTokensHandler).Methods("GET")
http.Handle("/", r)
}
Now if my understanding is correct, A token that is encoded using a private key can be decoded using the public key. That is what I've presumed in the code above however when I run the code I get the error:
Couldn't handle this token: signature is invalid
If I use the same key for encoding and decoding, then the code works.
What I'd like to know is, is there something wrong with my understanding or in the code?
The JWT isn't signed using an asymmetric cipher like RSA. It uses a HMAC, which uses a single, secret key. Indeed, the point here is not to prove to someone else that you signed the token. It's to prove to yourself that you signed it, and thus forbid anyone who doesn't have your secret key to modify the token.
You are using jwt.SigningMethodHMAC. Therefore, you are signing using HMAC, the signature is the token ciphered by a symmetric key (secret).
You shall use: jwt.New(jwt.SigningMethodRS256) to sign with an asymmetric key-pair.
Very interesting, since I have a similar problem, when I have micro service and a client app that need to verify the token that comes from another internal server, so if you advice using HMAC over RSA them that means that I need to put the private key in both micro service and Client App? that wouldn't be a serious security hole?
Related
I see private key, but where to provide the public key so I can publish. Works perfectly but I am missing the public key, where is it given while creating the JWT token? I assume the example key (dnfksdmfksd) below is the private key. I am using github.com/dgrijalva/jwt-go Thanks!
func CreateToken(userid uint64) (string, error) {
var err error
//Creating Access Token
os.Setenv("ACCESS_SECRET", "jdnfksdmfksd") //this should be in an env file
atClaims := jwt.MapClaims{}
atClaims["authorized"] = true
atClaims["user_id"] = userid
atClaims["exp"] = time.Now().Add(time.Minute * 15).Unix()
at := jwt.NewWithClaims(jwt.SigningMethodHS256, atClaims)
token, err := at.SignedString([]byte(os.Getenv("ACCESS_SECRET")))
if err != nil {
return "", err
}
return token, nil
}
HS256 is a symmetric algorithm. It uses a shared secret. There is not public/private key. The recipients of the JWT have to use the same secret to validate the signature.
When integrating Sign in with Apple you generate a key in your apple developer account.
It's a file that is named like AuthKey_3JMD5K6.p8 and looks like
-----BEGIN PRIVATE KEY-----
MasdfjalskdasdflaASDFAadsflkjaADSFAewfljasdfljkasefasdflkjasdf
asdfljkasdfASDFASDFoiqretasdoiyjlfsbgREtaREGSDFBREtafsrgAREGfdsgaregR
LKJIOEWFNLasdflkawefjoiasdflk
-----END PRIVATE KEY-----
so I made a var appleKey := MasdfjalskdasdflaASDFAadsflkjaADSFAewfljasdfljkasefasdflkjasdf asdfljkasdfASDFASDFoiqretasdoiyjlfsbgREtaREGSDFBREtafsrgAREGfdsgaregRLKJIOEWFNLasdflkawefjoiasdflk
I've signed jwt with the HMAC-SHA method before which is fairly straightforward but I don't know how to sign a jwt with the ECDSA method.
I wrote my code the same way I did for the HMAC-SHA method but get an error key is of invalid type
So using the the jwt library for golang how can I sign my jwt with ECDSA method?
My code
// generate client secret jwt using apple key
expirationTime := time.Now().Add(5 * time.Minute)
claims := &Claims{
StandardClaims: jwt.StandardClaims {
Audience: "https://appleid.apple.com",
Subject: "com.app.ios",
Issuer: string(appleTeamId),
ExpiresAt: expirationTime.Unix(),
IssuedAt: time.Now().Unix(),
},
}
appleToken := jwt.NewWithClaims(jwt.SigningMethodES256, claims)
appleToken.Header["kid"] = appleKid
signedAppleToken, err := appleToken.SignedString(appleKey)
I now know this isn't how you do it and it's a little bit more complex than that but what is the way to do it?
