Reputation: 1025
JWT-GO Error 4 and token verification from another api url
I am using package "github.com/dgrijalva/jwt-go" in golang to authenticate api hits.
The code for creating a jwt token is:
token := jwt.NewWithClaims(jwt.SigningMethodHS256, &jwt.MapClaims{
"email": "[email protected]",
"exp": time.Now().Add(time.Hour * 8760).Unix(),
"role": "customer",
"name": "John Doe",
"ip": 0.0.0.0,
"user_agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0"
"id": 1,
})
tokenString, err := token.SignedString([]byte(config.SignKey))
Following are the steps to use this token:
- First login api hits and we call above method to generate token and return this token in the api response.
After that another api hits which contains this token in its headers with "Bearer " string. We decode this token and authenticate it through following code:
bearer := strings.Split(c.Request.Header["Authorization"][0], "Bearer") bearerToken := strings.TrimSpace(bearer[1]) token, err := jwt.Parse(bearerToken, func(token *jwt.Token) (interface{}, error) {return config.SignKey, nil}) if err != nil { c.JSON(200, gin.H{"response": "{error: "err", msg: Session Expired. Please log out and back in to continue2.}",}) c.Abort() return }
Now suppose the token was decoded for url: http://SOMEDOMAIN.COM/api/v1/SOMEAPI
from this api I issued another curl command in the format:
"curl --header 'Ip: " + ip + "' --header 'User-Agent: " + userAgent + "' --header 'Authorization: " + token + "' 'http://SOMEDOMAIN.COM/api/v2/ANOTHERAPI'"
This command hits another different api but using the same credentials like token is same what was created from login api.
Both apis with different urls are hosted over same server but different golang project folder.
Now at this time this package does not authenticate the token and gives following error:
{"response":{"code":400,"api_status":10,"message":"Session Expired. Please log out and back in to continue2.","data":{"Inner":{},"Errors":4}}}
I was looking for meaning of error code 4 in this case.
Can anyone please explain what is the meaning of Error: 4 and why it is behaving like this on different api urls?
Upvotes: 1
Views: 617
Answers (1)
Reputation: 3250
When I investigated your code,
There is an misuse about your config.SignKey , It seems it was casting []byte while signing token.
But while parsing your token;
{return config.SignKey, nil}
You used default type and didn't cast []byte.
{return []byte(config.SignKey), nil}
I think it is the issue.
Upvotes: 1
Related Questions
- Can't validate JWT token
- Verify JWT Token fails in Golang
- Using jwt-go Library - Key is invalid or invalid type
- Golang JWT is invalid with go-jwt-middleware
- How to validate a JWT token in Golang
- Unable to verify a Valid token with a VALID secret
- go-restful + JWT authentication
- JWT is always valid even when incorrect params passed
- JWT key is invalid
- Mismatched types causing error when generating JWT token