I am getting "key is of invalid type" when I try to verify a Cognito based JWT in my middleware. Currently I set up the middle ware like this when the Fiber app is being setup:
// read the "jwks.json" that I got from AWS locally
signingKey, err := ioutil.ReadFile("./jwks.json")
if err != nil {
log.Fatal("Error when opening file: ", err)
}
// pass in the signing key when middle ware is created
app.Get("/api", middleware.Protected(signingKey), handlers.ReadSomeData)
Then my middleware looks like this where most of it is from Go Fiber's JWT example repo.
func Protected(signingKey []byte) func(*fiber.Ctx) error {
return jwtware.New(jwtware.Config{
SigningKey: signingKey,
ErrorHandler: jwtError,
SigningMethod: "RS256",
})
}
func jwtError(c *fiber.Ctx, err error) error {
if err.Error() == "Missing or malformed JWT" {
c.Status(fiber.StatusBadRequest)
return c.JSON(fiber.Map{"status": "error", "message": err.Error(), "data": nil})
} else {
c.Status(fiber.StatusUnauthorized)
return c.JSON(fiber.Map{"status": "error", "message": err.Error(), "data": nil})
}
}
Seems like You should use SigningKeys
for validating token with kid field usage. SigningKey
is used for self-signed keys.
See fiber README.md in github.com/gofiber/jwt
func Protected(signingKey []byte) func(*fiber.Ctx) error {
return jwtware.New(jwtware.Config{
SigningKeys: signingKey,
ErrorHandler: jwtError,
SigningMethod: "RS256",
})
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.