splitToken splits a token string into three parts: header, claims, and signature. It will only return true if the token contains exactly two delimiters and three parts. In all other cases, it will return nil parts and false.
(token string)
| 205 | // return true if the token contains exactly two delimiters and three parts. In all other cases, it |
| 206 | // will return nil parts and false. |
| 207 | func splitToken(token string) ([]string, bool) { |
| 208 | parts := make([]string, 3) |
| 209 | header, remain, ok := strings.Cut(token, tokenDelimiter) |
| 210 | if !ok { |
| 211 | return nil, false |
| 212 | } |
| 213 | parts[0] = header |
| 214 | claims, remain, ok := strings.Cut(remain, tokenDelimiter) |
| 215 | if !ok { |
| 216 | return nil, false |
| 217 | } |
| 218 | parts[1] = claims |
| 219 | // One more cut to ensure the signature is the last part of the token and there are no more |
| 220 | // delimiters. This avoids an issue where malicious input could contain additional delimiters |
| 221 | // causing unnecessary overhead parsing tokens. |
| 222 | signature, _, unexpected := strings.Cut(remain, tokenDelimiter) |
| 223 | if unexpected { |
| 224 | return nil, false |
| 225 | } |
| 226 | parts[2] = signature |
| 227 | |
| 228 | return parts, true |
| 229 | } |
| 230 | |
| 231 | // DecodeSegment decodes a JWT specific base64url encoding. This function will |
| 232 | // take into account whether the [Parser] is configured with additional options, |
no outgoing calls