From b50a90ba29c791c775facacc580e775152f96a09 Mon Sep 17 00:00:00 2001 From: David Wobrock Date: Thu, 27 Jun 2024 11:22:00 +0200 Subject: [PATCH] Bump golang-jwt to v5. --- credentials/signer.go | 2 +- credentials/signer_default.go | 2 +- credentials/signer_default_integration_test.go | 2 +- credentials/signer_default_test.go | 2 +- credentials/verifier.go | 2 +- credentials/verifier_default.go | 16 ++++++++-------- credentials/verifier_default_test.go | 2 +- go.mod | 2 +- go.sum | 4 ++-- pipeline/authn/authenticator_jwt.go | 4 ++-- pipeline/authn/authenticator_jwt_test.go | 2 +- pipeline/mutate/mutator_id_token.go | 2 +- pipeline/mutate/mutator_id_token_test.go | 2 +- test/e2e/okclient/main.go | 2 +- 14 files changed, 23 insertions(+), 23 deletions(-) diff --git a/credentials/signer.go b/credentials/signer.go index b5451376a3..7c691bbee8 100644 --- a/credentials/signer.go +++ b/credentials/signer.go @@ -7,7 +7,7 @@ import ( "context" "net/url" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" ) type Signer interface { diff --git a/credentials/signer_default.go b/credentials/signer_default.go index 516b098536..17e2bfc2f9 100644 --- a/credentials/signer_default.go +++ b/credentials/signer_default.go @@ -11,7 +11,7 @@ import ( "reflect" "github.com/go-jose/go-jose/v3" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" "github.com/pkg/errors" "golang.org/x/crypto/ed25519" ) diff --git a/credentials/signer_default_integration_test.go b/credentials/signer_default_integration_test.go index 0dedea2eb1..c4ec694577 100644 --- a/credentials/signer_default_integration_test.go +++ b/credentials/signer_default_integration_test.go @@ -9,7 +9,7 @@ import ( "testing" "time" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" "github.com/ory/oathkeeper/internal" ) diff --git a/credentials/signer_default_test.go b/credentials/signer_default_test.go index 3593c249e6..7f30411473 100644 --- a/credentials/signer_default_test.go +++ b/credentials/signer_default_test.go @@ -10,7 +10,7 @@ import ( "testing" "time" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" "github.com/pkg/errors" "github.com/stretchr/testify/require" diff --git a/credentials/verifier.go b/credentials/verifier.go index f644821f6d..387f590f81 100644 --- a/credentials/verifier.go +++ b/credentials/verifier.go @@ -7,7 +7,7 @@ import ( "context" "net/url" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" "github.com/ory/fosite" ) diff --git a/credentials/verifier_default.go b/credentials/verifier_default.go index c80a8ac70b..27a2c12083 100644 --- a/credentials/verifier_default.go +++ b/credentials/verifier_default.go @@ -10,7 +10,7 @@ import ( "fmt" "strings" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" "github.com/pkg/errors" "github.com/ory/fosite" @@ -82,14 +82,14 @@ func (v *VerifierDefault) Verify( } return nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf(`The signing key algorithm does not match the algorithm from the token header.`)) - }) + }, jwt.WithIssuedAt()) if err != nil { - if e, ok := errors.Cause(err).(*jwt.ValidationError); ok { - if _, ok := errors.Cause(e.Inner).(*herodot.DefaultError); !ok { - return nil, herodot.ErrInternalServerError.WithErrorf(e.Error()).WithTrace(err) - } - - return nil, e.Inner + if errors.Is(err, jwt.ErrTokenUnverifiable) || + errors.Is(err, jwt.ErrTokenUnverifiable) || + errors.Is(err, jwt.ErrTokenSignatureInvalid) || + errors.Is(err, jwt.ErrTokenInvalidClaims) || + errors.Is(err, jwt.ErrTokenMalformed) { + return nil, herodot.ErrInternalServerError.WithErrorf(err.Error()).WithTrace(err) } return nil, err } else if !t.Valid { diff --git a/credentials/verifier_default_test.go b/credentials/verifier_default_test.go