I found this article that tells you how to manually do it:
http://p.agnihotry.com/post/validating_sign_in_with_apple_authorization_code/
But I'm already using the jwt library for golang for the other part of the token:
https://godoc.org/github.com/dgrijalva/jwt-go
In the github.com/dgrijalva/jwt-go's SigningMethodECDSA.Sign docs you can find:
[...] For this signing method, key must be an ecdsa.PrivateKey struct
So, to put together an example:
p8bytes, err := ioutil.ReadFile("SomeAppleKey.p8")
if err != nil {
log.Println(err)
return
}
// Here you need to decode the Apple private key, which is in pem format
block, _ := pem.Decode(p8bytes)
// Check if it's a private key
if block == nil || block.Type != "PRIVATE KEY" {
log.Println("Failed to decode PEM block containing private key")
return
}
// Get the encoded bytes
x509Encoded := block.Bytes
token := jwt.NewWithClaims(
jwt.SigningMethodES256, // specific instance of `*SigningMethodECDSA`
jwt.StandardClaims{
// ...
},
)
// Now you need an instance of *ecdsa.PrivateKey
parsedKey, err := x509.ParsePKCS8PrivateKey(x509Encoded) // EDIT to x509Encoded from p8bytes
if err != nil {
panic(err)
}
ecdsaPrivateKey, ok := parsedKey.(*ecdsa.PrivateKey)
if !ok {
panic("not ecdsa private key")
}
// Finally sign the token with the value of type *ecdsa.PrivateKey
signed, err := token.SignedString(ecdsaPrivateKey)
if err != nil {
panic(err)
}
fmt.Println(signed) // the signed JWT
Note: as shown in the code snippet, because the key file from Apple is in PEM format, it needs to be decoded first
Warning!
Please be aware that github.com/dgrijalva/jwt-go has been unmaintained for a long time and has critical unfixed bugs. And doesn't support Go modules, before the version 4 (which is just a preview anyway). I strongly recommend to choose an different library for dealing with JWT.
Update June 2021
There is now an official community fork of the library: golang-jwt/jwt blessed by the owner of the original project.
I'm reading the example folder for JWT i'm a bit unsure how things work for validating the token.
func ExampleNewWithClaims_customClaimsType() {
mySigningKey := []byte("AllYourBase")
type MyCustomClaims struct {
Foo string `json:"foo"`
jwt.StandardClaims
}
// Create the Claims
claims := MyCustomClaims{
"bar",
jwt.StandardClaims{
ExpiresAt: 15000,
Issuer: "test",
},
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
ss, err := token.SignedString(mySigningKey)
fmt.Printf("%v %v", ss, err)
//Output: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJleHAiOjE1MDAwLCJpc3MiOiJ0ZXN0In0.HE7fK0xOQwFEr4WDgRWj4teRPZ6i3GLwD5YCm6Pwu_c <nil>
}
Here it's straight forward and the token is being signed here token.SignedString(mySigningKey) using "mySigningKey"
Now there unparsing is much less clear for me :
func ExampleParseWithClaims_customClaimsType() {
tokenString := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIiLCJleHAiOjE1MDAwLCJpc3MiOiJ0ZXN0In0.HE7fK0xOQwFEr4WDgRWj4teRPZ6i3GLwD5YCm6Pwu_c"
type MyCustomClaims struct {
Foo string `json:"foo"`
jwt.StandardClaims
}
// sample token is expired. override time so it parses as valid
at(time.Unix(0, 0), func() {
token, err := jwt.ParseWithClaims(tokenString, &MyCustomClaims{}, func(token *jwt.Token) (interface{}, error) {
return []byte("AllYourBase"), nil
})
if claims, ok := token.Claims.(*MyCustomClaims); ok && token.Valid {
fmt.Printf("%v %v", claims.Foo, claims.StandardClaims.ExpiresAt)
} else {
fmt.Println(err)
}
})
// Output: bar 15000
}
Is order to validate that the signature of the token string given back by the client is valid would you need to
decode the claim ( done in &MyCustomClaims{} )
validate that the signature part of the decoded claim is valid against the " pub key included in the token" using token.Valid.
But the example is just decoding the key and by "magic" the return is the secret/signing key?
It doesn't make sense to me at all. Also returning a valid claim for a public key is useless as it could have been done by any private key.
What am i missing ?
Validation is not done by the public key included in the token.
