newVerifier() function - verificationKey type

Question

newVerifier() function - verificationKey type

juan-rojas-soteria opened this issue 10 months ago · 0 comments

juan-rojas-soteria commented 10 months ago

Checklist

I have looked into the README and have not found a suitable solution or answer.
I have looked into the documentation and have not found a suitable solution or answer.
I have searched the issues and have not found a suitable solution or answer.
I have upgraded to the latest version of this SDK and the issue still persists.
I have searched the Auth0 Community forums and have not found a suitable solution or answer.
I agree to the terms within the Auth0 Code of Conduct.

Description

After updating the library from version github.com/auth0/go-jwt-middleware/v2 v2.1.0 to github.com/auth0/go-jwt-middleware/v2@v2.2.1, an error was detected in the validation of a JWT that worked correctly in version v2.1.0. Specifically, the function func newVerifier(verificationKey interface{}) (payloadVerifier, error) has problems in the switch case fragment where it compares the encryption algorithm. I compared the type of interface that you get in the two versions of the library and they are different. I attach images for reference. Version v2.2.1 does not have the same type as version v2.1.0, therefore the process is not able to determine the algorithm and breaks

v2.1.0:

v2.2.1:

.

Reproduction

Given a JWT generated using /oauth/token with a RS256 signature algorithm
When consuming a REST endpoint created using golang (v1.20 and v.1.22) and gin
Then I get in the response: Encountered error while validating JWT: jwt invalid: failed to deserialize token claims: could not get token claims: go-jose/go-jose: unsupported key type/format

Go JWT Middleware version

github.com/auth0/go-jwt-middleware/v2@v2.2.1

Go version

1.20 / 1.22