parsing - Invalid Json web token in Go -


i trying make json web token authentication system go cant seem parsing of web token working. error occurs in following function.

func requiretokenauthentication(rw http.responsewriter, req *http.request, next http.handlerfunc) { authbackend := initjwtauthenticationbackend()  jwtstring := req.header.get("authorization")   token, err := jwt.parse(jwtstring, func(token *jwt.token) (interface{}, error) {     if _, ok := token.method.(*jwt.signingmethodrsa); !ok {         log.println("unexpected signing method")         return nil, fmt.errorf("unexpected signing method: %v", token.header["alg"])     } else {         log.println("the token has been returned")         return authbackend.publickey, nil     } })  log.println(token) log.println(token.valid)  if err == nil && token.valid && !authbackend.isinblacklist(req.header.get("authorization")) {     next(rw, req) } else {     rw.writeheader(http.statusunauthorized)     log.p  rintln("status unauthorized requiretokenauthentication")     } }

returns following log

[negroni] started /test/hello 2016/09/13 01:34:46 &{bearer eyjhbgcioijsuzuxmiisinr5cci6ikpxvcj9.eyjlehaioje0nzm5nzq4otasimlhdci6mtq3mzcxnty5mcwic3viijoiin0.mnwewdr8nuvdlo_4ie43me7iph2lesj1uikokgd6vjb7isjfpshn8e7eqr4gkwuiilti34_i6ijrpmx9qrpugkzvsoxx44qlfi6m7fdhvysriybbqwtcvkcpvhnsk8bhjyegy813aaxomk6skzjoaks5jyuvnnzdnqmenyj1bm6fdbgp-olhur_cjk0pym1nmhv9zli1rpjogu4mfj1t4thyzaegirpnzymamtrk6tyefe6xi4voeeadq7hxvwreg6wnsqsygww8uoaiwly1ylbhtkpmt8zfrwllylqs_uuz0xiaswo1mf2plvozz1wlf3zehls31t1egb1xl4wtnqe <nil> map[] <nil>  false} 2016/09/13 01:34:46 false 2016/09/13 01:34:46 status unauthorized requiretokenauthentication [negroni] completed 401 unauthorized in 71.628ms

and here curl using initiate it

curl -h "authorization: bearer eyjhbgcioijsuzuxmiisinr5cci6ikpxvcj9.eyjlehaioje0nzm5nzq4otasimlhdci6mtq3mzcxnty5mcwic3viijoiin0.mnwewdr8nuvdlo_4ie43me7iph2lesj1uikokgd6vjb7isjfpshn8e7eqr4gkwuiilti34_i6ijrpmx9qrpugkzvsoxx44qlfi6m7fdhvysriybbqwtcvkcpvhnsk8bhjyegy813aaxomk6skzjoaks5jyuvnnzdnqmenyj1bm6fdbgp-olhur_cjk0pym1nmhv9zli1rpjogu4mfj1t4thyzaegirpnzymamtrk6tyefe6xi4voeeadq7hxvwreg6wnsqsygww8uoaiwly1ylbhtkpmt8zfrwllylqs_uuz0xiaswo1mf2plvozz1wlf3zehls31t1egb1xl4wtnqe" http://localhost:5000/test/hello

i have tried curl without bearer

curl -h "authorization:eyjhbgcioijsuzuxmiisinr5cci6ikpxvcj9.eyjlehaioje0nzm5nzq4otasimlhdci6mtq3mzcxnty5mcwic3viijoiin0.mnwewdr8nuvdlo_4ie43me7iph2lesj1uikokgd6vjb7isjfpshn8e7eqr4gkwuiilti34_i6ijrpmx9qrpugkzvsoxx44qlfi6m7fdhvysriybbqwtcvkcpvhnsk8bhjyegy813aaxomk6skzjoaks5jyuvnnzdnqmenyj1bm6fdbgp-olhur_cjk0pym1nmhv9zli1rpjogu4mfj1t4thyzaegirpnzymamtrk6tyefe6xi4voeeadq7hxvwreg6wnsqsygww8uoaiwly1ylbhtkpmt8zfrwllylqs_uuz0xiaswo1mf2plvozz1wlf3zehls31t1egb1xl4wtnqe" http://localhost:5000/test/hello

the error occurring because token invalid token.valid = false have generated using following process.

