Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate JWT package #129

Merged
merged 3 commits into from
Jan 18, 2022
Merged

Migrate JWT package #129

merged 3 commits into from
Jan 18, 2022

Conversation

j-sv
Copy link
Contributor

@j-sv j-sv commented Jan 18, 2022

The github.com/dgrijalva/jwt-go is deprecated and replaced by the new package. The deprecated library has a vulnerability that has not be released as a stable version.

The issue on the deprecated package: dgrijalva/jwt-go#422

The correction in the new package version is here: golang-jwt/jwt#6

j-sv added 3 commits January 18, 2022 11:21
@j-sv
Migrate JWT package
057b4bb 
The github.com/dgrijalva/jwt-go is deprecated and replace by the new
package. The deprecated library has a vulnerability that has not be
released as a stable version.
@j-sv
Fix
8e560d8
@j-sv
Fix linting
9330aa5
@Ekberg
Copy link
Contributor

Ekberg commented Jan 18, 2022

Did you notice any breaking changes between the two libraries? The diff seems reasonable just wondering if we need to change something else to keep the same behavior.

@j-sv
Copy link
Contributor Author

j-sv commented Jan 18, 2022

Did you notice any breaking changes between the two libraries? The diff seems reasonable just wondering if we need to change something else to keep the same behavior.

Their migration guide says the v4 version should be a drop-in replacement for a v3.x.y version of the old repo. So there shouldn't be a need for any changes. https://github.com/golang-jwt/jwt/blob/main/MIGRATION_GUIDE.md

The only real change was changing jwt.StandardClaims to jwt.RegisteredClaims as it warned that StandardClaims was deprecated. The types are slightly different, but the common fields appear to work the same, so it doesn't appear that there would be any impact.

@Ekberg Ekberg merged commit 8b7feb8 into master Jan 18, 2022
@Ekberg Ekberg deleted the feature/replace-jwt-library branch January 18, 2022 12:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ekberg Ekberg Ekberg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@j-sv @Ekberg