Home >Backend Development >Golang >How does JWT resolve claim validity and errors?
I am creating access, refresh token logic and I want to check if the access token is valid (not edited) even if it has Expired. If the token expires, Go will return an error and invalidate the token. So I check if the given error matches ErrTokenExpired.
Can I be 100% sure that if the token is invalid, then err will not be zero, so I can remove the if !tkn.Valid{...
?
Is this generally a good approach or will the edited token pass my validation?
func VerifyJWT(jwtString, secret string) (*jwt.Token, *Claims, error) { claims := &Claims{} tkn, err := jwt.ParseWithClaims(jwtString, claims, func(token *jwt.Token) (interface{}, error) { return []byte(os.Getenv(secret)), nil }) return tkn, claims, err }
_, accClaims, err1 := VerifyJWT(req.Access, "ACCESS_SECRET") if err1 != nil && err1.Error()[:16] != jwt.ErrTokenExpired.Error()[:16] { WriteJSON(w, http.StatusBadRequest, APIError{Error: "invalid token access" + err1.Error()}) return }
jwt token is safe if you have two points in your code:
1-Choose a good algorithm
2- Create a random key
If the token changes or times out, these two options can help you, VerifyJWT
Return an error!
Note: Always need to check for errors and return a good response to the client.
NOTE (Improve your code): To check if an error is ErrTokenExpired, use the errors
pkg.
Your example:
// import "errors" _, accClaims, err := VerifyJWT(req.Access, "ACCESS_SECRET") if errors.Is(err, jwt.ErrTokenExpired) { // continue progress } if err != nil { WriteJSON(w, http.StatusUnauthorized, APIError{Error: err.Error()}) return }
The above is the detailed content of How does JWT resolve claim validity and errors?. For more information, please follow other related articles on the PHP Chinese website!