Google Git
Sign in
edge / third_party / SermoDigital / jose / 98ed5015f137d1c0920f5652c325db065d58cf9f
commit98ed5015f137d1c0920f5652c325db065d58cf9f[log] [tgz]
authorFrank Schroeder <frschroeder@ebay.com>Sat Apr 02 12:25:02 2016 +0200
committerFrank Schroeder <frschroeder@ebay.com>Sun Apr 03 22:59:52 2016 +0200
treefcd1577b0ee3aef86c8593011787eb3c7d77ba92
parent1ada734c98ebee109b29587808e4b2b8ed5bac7d [diff]
Fix Claims.Validate

The `within()` function is wrong since it is supposed to check
`max-delta < val < max+delta` but not `val == max`. It also does not
work for the `nbf` check since that needs to verify that `nbf-leeway <
now`

Also, if I read RFC 7519 correctly then the token should not be used
after `exp` and not before `nbf`. So `Validate` should check for `nbf <
now <= exp` or more generally `nbf-x < now <= exp+y`
2 files changed
tree: fcd1577b0ee3aef86c8593011787eb3c7d77ba92
  1. crypto/
  2. jws/
  3. jwt/
  4. .gitignore
  5. .tags
  6. .travis.yml
  7. _test.sh
  8. base64.go
  9. base64_test.go
  10. cover.html
  11. doc.go
  12. header.go
  13. header_test.go
  14. LICENSE
  15. README.md
  16. stubs_test.go
README.md

JOSE

Build Status GoDoc

JOSE is a comprehensive set of JWT, JWS, and JWE libraries.

Why

The only other JWS/JWE/JWT implementations are specific to JWT, and none were particularly pleasant to work with.

These libraries should provide an easy, straightforward way to securely create, parse, and validate JWS, JWE, and JWTs.

Notes:

JWE is currently unimplemented.

Version 0.9:

Documentation

The docs can be found at [godoc.org] docs, as usual.

JWS RFC

JWE RFC

JWT RFC

License

[MIT] license.