Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signature error in golang version 1.18.3 #214

Closed
RayendraSabandar opened this issue Jun 8, 2022 · 6 comments
Closed

Signature error in golang version 1.18.3 #214

RayendraSabandar opened this issue Jun 8, 2022 · 6 comments

Comments

@RayendraSabandar
Copy link

RayendraSabandar commented Jun 8, 2022
edited

Problem

I set up a simple login and authentication function in my application. It works fine in golang version 1.18.2 but when I updated to 1.18.3, the ParseWithClaim function always returns signature error and it works fine after I used golang version 1.18.2 again.

Environment

OS=Ubuntu 20.04.4 (WSL 2)
Go=1.18.3
IDE=VSCode
github.com/golang-jwt/jwt=v3.2.2+incompatible
github.com/joho/godotenv=v1.4.0

Codes

.env

SECRET_KEY="secret"

jwt.go

func GenerateToken(userEmail string, userType string, userID uint) (string, error) {
	var secretKey = os.Getenv("SECRET_KEY")
	claims := CustomClaim{
		userEmail,
		userType,
		int(userID),
		jwt.StandardClaims{
			IssuedAt: jwt.TimeFunc().Unix(),
		},
	}

	setupToken := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
	token, err := setupToken.SignedString([]byte(secretKey))

	return token, err
}

func ValidateUserToken(tokenString string) (jwt.Claims, string) {
	var secretKey = os.Getenv("SECRET_KEY")
	highestType := os.Getenv("HIGHEST_TYPE")
	commonType := os.Getenv("COMMON_TYPE")
	unauthenticatedMessage := "Unauthenticated"

	customClaim := &CustomClaim{}
	_, err := jwt.ParseWithClaims(tokenString, customClaim, func(t *jwt.Token) (interface{}, error) {
		return []byte(secretKey), nil
	})

	if err != nil {
		fmt.Println(err, "error in function ValidateToken in jwt.go")
		return nil, unauthenticatedMessage
	} else {
		if customClaim.UserType == highestType || customClaim.UserType == commonType {
			return customClaim, ""
		} else {
			return nil, unauthenticatedMessage
		}
	}
}

main.go

func main() {
	err := godotenv.Load(".env")
	if err != nil {
		log.Fatalf("Some error occured. Err: %s", err)
	} else {
		C.Config()

		R.NewRoutes().Run()
	}
}

Notes

I forgot to copy and past the error printed in the terminal but if I remembered correctly it says signature error. I printed out the secretKey that was used from .env and it was the same thing. So, it's not the dotenv problem in my understanding
@oxisto
Copy link
Collaborator

oxisto commented Jun 8, 2022

It seems you are using the old v3 branch, which we do not really support any more. Could you try to upgrade to v4 to see if that solves anything.

Otherwise a very weird bug, I will check the release notes of 1.18.3 if there is something that could potentially impact this library.

@RayendraSabandar
Copy link
Author

It seems you are using the old v3 branch, which we do not really support any more. Could you try to upgrade to v4 to see if that solves anything.

Otherwise a very weird bug, I will check the release notes of 1.18.3 if there is something that could potentially impact this library.

I have no idea what changed, but I changed the version again to golang 1.18.3 and it works fine. In addition, I upgraded jwt to v4 and made minor changes for the claims to adjust with the warning suggestions and it works fine as well.

Thanks for the suggestion but I don't think I know what cause this my initial error.

