proxy.golang.org : github.com/ucarion/jwt
Package jwt implements JSON Web Tokens in a way that makes it easier to avoid common security mistakes. In particular, this package leaves out any support for features that frequently lead to security vulnerabilities in implementations of JWT. This package leaves out any support for the "none" algorithm, and does not support letting JWTs drive what algorithm is used for verification. When you use this package, you must specify exactly what algorithm you want to use, and only the three most widely-supported algorithms are permitted: HS256, RS256, and ES256. An attacker cannot trick you into accidentally reading a JWT without verifying it, and an attacker cannot trick you into using a different algorithm than you wanted. If you want to use a symmetric-key signature, see SignHS256 and VerifyHS256. If you want to use RSA public-key signatures, see SignRS256 and VerifyRS256. If you want to use ECDSA public-key signatures, see SignES256 and VerifyES256.
Registry
-
Source
- Documentation
- JSON
purl: pkg:golang/github.com/ucarion/jwt
License: MIT
Latest release: about 5 years ago
First release: about 5 years ago
Namespace: github.com/ucarion
Last synced: 27 days ago