HS256 is symmetric, so whatever key you used to sign the token, you have to use the same key to validate the signature, and that's what's happening. The function passed to ParseWithClaims is returning the same key used to sign the token.
If an asymmetric signing algorithm was used, you'd use the private key to sign the token, and then the public key to validate it, and that nested function would have to return the public key so that ParseWithClaims can validate it.
It sounds like the part that confused you is:
jwt.ParseWithClaims(tokenString, &MyCustomClaims{}, func(token *jwt.Token) (interface{}, error) {
return []byte("AllYourBase"), nil
})
The nested function passed to ParseWithClaims is supposed to inspect the token passed, and return the correct key that can be used to verify the signature. For HS256, it is the same as the key used to sign it. For RSxxx, it'd be the public key, and which public key it should return can be retrieved from the token passed in. It usually contains a public key id so you can select the correct key.
I'm trying to generate a token with a rsa key using the jwt-go package in golang.
Here there is a blog explaining how to do it but that code will always be validating all tokens because is using the public key stored in the server and is not obtaining it from the token. How do you put the complete public key in the token? I was trying this:
var secretKey, _ = rsa.GenerateKey(rand.Reader, 1024)
token := jwt.New(jwt.SigningMethodRS256)
token.Claims["username"] = "victorsamuelmd"
token.Claims["N"] = secretKey.PublicKey.N
token.Claims["E"] = secretKey.PublicKey.E
tokenString, err := token.SignedString(secretKey)
nt, err := jwt.Parse(tokenString, func(t *jwt.Token) (interface{}, error) {
// here I need to recover the public key from the token
// but N is a big.Int and the token stores N as int64
})
Sorry about my english. Thanks.
I think storing the public key in the claims is not good idea because we can verify the JWT with that key technically, but it means it is not a signed JWT anymore. If anyone can generate the JWT with their own private key and storing the public key in JWT, we cannot sure who is signer.
Anyway, you can convert the public key into PEM format which is just a string, and store it in claims. In client side, you can also simply parse it again into public key format. The sample code is below:
privateKey, _ := rsa.GenerateKey(rand.Reader, 1024)
bytes, _ := x509.MarshalPKIXPublicKey(&privateKey.PublicKey)
pem := pem.EncodeToMemory(&pem.Block{
Type: "RSA PUBLIC KEY",
Bytes: bytes,
})
claim["publickey"] = string(pem)
and
pem := []byte(claims["publickey"].(string))
return jwt.ParseRSAPublicKeyFromPEM(pem)
jwt is dgrijalva's jwt-go.
Could anyone tell me why the following (from https://github.com/dgrijalva/jwt-go) example doesn't work?
token, err := jwt.Parse(myToken, func(token *jwt.Token) ([]byte, error) {
return myLookupKey(token.Header["kid"])
})
if err == nil && token.Valid {
deliverGoodness("!")
} else {
deliverUtterRejection(":(")
}
I get an error saying cannot use func literal (type func(*jwt.Token) ([]byte, error)) as type jwt.Keyfunc in argument to jwt.Parse
I've tried to use the code from couple of different jwt-go examples but always ended up with this same error.
The function Parse expects
type Keyfunc func(*Token) (interface{}, error)
You need to return interface{}, not byte[] in your function literal.
(maybe using a byte.Buffer to wrap the byte[], that you can then read as in "Convert arbitrary Golang interface to byte array")
Gert Cuykens points out in the comments to issue 36: commit e1571c8 should have updated the example.
Other examples like this gist also need to be updated.
As mentioned in another answer, the most recent version of is github.com/dgrijalva/jwt-go is v3.2.0+incompatible.
The docs are now outdated as the package's jwt.Keyfunc
function now has this signature:
type Keyfunc func (*Token) (interface{}, error)
When parsing JWTs, this jwt package also authenticates them. Two things are required to authenticate JWTs.
The JWT itself.
The cryptographic key that was used to sign the JWT. Typically, this is a public key.
This is where the jwt.Keyfunc fits in. The return value
of interface{} is later type asserted to a cryptographic key. For many use cases, this will be an RSA or ECDSA based
algorithm. This means the return type is typically *ecdsa.PublicKey
or *rsa.PublicKey. (HMAC keys can also be used, but I won't cover that
use case.)
