diff --git a/README.md b/README.md index 1e1a7c4..59bcaad 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # GO JWT Middleware +**NOTE:** We released this version using a fork of jwt-go in order to address a security vulnerability. Due to jwt-go not being actively maintained we will be looking to switch to a more actively maintained package in the near future. + A middleware that will check that a [JWT](http://jwt.io/) is sent on the `Authorization` header and will then set the content of the JWT into the `user` variable of the request. This module lets you authenticate HTTP requests using JWT tokens in your Go Programming Language applications. JWTs are typically used to protect API endpoints, and are often issued using OpenID Connect. @@ -28,7 +30,7 @@ import ( "net/http" "github.com/auth0/go-jwt-middleware" - "github.com/dgrijalva/jwt-go" + "github.com/form3tech-oss/jwt-go" "context" ) @@ -70,7 +72,7 @@ import ( "github.com/auth0/go-jwt-middleware" "github.com/urfave/negroni" - "github.com/dgrijalva/jwt-go" + "github.com/form3tech-oss/jwt-go" "github.com/gorilla/mux" ) diff --git a/examples/martini-example/main.go b/examples/martini-example/main.go index 7c31241..3a76fc1 100644 --- a/examples/martini-example/main.go +++ b/examples/martini-example/main.go @@ -5,7 +5,7 @@ import ( "net/http" jwtmiddleware "github.com/auth0/go-jwt-middleware" - "github.com/dgrijalva/jwt-go" + "github.com/form3tech-oss/jwt-go" "github.com/go-martini/martini" ) diff --git a/examples/negroni-example/main.go b/examples/negroni-example/main.go index 39414cb..a2640a4 100644 --- a/examples/negroni-example/main.go +++ b/examples/negroni-example/main.go @@ -5,7 +5,7 @@ import ( "net/http" jwtmiddleware "github.com/auth0/go-jwt-middleware" - "github.com/dgrijalva/jwt-go" + "github.com/form3tech-oss/jwt-go" "github.com/gorilla/mux" "github.com/urfave/negroni" ) diff --git a/go.mod b/go.mod index b00b4f4..5ea135e 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.14 require ( github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0 // indirect - github.com/dgrijalva/jwt-go v3.2.0+incompatible + github.com/form3tech-oss/jwt-go v3.2.2+incompatible github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00 // indirect github.com/gorilla/mux v1.7.4 diff --git a/go.sum b/go.sum index 5e637eb..736f537 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,7 @@ github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0 h1:sDMmm+q/3+BukdIpxwO365v/Rbspp2Nt5XntgQRXq8Q= github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0/go.mod h1:4Zcjuz89kmFXt9morQgcfYZAYZ5n8WHjt81YYWIwtTM= -github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= -github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk= +github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab h1:xveKWz2iaueeTaUgdetzel+U7exyigDYBryyVfV/rZk= github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab/go.mod h1:/P9AEU963A2AYjv4d1V5eVL1CQbEJq6aCNHDDjibzu8= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8= diff --git a/jwtmiddleware.go b/jwtmiddleware.go index 8b01d8e..c146b94 100644 --- a/jwtmiddleware.go +++ b/jwtmiddleware.go @@ -8,7 +8,7 @@ import ( "net/http" "strings" - "github.com/dgrijalva/jwt-go" + "github.com/form3tech-oss/jwt-go" ) // A function called whenever an error is encountered diff --git a/jwtmiddleware_test.go b/jwtmiddleware_test.go index 51698ca..cab5cd5 100644 --- a/jwtmiddleware_test.go +++ b/jwtmiddleware_test.go @@ -9,7 +9,7 @@ import ( "strings" "testing" - "github.com/dgrijalva/jwt-go" + "github.com/form3tech-oss/jwt-go" "github.com/gorilla/mux" . "github.com/smartystreets/goconvey/convey" "github.com/urfave/negroni"