ParseWithClaims parses, validates, and verifies like Parse, but supplies a default object implementing the Claims interface. This provides default values which can be overridden and allows a caller to use their own type, rather than the default MapClaims implementation of Claims. Note: If you provi
(tokenString string, claims Claims, keyFunc Keyfunc)
| 55 | // make sure that a) you either embed a non-pointer version of the claims or b) if you are using a pointer, allocate the |
| 56 | // proper memory for it before passing in the overall claims, otherwise you might run into a panic. |
| 57 | func (p *Parser) ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) (*Token, error) { |
| 58 | token, parts, err := p.ParseUnverified(tokenString, claims) |
| 59 | if err != nil { |
| 60 | return token, err |
| 61 | } |
| 62 | |
| 63 | // Verify signing method is in the required set |
| 64 | if p.validMethods != nil { |
| 65 | var signingMethodValid = false |
| 66 | var alg = token.Method.Alg() |
| 67 | for _, m := range p.validMethods { |
| 68 | if m == alg { |
| 69 | signingMethodValid = true |
| 70 | break |
| 71 | } |
| 72 | } |
| 73 | if !signingMethodValid { |
| 74 | // signing method is not in the listed set |
| 75 | return token, newError(fmt.Sprintf("signing method %v is invalid", alg), ErrTokenSignatureInvalid) |
| 76 | } |
| 77 | } |
| 78 | |
| 79 | // Lookup key(s) |
| 80 | if keyFunc == nil { |
| 81 | // keyFunc was not provided. short circuiting validation |
| 82 | return token, newError("no keyfunc was provided", ErrTokenUnverifiable) |
| 83 | } |
| 84 | |
| 85 | got, err := keyFunc(token) |
| 86 | if err != nil { |
| 87 | return token, newError("error while executing keyfunc", ErrTokenUnverifiable, err) |
| 88 | } |
| 89 | |
| 90 | // Join together header and claims in order to verify them with the signature |
| 91 | text := strings.Join(parts[0:2], ".") |
| 92 | switch have := got.(type) { |
| 93 | case VerificationKeySet: |
| 94 | if len(have.Keys) == 0 { |
| 95 | return token, newError("keyfunc returned empty verification key set", ErrTokenUnverifiable) |
| 96 | } |
| 97 | |
| 98 | // Iterate through keys and verify signature, skipping the rest when a match is found. |
| 99 | // Return the last error if no match is found. |
| 100 | for _, key := range have.Keys { |
| 101 | if err = token.Method.Verify(text, token.Signature, key); err == nil { |
| 102 | break |
| 103 | } |
| 104 | } |
| 105 | default: |
| 106 | err = token.Method.Verify(text, token.Signature, have) |
| 107 | } |
| 108 | if err != nil { |
| 109 | return token, newError("", ErrTokenSignatureInvalid, err) |
| 110 | } |
| 111 | |
| 112 | // Validate Claims |
| 113 | if !p.skipClaimsValidation { |
| 114 | // Make sure we have at least a default validator |