Example for `jwt.Parse` uses incorrect method for validating algorithm methods

[mattt]

The ExampleParse_hmac function in hmac_example_test.go provides the following example code:

jwt/hmac_example_test.go

Lines 51 to 59 in bc8bdca

	token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
	// Don't forget to validate the alg is what you expect:
	if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
	return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
	}
	// hmacSampleSecret is a []byte containing your secret, e.g. []byte("my_secret_key")
	return hmacSampleSecret, nil
	})

The validation performed on line 53 seems at odds with the recommendations in the Parse function docs:

jwt/parser.go

Lines 218 to 225 in bc8bdca

	// Parse parses, validates, verifies the signature and returns the parsed token.
	// keyFunc will receive the parsed token and should return the cryptographic key
	// for verifying the signature. The caller is strongly encouraged to set the
	// WithValidMethods option to validate the 'alg' claim in the token matches the
	// expected algorithm. For more details about the importance of validating the
	// 'alg' claim, see
	// https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
	func Parse(tokenString string, keyFunc Keyfunc, options ...ParserOption) (*Token, error) {

In this case, the type assertion tests whether token.Method can be safely converted to the *jwt.SigningMethodHMAC type. But a more specific check for HS256 seems more appropriate.

token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
	// hmacSampleSecret is a []byte containing your secret, e.g. []byte("my_secret_key")
	return hmacSampleSecret, nil
}, jwt.WithValidMethods([]string{jwt.SigningMethodHS256.Alg()}))

Or for all HMAC signing methods:

validMethods := []string{
	jwt.SigningMethodHS256.Alg(),
	jwt.SigningMethodHS384.Alg(),
	jwt.SigningMethodHS512.Alg(),
}
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
	// hmacSampleSecret is a []byte containing your secret, e.g. []byte("my_secret_key")
	return hmacSampleSecret, nil
}, jwt.WithValidMethods(validMethods))

[stefansaasen]

Came here to ask the same question. I'm currently using jwt.WithValidMethod without the type assertion on the token Method like in the examples.

Given that the example suggests something different, it'd be great to clarify what the intended usage is and whether one or the other (or both?) should be used.

If jwt.WithValidMethod is the way to got, the linked PR #425 would be a great change as it would remove some uncertainty.

[oxisto]

Came here to ask the same question. I'm currently using jwt.WithValidMethod without the type assertion on the token Method like in the examples.

Given that the example suggests something different, it'd be great to clarify what the intended usage is and whether one or the other (or both?) should be used.

If jwt.WithValidMethod is the way to got, the linked PR #425 would be a great change as it would remove some uncertainty.

I think per se both options are "valid", although the jwt.WithValidMethod is a lot easier to handle and less error-prone. I think some of the examples outdate our relatively new functional-style options, so that is probably why the example still uses the "old" way.