here router

router.handlefunc("/token-auth", controllers.login).methods("post")

here login controller

    func login(w http.responsewriter, r *http.request) {     requestuser := new(models.user)     decoder := json.newdecoder(r.body)     decoder.decode(&requestuser)         responsestatus, token := utils.login(requestuser) //here util file seen below used     w.header().set("content-type", "application/json")     w.writeheader(responsestatus)     w.write(token)  }

this util file

    func login(requestuser *models.user) (int, []byte) {         authbackend := authentication.initjwtauthenticationbackend()          if authbackend.authenticate(requestuser) {             token, err := authbackend.generatetoken(requestuser.uuid)             if err != nil {                 return http.statusinternalservererror, []byte("")             } else {                 response, _ := json.marshal(parameters.tokenauthentication{token})                 return http.statusok, response             }         }         return http.statusunauthorized, []byte("")     }

and here method used generate token

    func (backend *jwtauthenticationbackend) generatetoken(useruuid string) (string, error) {     token := jwt.new(jwt.signingmethodrs512)      claims := token.claims.(jwt.mapclaims)      claims["exp"] = time.now().add(time.hour * time.duration(settings.get().jwtexpirationdelta)).unix()     claims["iat"] = time.now().unix()     claims["sub"] = useruuid      tokenstring, err := token.signedstring(backend.privatekey)     if err != nil {         panic(err)         return "", err     }      return tokenstring, nil }

how fix token parsing system token valid? if need additional information more happy make edit respective information. thank

the error returned jwt.parse() says

tokenstring should not contain 'bearer '

so if remove "bearer ":

jwtstring = strings.split(jwtstring, "bearer ")[1]

you bit further

the token has been returned

however there's new error:

key of invalid type

sorry it's not complete answer!


-

Comments

Post a Comment

Popular posts from this blog

javascript - Thinglink image not visible until browser resize -

Image
i trying repurpose pre-existing theme, includes drop down menu displays image. trying embed thinglink drop down menu's content section, not visible until resize browser window. here menu looks like: then when clicked, can see empty space image should show: then when browser resized, image appears: this code content of menu: <div class="ajax_accordion_content" style="display: none;"> <div class="report-detail"> <table border="0" cellpadding="0" cellspacing="0" width="100%" class="table_basic"> <tbody> <!-- thinglink image embedded --> <img style="max-width: 100%;" src="http://cdn.thinglink.me/api/image/832705713204625409/1024/10/scaletowidth#tl-832705713204625409;1043138249'" class="alwaysthinglink"/> <script async charset="utf-8" src="http://cdn.thinglink.me/jse/embed.j
Read more

firebird - Error "invalid transaction handle (expecting explicit transaction start)" executing script from Delphi -

i'm developing update app delphi 10. i'm running windows 7 64x, firebird 2.5.1.26351 32x. execution order: checks current version(select statement firebird database) downloads update(via ftp) apply it(.exe files, , execute .sql) error code -901 pops out when try execute .sql files. know there incompatibility issue w7 64x , fdb 32x, but, can everything: backup , restore(gbak), db commands(all). tried fdb 64x instead, , not working. code: //components fdwaitcursor: tfdguixwaitcursor; fddriverlink: tfdphysfbdriverlink; fdconnection:tfdconnection; fdscript: tfdscript; function tthr_script.createcomponents:boolean; begin try fddriverlink := tfdphysfbdriverlink.create(fddriverlink); fdwaitcursor := tfdguixwaitcursor.create(fdwaitcursor); fdconnection := tfdconnection.create(fdconnection); fdconnection begin drivername := 'fb'; params.username := thrbanco.bduser; params.password := thrbanco.bdpass; params.database :=
Read more

mongodb - How to keep track of users making Stripe Payments -

i'm trying figure out way mean stack application keep track of users have paid grant them access portion of webpage. i've considered several options: stripe customer id, mongodb record, , html attribute can update. my mean stack keeps track of users jwt, , appears stripe assigns them own customer id isn't ideal. can done jwt opposed forced cutomer id? mongodb record. i'm thinking might best option. when new user has been created, i'll give attribute of haspaid = no. update record of customer when payment submitted. guess run script set unpaid each day? html element/attribute. don't know if possible; cool create key carried during html session after payment received. if person closers browser session closed? i'm looking guidance on 3 options determine if they're best solution. also, if has suggestions alternatives, i'm ears! thanks in advance. speaking generally, common approach second one: use attribute in data model indicates
Read more