minor

kataras · kataras · commit 23a36ad18b89 · 2025-02-03T02:31:23.000+02:00
diff --git a/README.md b/README.md
@@ -563,6 +563,7 @@ Read more about GCM at: https://en.wikipedia.org/wiki/Galois/Counter_Mode
 Here is what helped me to implement JWT in Go:
 
 - The JWT RFC: https://tools.ietf.org/html/rfc7519
+- The JWK RFC: See https://tools.ietf.org/html/rfc7517#section-5
 - The official JWT book, all you need to learn: https://auth0.com/resources/ebooks/jwt-handbook
 - Create Your JWTs From Scratch (PHP): https://dzone.com/articles/create-your-jwts-from-scratch
 - How to make your own JWT (Javascript): https://medium.com/code-wave/how-to-make-your-own-jwt-c1a32b5c3898
diff --git a/claims.go b/claims.go
@@ -234,10 +234,11 @@ func (c Claims) ApplyClaims(dest *Claims) {
 // See the `Clock` package-level variable to modify
 // the current time function.
 func MaxAge(maxAge time.Duration) SignOptionFunc {
+	if maxAge <= time.Second {
+		return NoMaxAge
+	}
+
 	return func(c *Claims) {
-		if maxAge <= time.Second {
-			return
-		}
 		now := Clock()
 		c.Expiry = now.Add(maxAge).Unix()
 		c.IssuedAt = now.Unix()
diff --git a/kid_keys.go b/kid_keys.go
@@ -250,9 +250,12 @@ func (keys Keys) VerifyToken(token []byte, claimsPtr any, validators ...TokenVal
 	return verifiedToken.Claims(&claimsPtr)
 }
 
-// JWKS returns the JSON Web Key Set (JWKS) based on the registered keys (RSA or EdDSA).
+// JWKS returns the JSON Web Key Set (JWKS) based on the registered keys.
+// Its result is ready for serving the JWKS on /.well-known/jwks.json.
+//
+// See https://tools.ietf.org/html/rfc7517#section-5 for more.
 func (keys Keys) JWKS() (*JWKS, error) {
-	jkeys := make([]*JWK, 0, len(keys))
+	sets := make([]*JWK, 0, len(keys))
 
 	for _, key := range keys {
 		alg := ""
@@ -263,9 +266,9 @@ func (keys Keys) JWKS() (*JWKS, error) {
 		if err != nil {
 			return nil, err
 		}
-		jkeys = append(jkeys, jwk)
+		sets = append(sets, jwk)
 	}
 
-	jwks := JWKS{Keys: jkeys}
+	jwks := JWKS{Keys: sets}
 	return &jwks, nil
 }
diff --git a/sign_test.go b/sign_test.go
@@ -10,7 +10,7 @@ import (
 
 func TestSignOption(t *testing.T) {
 	now := time.Date(2020, 10, 26, 1, 1, 1, 1, time.Local)
-	exp := now.Add(time.Second).Unix()
+	exp := now.Add(time.Second * 2).Unix()
 	iat := now.Unix()
 	type claims struct {
 		Foo      string `json:"foo"`
@@ -35,7 +35,7 @@ func TestSignOption(t *testing.T) {
 		return now
 	}
 
-	token, err := Sign(testAlg, testSecret, Map{"foo": "bar"}, expectedStdClaims, MaxAge(time.Second))
+	token, err := Sign(testAlg, testSecret, Map{"foo": "bar"}, expectedStdClaims, MaxAge(time.Second*2))
 
 	if err != nil {
 		t.Fatal(err)

Original file line number	Diff line number	Diff line change
`@@ -250,9 +250,12 @@ func (keys Keys) VerifyToken(token []byte, claimsPtr any, validators ...TokenVal`
`250`	`250`	`return verifiedToken.Claims(&claimsPtr)`
`251`	`251`	`}`
`252`	`252`
`253`		`-// JWKS returns the JSON Web Key Set (JWKS) based on the registered keys (RSA or EdDSA).`
	`253`	`+// JWKS returns the JSON Web Key Set (JWKS) based on the registered keys.`
	`254`	`+// Its result is ready for serving the JWKS on /.well-known/jwks.json.`
	`255`	`+//`
	`256`	`+// See https://tools.ietf.org/html/rfc7517#section-5 for more.`
`254`	`257`	`func (keys Keys) JWKS() (*JWKS, error) {`
`255`		`- jkeys := make([]*JWK, 0, len(keys))`
	`258`	`+ sets := make([]*JWK, 0, len(keys))`
`256`	`259`
`257`	`260`	`for _, key := range keys {`
`258`	`261`	`alg := ""`
`@@ -263,9 +266,9 @@ func (keys Keys) JWKS() (*JWKS, error) {`
`263`	`266`	`if err != nil {`
`264`	`267`	`return nil, err`
`265`	`268`	`}`
`266`		`- jkeys = append(jkeys, jwk)`
	`269`	`+ sets = append(sets, jwk)`
`267`	`270`	`}`
`268`	`271`
`269`		`- jwks := JWKS{Keys: jkeys}`
	`272`	`+ jwks := JWKS{Keys: sets}`
`270`	`273`	`return &jwks, nil`
`271`	`274`	`}`