index 6701923877..e59d744253 100644 --- a/credentials/verifier_default_test.go +++ b/credentials/verifier_default_test.go @@ -10,7 +10,7 @@ import ( "testing" "time" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" "github.com/pkg/errors" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/go.mod b/go.mod index 38a89e0d60..1be2484ec2 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( github.com/go-swagger/go-swagger v0.30.0 github.com/gobuffalo/httptest v1.5.2 github.com/gobwas/glob v0.2.3 - github.com/golang-jwt/jwt/v4 v4.4.3 + github.com/golang-jwt/jwt/v5 v5.2.1 github.com/golang/gddo v0.0.0-20190904175337-72a348e765d2 github.com/golang/mock v1.6.0 github.com/google/go-replayers/httpreplay v1.1.1 diff --git a/go.sum b/go.sum index 2391fdebbf..277a179de8 100644 --- a/go.sum +++ b/go.sum @@ -409,8 +409,8 @@ github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7a github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang-jwt/jwt/v4 v4.4.3 h1:Hxl6lhQFj4AnOX6MLrsCb/+7tCj7DxP7VA+2rDIq5AU= -github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= +github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/gddo v0.0.0-20190904175337-72a348e765d2 h1:xisWqjiKEff2B0KfFYGpCqc3M3zdTz+OHQHRc09FeYk= github.com/golang/gddo v0.0.0-20190904175337-72a348e765d2/go.mod h1:xEhNfoBDX1hzLm2Nf80qUvZ2sVwoMZ8d6IE2SrsQfh4= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= diff --git a/pipeline/authn/authenticator_jwt.go b/pipeline/authn/authenticator_jwt.go index 8852efc0d4..9c1ff5072b 100644 --- a/pipeline/authn/authenticator_jwt.go +++ b/pipeline/authn/authenticator_jwt.go @@ -9,7 +9,7 @@ import ( "net/http" "strings" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" "github.com/pkg/errors" "go.opentelemetry.io/otel/trace" @@ -130,7 +130,7 @@ func (a *AuthenticatorJWT) Authenticate(r *http.Request, session *Authentication } func (a *AuthenticatorJWT) tryEnrichResultErr(token string, err *herodot.DefaultError) *herodot.DefaultError { - t, _ := jwt.ParseWithClaims(token, jwt.MapClaims{}, nil) + t, _ := jwt.ParseWithClaims(token, jwt.MapClaims{}, nil, jwt.WithIssuedAt()) if t == nil { return err } diff --git a/pipeline/authn/authenticator_jwt_test.go b/pipeline/authn/authenticator_jwt_test.go index 51ec496350..1279481f06 100644 --- a/pipeline/authn/authenticator_jwt_test.go +++ b/pipeline/authn/authenticator_jwt_test.go @@ -12,7 +12,7 @@ import ( "testing" "time" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" "github.com/tidwall/sjson" "github.com/ory/herodot" diff --git a/pipeline/mutate/mutator_id_token.go b/pipeline/mutate/mutator_id_token.go index 476e9a4c63..6715eb6048 100644 --- a/pipeline/mutate/mutator_id_token.go +++ b/pipeline/mutate/mutator_id_token.go @@ -15,7 +15,7 @@ import ( "github.com/dgraph-io/ristretto" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" "github.com/pborman/uuid" "github.com/pkg/errors" diff --git a/pipeline/mutate/mutator_id_token_test.go b/pipeline/mutate/mutator_id_token_test.go index 2666961307..92ab117213 100644 --- a/pipeline/mutate/mutator_id_token_test.go +++ b/pipeline/mutate/mutator_id_token_test.go @@ -22,7 +22,7 @@ import ( "github.com/ory/oathkeeper/x" "github.com/ory/x/configx" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" "github.com/ory/oathkeeper/credentials" "github.com/ory/oathkeeper/driver/configuration" diff --git a/test/e2e/okclient/main.go b/test/e2e/okclient/main.go index 61d1b16f2b..d07a3edf3b 100644 --- a/test/e2e/okclient/main.go +++ b/test/e2e/okclient/main.go @@ -13,7 +13,7 @@ import ( "time" "github.com/go-jose/go-jose/v3" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" "github.com/ory/oathkeeper/x" "github.com/ory/x/cmdx"