From 258b2ef740b1003e326e21c45ff208ea748326c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rk=20S=C3=A1gi-Kaz=C3=A1r?= Date: Tue, 23 May 2023 14:25:58 +0200 Subject: [PATCH] Upgrade go-jose library to v3 (#20559) * upgrade go-jose library to v3 Signed-off-by: Mark Sagi-Kazar * chore: fix unnecessary import alias Signed-off-by: Mark Sagi-Kazar * upgrade go-jose library to v2 in vault Signed-off-by: Mark Sagi-Kazar --------- Signed-off-by: Mark Sagi-Kazar --- api/go.mod | 2 +- api/go.sum | 12 ++++++++++-- api/plugin_helpers.go | 4 ++-- audit/format.go | 6 +++--- builtin/logical/pki/acme_jws.go | 2 +- builtin/logical/pki/path_acme_test.go | 9 ++++----- changelog/20559.txt | 3 +++ command/agent/testing.go | 5 +++-- go.mod | 3 ++- go.sum | 3 +++ vault/identity_store_oidc.go | 4 ++-- vault/identity_store_oidc_provider.go | 2 +- vault/identity_store_oidc_provider_util.go | 2 +- vault/identity_store_oidc_test.go | 4 ++-- vault/wrapping.go | 18 +++++++++--------- 15 files changed, 47 insertions(+), 32 deletions(-) create mode 100644 changelog/20559.txt diff --git a/api/go.mod b/api/go.mod index 923342907..20fb4617a 100644 --- a/api/go.mod +++ b/api/go.mod @@ -9,6 +9,7 @@ go 1.19 require ( github.com/cenkalti/backoff/v3 v3.0.0 + github.com/go-jose/go-jose/v3 v3.0.0 github.com/go-test/deep v1.0.2 github.com/hashicorp/errwrap v1.1.0 github.com/hashicorp/go-cleanhttp v0.5.2 @@ -22,7 +23,6 @@ require ( github.com/mitchellh/mapstructure v1.5.0 golang.org/x/net v0.7.0 golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1 - gopkg.in/square/go-jose.v2 v2.5.1 ) require ( diff --git a/api/go.sum b/api/go.sum index 808c56f7f..e8f5f1811 100644 --- a/api/go.sum +++ b/api/go.sum @@ -7,8 +7,11 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo= +github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw= github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= +github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -60,26 +63,31 @@ github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkB github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1 h1:NusfzzA6yGQ+ua51ck7E3omNUX/JuqbFSaRGqU8CcLI= golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w= -gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/api/plugin_helpers.go b/api/plugin_helpers.go index 2d6416d70..507b72c4c 100644 --- a/api/plugin_helpers.go +++ b/api/plugin_helpers.go @@ -14,7 +14,7 @@ import ( "os" "regexp" - squarejwt "gopkg.in/square/go-jose.v2/jwt" + "github.com/go-jose/go-jose/v3/jwt" "github.com/hashicorp/errwrap" ) @@ -135,7 +135,7 @@ func VaultPluginTLSProviderContext(ctx context.Context, apiTLSConfig *TLSConfig) return func() (*tls.Config, error) { unwrapToken := os.Getenv(PluginUnwrapTokenEnv) - parsedJWT, err := squarejwt.ParseSigned(unwrapToken) + parsedJWT, err := jwt.ParseSigned(unwrapToken) if err != nil { return nil, errwrap.Wrapf("error parsing wrapping token: {{err}}", err) } diff --git a/audit/format.go b/audit/format.go index cd4307fc6..cf9e57e2e 100644 --- a/audit/format.go +++ b/audit/format.go @@ -11,7 +11,7 @@ import ( "strings" "time" - squarejwt "gopkg.in/square/go-jose.v2/jwt" + "github.com/go-jose/go-jose/v3/jwt" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/helper/salt" @@ -537,12 +537,12 @@ func parseVaultTokenFromJWT(token string) *string { return nil } - parsedJWT, err := squarejwt.ParseSigned(token) + parsedJWT, err := jwt.ParseSigned(token) if err != nil { return nil } - var claims squarejwt.Claims + var claims jwt.Claims if err = parsedJWT.UnsafeClaimsWithoutVerification(&claims); err != nil { return nil } diff --git a/builtin/logical/pki/acme_jws.go b/builtin/logical/pki/acme_jws.go index d6424a0a3..20e86f475 100644 --- a/builtin/logical/pki/acme_jws.go +++ b/builtin/logical/pki/acme_jws.go @@ -11,7 +11,7 @@ import ( "fmt" "strings" - jose "gopkg.in/square/go-jose.v2" + "github.com/go-jose/go-jose/v3" ) var AllowedOuterJWSTypes = map[string]interface{}{ diff --git