diff --git a/errors.go b/errors.go index c032d13..3509af8 100644 --- a/errors.go +++ b/errors.go @@ -14,6 +14,7 @@ var ( ErrUnsupportedAlg = errors.New("algorithm is not supported") // ErrNotJWTType indicates that JWT token type is not JWT. + // Deprecated: leftover after a wrong feature, present due to backward compatibility. ErrNotJWTType = errors.New("token of not JWT type") // ErrInvalidFormat indicates that token format is not valid. diff --git a/go.mod b/go.mod index 19b0c3d..dd51ed5 100644 --- a/go.mod +++ b/go.mod @@ -1,3 +1,8 @@ module github.com/cristalhq/jwt/v5 go 1.19 + +retract ( + v5.3.0 // check 'typ' is too strict. + v5.2.0 // check 'typ' is too strict. +) diff --git a/parse.go b/parse.go index a44f026..cc5f29a 100644 --- a/parse.go +++ b/parse.go @@ -4,17 +4,12 @@ import ( "bytes" "encoding/base64" "encoding/json" - "errors" ) // Parse decodes a token and verifies it's signature. func Parse(raw []byte, verifier Verifier) (*Token, error) { token, err := ParseNoVerify(raw) if err != nil { - // See: https://github.com/cristalhq/jwt/issues/147 - if errors.Is(err, ErrNotJWTType) { - return token, ErrNotJWTType - } return nil, err } if err := verifier.Verify(token); err != nil { @@ -82,10 +77,6 @@ func parse(token []byte) (*Token, error) { header: header, claims: claims, } - if !constTimeEqual(tk.header.Type, "JWT") { - // See: https://github.com/cristalhq/jwt/issues/147 - return tk, ErrNotJWTType - } return tk, nil } diff --git a/parse_test.go b/parse_test.go index 1f2992f..974cf16 100644 --- a/parse_test.go +++ b/parse_test.go @@ -49,17 +49,6 @@ func TestParseAnotherAlgorithm(t *testing.T) { mustEqual(t, err, ErrAlgorithmMismatch) } -func TestParseWrongType(t *testing.T) { - const tokenHS256 = `eyJhbGciOiJIUzI1NiIsInR5cCI6IkJPTUJPTSJ9.eyJqdGkiOiJqdXN0IGFuIGlkIiwiYXVkIjoiYXVkaWVuY2UifQ.t5oEdZGp0Qbth7lo5fZlV_o4-r9gMoYBSktXbarjWoo` - verifier := must(NewVerifierHS(HS256, []byte("key"))) - - token, err := Parse([]byte(tokenHS256), verifier) - mustEqual(t, err, ErrNotJWTType) - if token == nil { - t.Fatal() - } -} - func TestParseMalformed(t *testing.T) { f := func(got string) { t.Helper()