From d01facd4637ec4d8eea7440d1e5b7ff6db3fcbb8 Mon Sep 17 00:00:00 2001 From: MickaelK Date: Thu, 13 Mar 2025 17:21:04 +1100 Subject: [PATCH] fix (tmpl): issue with cognito issued jwt token quote from go jwt lib: "WithPaddingAllowed will enable the codec used for decoding JWTs to allow padding. Note that the JWS RFC7515 states that the tokens will utilize a Base64url encoding with no padding. Unfortunately, some implementations of JWT are producing non-standard tokens, and thus require support for decoding." cognito is one of those... --- server/ctrl/tmpl.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/server/ctrl/tmpl.go b/server/ctrl/tmpl.go index c46b9707..0135f5bc 100644 --- a/server/ctrl/tmpl.go +++ b/server/ctrl/tmpl.go @@ -12,7 +12,7 @@ import ( . "github.com/mickael-kerjean/filestash/server/common" - "github.com/golang-jwt/jwt/v4" + "github.com/golang-jwt/jwt/v5" ) var tmplFuncs = template.FuncMap{ @@ -128,10 +128,10 @@ var tmplFuncs = template.FuncMap{ var err error claims := jwt.MapClaims{} if len(args) == 1 { - token, _, err = jwt.NewParser().ParseUnverified(stdin, claims) + token, _, err = jwt.NewParser(jwt.WithPaddingAllowed()).ParseUnverified(stdin, claims) token.Valid = true } else if len(args) == 2 { - token, err = jwt.ParseWithClaims(stdin, claims, func(token *jwt.Token) (interface{}, error) { + token, err = jwt.NewParser(jwt.WithPaddingAllowed()).ParseWithClaims(stdin, claims, func(token *jwt.Token) (interface{}, error) { if _, ok := token.Method.(*jwt.SigningMethodHMAC); ok { return []byte(args[0]), nil } else if _, ok := token.Method.(*jwt.SigningMethodRSA); ok {