a/builtin/logical/pki/path_acme_test.go b/builtin/logical/pki/path_acme_test.go index 5d2796cc9..bbd33f660 100644 --- a/builtin/logical/pki/path_acme_test.go +++ b/builtin/logical/pki/path_acme_test.go @@ -21,20 +21,19 @@ import ( "testing" "time" + "github.com/go-jose/go-jose/v3/json" + "github.com/go-test/deep" + "github.com/stretchr/testify/require" "golang.org/x/crypto/acme" "golang.org/x/net/http2" + "github.com/hashicorp/go-cleanhttp" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/helper/constants" vaulthttp "github.com/hashicorp/vault/http" "github.com/hashicorp/vault/sdk/helper/jsonutil" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/vault" - - "github.com/go-test/deep" - "github.com/hashicorp/go-cleanhttp" - "github.com/stretchr/testify/require" - "gopkg.in/square/go-jose.v2/json" ) // TestAcmeBasicWorkflow a basic test that will validate a basic ACME workflow using the Golang ACME client. diff --git a/changelog/20559.txt b/changelog/20559.txt new file mode 100644 index 000000000..2ff6422db --- /dev/null +++ b/changelog/20559.txt @@ -0,0 +1,3 @@ +```release-note:improvement +core, secrets/pki, audit: Update dependency go-jose to v3 due to v2 deprecation. +``` diff --git a/command/agent/testing.go b/command/agent/testing.go index 1eaa0aa35..04a2f0608 100644 --- a/command/agent/testing.go +++ b/command/agent/testing.go @@ -13,9 +13,10 @@ import ( "testing" "time" + "github.com/go-jose/go-jose/v3" + "github.com/go-jose/go-jose/v3/jwt" + "github.com/hashicorp/vault/sdk/logical" - jose "gopkg.in/square/go-jose.v2" - "gopkg.in/square/go-jose.v2/jwt" ) const envVarRunAccTests = "VAULT_ACC" diff --git a/go.mod b/go.mod index d668fe470..b6be88ee0 100644 --- a/go.mod +++ b/go.mod @@ -56,6 +56,7 @@ require ( github.com/favadi/protoc-go-inject-tag v1.3.0 github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 github.com/go-errors/errors v1.4.2 + github.com/go-jose/go-jose/v3 v3.0.0 github.com/go-ldap/ldap/v3 v3.4.4 github.com/go-sql-driver/mysql v1.6.0 github.com/go-test/deep v1.1.0 @@ -214,7 +215,6 @@ require ( google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0 google.golang.org/protobuf v1.28.1 gopkg.in/ory-am/dockertest.v3 v3.3.4 - gopkg.in/square/go-jose.v2 v2.6.0 gotest.tools/gotestsum v1.9.0 honnef.co/go/tools v0.4.3 k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 @@ -470,6 +470,7 @@ require ( gopkg.in/ini.v1 v1.66.2 // indirect gopkg.in/jcmturner/goidentity.v3 v3.0.0 // indirect gopkg.in/resty.v1 v1.12.0 // indirect + gopkg.in/square/go-jose.v2 v2.6.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/api v0.26.2 // indirect diff --git a/go.sum b/go.sum index f7e90fc6a..09eea3cf1 100644 --- a/go.sum +++ b/go.sum @@ -1232,6 +1232,8 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-ini/ini v1.66.6/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= +github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo= +github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= @@ -2871,6 +2873,7 @@ golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= diff --git a/vault/identity_store_oidc.go b/vault/identity_store_oidc.go index 094b3c019..5531d717a 100644 --- a/vault/identity_store_oidc.go +++ b/vault/identity_store_oidc.go @@ -20,6 +20,8 @@ import ( "strings" "time" + "github.com/go-jose/go-jose/v3" + "github.com/go-jose/go-jose/v3/jwt" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-secure-stdlib/base62" "github.com/hashicorp/go-secure-stdlib/strutil" @@ -32,8 +34,6 @@ import ( "github.com/hashicorp/vault/sdk/logical" "github.com/patrickmn/go-cache" "golang.org/x/crypto/ed25519" - "gopkg.in/square/go-jose.v2" - "gopkg.in/square/go-jose.v2/jwt" ) type oidcConfig struct { diff --git a/vault/identity_store_oidc_provider.go b/vault/identity_store_oidc_provider.go index c938e84c7..612b16605 100644 --- a/vault/identity_store_oidc_provider.go +++ b/vault/identity_store_oidc_provider.go @@ -16,6 +16,7 @@ import ( "strings" "time" + "github.com/go-jose/go-jose/v3" "github.com/hashicorp/go-memdb" "github.com/hashicorp/go-secure-stdlib/base62" "github.com/hashicorp/go-secure-stdlib/strutil" @@ -24,7 +25,6 @@ import ( "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/identitytpl" "github.com/hashicorp/vault/sdk/logical" - "gopkg.in/square/go-jose.v2" ) const ( diff --git a/vault/identity_store_oidc_provider_util.go b/vault/identity_store_oidc_provider_util.go index 637875758..813b25f5e 100644 --- a/vault/identity_store_oidc_provider_util.go +++ b/vault/identity_store_oidc_provider_util.go @@ -12,9 +12,9 @@ import ( "net/http" "net/url" + "github.com/go-jose/go-jose/v3" "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/logical" - "gopkg.in/square/go-jose.v2" ) // validRedirect checks whether uri is in allowed using special handling for loopback uris. diff --git a/vault/identity_store_oidc_test.go b/vault/identity_store_oidc_test.go index ea63b5150..5dd33ab8a 100644 --- a/vault/identity_store_oidc_test.go +++ b/vault/identity_store_oidc_test.go @@ -11,6 +11,8 @@ import ( "testing" "time" + "github.com/go-jose/go-jose/v3" + "github.com/go-jose/go-jose/v3/jwt" "github.com/go-test/deep" "github.com/hashicorp/go-hclog" "github.com/hashicorp/vault/helper/identity" @@ -18,8 +20,6 @@ import ( "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/logical" gocache "github.com/patrickmn/go-cache" - "gopkg.in/square/go-jose.v2" - "gopkg.in/square/go-jose.v2/jwt" ) // TestOIDC_Path_OIDC_RoleNoKeyParameter tests that a role cannot be created diff --git a/vault/wrapping.go b/vault/wrapping.go index 091bab04a..69e002491 100644 --- a/vault/wrapping.go +++ b/vault/wrapping.go @@ -13,14 +13,14 @@ import ( "time" "github.com/armon/go-metrics" + "github.com/go-jose/go-jose/v3" + "github.com/go-jose/go-jose/v3/jwt" "github.com/hashicorp/vault/helper/metricsutil" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/helper/certutil" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/jsonutil" "github.com/hashicorp/vault/sdk/logical" - "gopkg.in/square/go-jose.v2" - squarejwt "gopkg.in/square/go-jose.v2/jwt" ) const ( @@ -194,16 +194,16 @@ DONELISTHANDLING: switch resp.WrapInfo.Format { case "jwt": // Create the JWT - claims := squarejwt.Claims{ + claims := jwt.Claims{ // Map the JWT ID to the token ID for ease of use ID: te.ID, // Set the issue time to the creation time - IssuedAt: squarejwt.NewNumericDate(creationTime), + IssuedAt: jwt.NewNumericDate(creationTime), // Set the expiration to the TTL - Expiry: squarejwt.NewNumericDate(creationTime.Add(resp.WrapInfo.TTL)), + Expiry: jwt.NewNumericDate(creationTime.Add(resp.WrapInfo.TTL)), // Set a reasonable not-before time; since unwrapping happens on this // node we shouldn't have to worry much about drift - NotBefore: squarejwt.NewNumericDate(time.Now().Add(-5 * time.Second)), + NotBefore: jwt.NewNumericDate(time.Now().Add(-5 * time.Second)), } type privateClaims struct { Accessor string `json:"accessor"` @@ -225,7 +225,7 @@ DONELISTHANDLING: c.logger.Error("failed to create JWT builder", "error", err) return nil, ErrInternalError } - ser, err := squarejwt.Signed(sig).Claims(claims).Claims(priClaims).CompactSerialize() + ser, err := jwt.Signed(sig).Claims(claims).Claims(priClaims).CompactSerialize() if err != nil { c.tokenStore.revokeOrphan(ctx, te.ID) c.logger.Error("failed to serialize JWT", "error", err) @@ -407,11 +407,11 @@ func (c *Core) validateWrappingToken(ctx context.Context, req *logical.Request) // and then a dot. if IsJWT(token) { // Implement the jose library way - parsedJWT, err := squarejwt.ParseSigned(token) + parsedJWT, err := jwt.ParseSigned(token) if err != nil { return false, fmt.Errorf("wrapping token could not be parsed: %w", err) } - var claims squarejwt.Claims + var claims jwt.Claims allClaims := make(map[string]interface{}) if err = parsedJWT.Claims(&c.wrappingJWTKey.PublicKey, &claims, &allClaims); err != nil { return false, fmt.Errorf("wrapping token signature could not be validated: %w", err)