Upgrade to jwt v4 #2155
Upgrade to jwt v4 #2155
Conversation
|
Please see #2122 (comment) |
|
@aldas thank you for information. But the issue causes not by v3 or v4. But due to the wrong result JWT token. For now we have found that the token generated with old version is not validated by other JWT libraries. For now we have checked ruby and php implementation. |
|
Creating a token and parsing a token is two different things. JWT middleware does not create tokens. If you want to parse claims into different type of struct (by different library or never version) then there is Line 111 in 572466d As I mentioned in that comment - upgrading to |
|
To make changes backward compatible, a new middleware should be added, and the old one should be marked as deprecated, so that we enforce people using the new version and don't break the existing code. |
|
Closing. After |
|
We now have https://github.com/labstack/echo-jwt |
|
@aldas Thanks. I've just upgraded my project to the new middleware. |
Better to upgrade to JWT library v4 which is better than original one. Also, there is a deprecation of
StandardClaimsStandardClaims are a structured version of the JWT Claims Set, as referenced at https://datatracker.ietf.org/doc/html/rfc7519#section-4. They do not follow the specification exactly, since they were based on an earlier draft of the specification and not updated. The main difference is that they only support integer-based date fields and singular audiences. This might lead to incompatibilities with other JWT implementations. The use of this is discouraged, instead the newer RegisteredClaims struct should be used.