If your public keys are in PEM format, you might be interested in using the functions built into the jwt
package: ParseECPublicKeyFromPEM
and ParseRSAPublicKeyFromPEM
.
Creating a public key data structure
If your public keys are in another format, you may need to build
the *ecdsa.PublicKey
and *rsa.PublicKey Go structs by populating their exported fields.
ECDSA
Here's the data structure to fill:
// PublicKey represents an ECDSA public key.
type PublicKey struct {
elliptic.Curve
X, Y *big.Int
}
The embedded elliptic.Curve is created by using the crypto/elliptic function associated with its length:
// Create the ECDSA public key.
publicKey = &ecdsa.PublicKey{}
// Set the curve type.
var curve elliptic.Curve
switch myCurve {
case p256:
curve = elliptic.P256()
case p384:
curve = elliptic.P384()
case p521:
curve = elliptic.P521()
}
publicKey.Curve = curve
For both X and Y, these are *big.Ints. If you have the bytes for these integers, creating a new *big.Int and
using the SetBytes method.
publicKey.X = big.NewInt(0).SetBytes(xCoordinate)
publicKey.Y = big.NewInt(0).SetBytes(yCoordinate)
RSA
Here's the data structure to fill:
// A PublicKey represents the public part of an RSA key.
type PublicKey struct {
N *big.Int // modulus
E int // public exponent
}
The modulus, N is a *big.Int. If you have the bytes for this integer, create a new *big.Int and using the
SetBytes method.
publicKey.N = big.NewInt(0).SetBytes(modulus)
The exponent is a regular integer. So that should be strait forward, but if you have the bytes for this integer instead
you can create an integer like this:
publicKey.E = int(big.NewInt(0).SetBytes(exponent).Uint64())
Create a jwt.Keyfunc
Now that the public keys are in the right data strucuture, it's time to create
a jwt.Keyfunc. As mentioned before, the
input for this function will be
a *jwt.Token and the output will be either
an *ecdsa.PublicKey or a
*rsa.PublicKey, but typed as an empty interface: interface{}, or
an error.
The *jwt.Token contains the JWT itself,
but the best way to identify which public key it's associated with is the kid. The kid is a string value contained
in the JWT header. Read about the
kid parameter in the RFC. It can be read from the JWT
like this:
// ErrKID indicates that the JWT had an invalid kid.
ErrKID := errors.New("the JWT has an invalid kid")
// Get the kid from the token header.
kidInter, ok := token.Header["kid"]
if !ok {
return nil, fmt.Errorf("%w: could not find kid in JWT header", ErrKID)
}
kid, ok := kidInter.(string)
if !ok {
return nil, fmt.Errorf("%w: could not convert kid in JWT header to string", ErrKID)
}
At this point, the input is a kid and the output is the public key. The simplest implementation of a
jwt.Keyfunc at this point is a function
that reads from a map[string]interface{} where the key string is a kid and value interface{} is its public key.
Here's an example:
// ErrKID indicates that the JWT had an invalid kid.
ErrKID := errors.New("the JWT has an invalid kid") // TODO This should be exported in the global scope.
// Create the map of KID to public keys.
keyMap := map[string]interface{}{"zXew0UJ1h6Q4CCcd_9wxMzvcp5cEBifH0KWrCz2Kyxc": publicKey}
// Create a mutex for the map of KID to public keys.
var mux sync.Mutex
// Create the jwt.Keyfunc
var keyFunc jwt.Keyfunc = func(token *jwt.Token) (interface{}, error) {
// Get the kid from the token header.
kidInter, ok := token.Header["kid"]
if !ok {
return nil, fmt.Errorf("%w: could not find kid in JWT header", ErrKID)
}
kid, ok := kidInter.(string)
if !ok {
return nil, fmt.Errorf("%w: could not convert kid in JWT header to string", ErrKID)
}
// Get the appropriate public key from the map of KID to public keys.
mux.Lock()
publicKey, ok := keyMap[kid]
mux.Unlock()
if !ok {
return nil, fmt.Errorf("%w: could not find a matching KID in the map of keys", ErrKID)
}
return publicKey, nil
}
You can now use the created keyFunc function-as-a-variable when parsing JWTs.