Changes

Changed jwt.StandardClaims to jwt.RegisteredClaims

Complete Codes

jwt.go

type CustomClaim struct {
	Email    string `json:"email"`
	UserType string `json:"UserType"`
	UserID   int    `json:"userID"`
	jwt.RegisteredClaims
}

func GenerateToken(userEmail string, userType string, userID uint) (string, error) {
	var secretKey = os.Getenv("SECRET_KEY")
	claims := CustomClaim{
		userEmail,
		userType,
		int(userID),
		jwt.RegisteredClaims{
			IssuedAt: &jwt.NumericDate{},
		},
	}

	setupToken := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
	token, err := setupToken.SignedString([]byte(secretKey))

	return token, err
}

func ValidateUserToken(tokenString string) (jwt.Claims, string) {
	var secretKey = os.Getenv("SECRET_KEY")
	highestType := os.Getenv("HIGHEST_TYPE")
	commonType := os.Getenv("COMMON_TYPE")
	unauthenticatedMessage := "Unauthenticated"

	customClaim := &CustomClaim{}
	_, err := jwt.ParseWithClaims(tokenString, customClaim, func(t *jwt.Token) (interface{}, error) {
		return []byte(secretKey), nil
	})

	if err != nil {
		fmt.Println(err, "error in function ValidateToken in jwt.go")
		return nil, unauthenticatedMessage
	} else {
		if customClaim.UserType == highestType || customClaim.UserType == commonType {
			return customClaim, ""
		} else {
			return nil, unauthenticatedMessage
		}
	}
}

@oxisto
Copy link
Collaborator

oxisto commented Jun 8, 2022

It seems you are using the old v3 branch, which we do not really support any more. Could you try to upgrade to v4 to see if that solves anything.
Otherwise a very weird bug, I will check the release notes of 1.18.3 if there is something that could potentially impact this library.

I have no idea what changed, but I changed the version again to golang 1.18.3 and it works fine. In addition, I upgraded jwt to v4 and made minor changes for the claims to adjust with the warning suggestions and it works fine as well.

Thanks for the suggestion but I don't think I know what cause this my initial error.

Changes

Changed jwt.StandardClaims to jwt.RegisteredClaims

Complete Codes

jwt.go

type CustomClaim struct {
	Email    string `json:"email"`
	UserType string `json:"UserType"`
	UserID   int    `json:"userID"`
	jwt.RegisteredClaims
}

func GenerateToken(userEmail string, userType string, userID uint) (string, error) {
 var secretKey = os.Getenv("SECRET_KEY")
 claims := CustomClaim{
 	userEmail,
 	userType,
 	int(userID),
 	jwt.RegisteredClaims{
 		IssuedAt: &jwt.NumericDate{},
 	},
 }

 setupToken := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 token, err := setupToken.SignedString([]byte(secretKey))

 return token, err
}

func ValidateUserToken(tokenString string) (jwt.Claims, string) {
 var secretKey = os.Getenv("SECRET_KEY")
 highestType := os.Getenv("HIGHEST_TYPE")
 commonType := os.Getenv("COMMON_TYPE")
 unauthenticatedMessage := "Unauthenticated"

 customClaim := &CustomClaim{}
 _, err := jwt.ParseWithClaims(tokenString, customClaim, func(t *jwt.Token) (interface{}, error) {
 	return []byte(secretKey), nil
 })

 if err != nil {
 	fmt.Println(err, "error in function ValidateToken in jwt.go")
 	return nil, unauthenticatedMessage
 } else {
 	if customClaim.UserType == highestType || customClaim.UserType == commonType {
 		return customClaim, ""
 	} else {
 		return nil, unauthenticatedMessage
 	}
 }
}

Unforunatley, I also could not reproduce the issue with your original code. Maybe you had some other environment variables set, that were overriding those by dotgetenv. Not sure. I'll keep this issue open for a few days, if other people experience similar issues after upgrading to 1.18.3, please let us know. Otherwise, I will close it as resolved.

@RayendraSabandar
Copy link
Author

okay thank you. Works well so far anyways

@krokite
Copy link
Contributor

krokite commented Jun 21, 2022

#217

@oxisto
Copy link
Collaborator

oxisto commented Jul 11, 2022

No new issues have been reporting with this version, closing this for now.

@oxisto oxisto closed this as completed Jul 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@krokite @oxisto @RayendraSabandar