// Parse the JWT.
token, err := jwt.Parse(myToken, keyFunc)
if err != nil {
log.Fatalf("Failed to parse JWT.\nError: %s\n", err.Error())
}
// Confirm the JWT is valid.
if !token.Valid {
log.Fatalln("JWT failed validation.")
}
// TODO Proceed with authentic JWT.
Other JWT public key formats
JWTs' public keys can also be described by RFC 7517. This RFC describes
a JSON Web Key (JWK) and JSON Web Key Set (JWKs). Some identity providers, like Keycloak
or Amazon Cognito (AWS) provide these via HTTPS endpoints.
Here's an example JWKs:
{
"keys": [
{
"kid": "zXew0UJ1h6Q4CCcd_9wxMzvcp5cEBifH0KWrCz2Kyxc",
"kty": "RSA",
"alg": "PS256",
"use": "sig",
"n": "wqS81x6fItPUdh1OWCT8p3AuLYgFlpmg61WXp6sp1pVijoyF29GOSaD9xE-vLtegX-5h0BnP7va0bwsOAPdh6SdeVslEifNGHCtID0xNFqHNWcXSt4eLfQKAPFUq0TsEO-8P1QHRq6yeG8JAFaxakkaagLFuV8Vd_21PGJFWhvJodJLhX_-Ym9L8XUpIPps_mQriMUOWDe-5DWjHnDtfV7mgaOxbBvVo3wj8V2Lmo5Li4HabT4MEzeJ6e9IdFo2kj_44Yy9osX-PMPtu8BQz_onPgf0wjrVWt349Rj6OkS8RxlNGYeuIxYZr0TOhP5F-yEPhSXDsKdVTwPf7zAAaKQ",
"e": "AQAB",
"x5c": [
"MIICmzCCAYMCBgF4HR7HNDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjEwMzEwMTcwOTE5WhcNMzEwMzEwMTcxMDU5WjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCpLzXHp8i09R2HU5YJPyncC4tiAWWmaDrVZenqynWlWKOjIXb0Y5JoP3ET68u16Bf7mHQGc/u9rRvCw4A92HpJ15WyUSJ80YcK0gPTE0Woc1ZxdK3h4t9AoA8VSrROwQ77w/VAdGrrJ4bwkAVrFqSRpqAsW5XxV3/bU8YkVaG8mh0kuFf/5ib0vxdSkg+mz+ZCuIxQ5YN77kNaMecO19XuaBo7FsG9WjfCPxXYuajkuLgdptPgwTN4np70h0WjaSP/jhjL2ixf48w+27wFDP+ic+B/TCOtVa3fj1GPo6RLxHGU0Zh64jFhmvRM6E/kX7IQ+FJcOwp1VPA9/vMABopAgMBAAEwDQYJKoZIhvcNAQELBQADggEBALILq1Z4oQNJZEUt24VZcvknsWtQtvPxl3JNcBQgDR5/IMgl5VndRZ9OT56KUqrR5xRsWiCvh5Lgv4fUEzAAo9ToiPLub1SKP063zWrvfgi3YZ19bty0iXFm7l2cpQ3ejFV7WpcdLJE0lapFdPLo6QaRdgNu/1p4vbYg7zSK1fQ0OY5b3ajhAx/bhWlrN685owRbO5/r4rUOa6oo9l4Qn7jUxKUx4rcoe7zUM7qrpOPqKvn0DBp3n1/+9pOZXCjIfZGvYwP5NhzBDCkRzaXcJHlOqWzMBzyovVrzVmUilBcj+EsTYJs0gVXKzduX5zO6YWhFs23lu7AijdkxTY65YM0="
],
"x5t": "IYIeevIT57t8ppUejM42Bqx6f3I",
"x5t#S256": "TuOrBy2NcTlFSWuZ8Kh8W8AjQagb4fnfP1SlKMO8-So"
}
]
}
In the above example, a *rsa.PublicKey can be created from just the
n and e JSON attributes. It's kid attribute can be used to create an entry in the keyMap described in an earlier
section.
I've actually run into this use case before and created a Go package just for consuming JWKs and creating
jwt.Keyfunc. If this fits your use case,
check out the repository here: github.com/MicahParks/keyfunc.