Adds support for v5 of the golang-jwt library

.github/workflows/go.yml

@@ -16,7 +16,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v2
       with:
-        go-version: 1.16
+        go-version: 1.18
 
     - name: Build
       run: go build -v ./...

example/example.go

@@ -7,7 +7,7 @@ import (
 
 	"github.com/aws/aws-sdk-go-v2/config"
 	"github.com/aws/aws-sdk-go-v2/service/kms"
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/matelang/jwt-go-aws-kms/v2/jwtkms"
 )
 
@@ -21,13 +21,13 @@ func main() {
 	}
 
 	now := time.Now()
-	jwtToken := jwt.NewWithClaims(jwtkms.SigningMethodECDSA256, &jwt.StandardClaims{
-		Audience:  "api.example.com",
-		ExpiresAt: now.Add(1 * time.Hour * 24).Unix(),
-		Id:        "1234-5678",
-		IssuedAt:  now.Unix(),
+	jwtToken := jwt.NewWithClaims(jwtkms.SigningMethodECDSA256, &jwt.RegisteredClaims{
+		Audience:  jwt.ClaimStrings{"api.example.com"},
+		ExpiresAt: jwt.NewNumericDate(now.Add(1 * time.Hour * 24)),
+		ID:        "1234-5678",
+		IssuedAt:  jwt.NewNumericDate(now),
 		Issuer:    "sso.example.com",
-		NotBefore: now.Unix(),
+		NotBefore: jwt.NewNumericDate(now),
 		Subject:   "[email protected]",
 	})
 

go.mod

@@ -1,11 +1,24 @@
 module github.com/matelang/jwt-go-aws-kms/v2
 
-go 1.16
+go 1.18
 
 require (
 	github.com/aws/aws-sdk-go-v2 v1.17.7
 	github.com/aws/aws-sdk-go-v2/config v1.18.19
 	github.com/aws/aws-sdk-go-v2/service/kms v1.20.8
-	github.com/golang-jwt/jwt/v4 v4.5.0
+	github.com/golang-jwt/jwt/v5 v5.0.0
 	github.com/google/uuid v1.3.0
 )
+
+require (
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.18 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.1 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.31 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.25 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.32 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.25 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.12.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.18.7 // indirect
+	github.com/aws/smithy-go v1.13.5 // indirect
+)

go.sum

@@ -25,8 +25,8 @@ github.com/aws/aws-sdk-go-v2/service/sts v1.18.7/go.mod h1:JuTnSoeePXmMVe9G8Ncjj
 github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
 github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
-github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
+github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=

jwtkms/init.go

@@ -9,8 +9,9 @@ package jwtkms
 
 import (
 	"crypto"
+
 	"github.com/aws/aws-sdk-go-v2/service/kms/types"
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 )
 
 var (

jwtkms/kms_signing_method.go

@@ -6,11 +6,12 @@ import (
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/asn1"
+	"math/big"
+
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/kms"
 	"github.com/aws/aws-sdk-go-v2/service/kms/types"
-	"github.com/golang-jwt/jwt/v4"
-	"math/big"
+	"github.com/golang-jwt/jwt/v5"
 )
 
 type fallbackSigningMethodCompatibilityCheckerFunc func(keyConfig interface{}) bool
@@ -94,7 +95,7 @@ func (m *KMSSigningMethod) Alg() string {
 	return m.fallbackSigningMethod.Alg()
 }
 
-func (m *KMSSigningMethod) Verify(signingString string, signature string, keyConfig interface{}) error {
+func (m *KMSSigningMethod) Verify(signingString string, sig []byte, keyConfig interface{}) (err error) {
 	// Expecting a jwtkms.Config as the keyConfig to use AWS KMS to Verify tokens.
 	cfg, ok := keyConfig.(*Config)
 
@@ -104,17 +105,12 @@ func (m *KMSSigningMethod) Verify(signingString string, signature string, keyCon
 		keyConfigIsForFallbackSigningMethod := m.fallbackSigningMethodKeyConfigCheckerFunc(keyConfig)
 
 		if keyConfigIsForFallbackSigningMethod {
-			return m.fallbackSigningMethod.Verify(signingString, signature, keyConfig)
+			return m.fallbackSigningMethod.Verify(signingString, sig, keyConfig)
 		}
 
 		return jwt.ErrInvalidKeyType
 	}
 
-	sig, err := jwt.DecodeSegment(signature)
-	if err != nil {
-		return err
-	}
-
 	if !m.hash.Available() {
 		return jwt.ErrHashUnavailable
 	}
@@ -169,10 +165,10 @@ func (m *KMSSigningMethod) Verify(signingString string, signature string, keyCon
 		pubkeyCache.Add(cfg.kmsKeyID, cachedKey)
 	}
 
-	return m.fallbackSigningMethod.Verify(signingString, signature, cachedKey)
+	return m.fallbackSigningMethod.Verify(signingString, sig, cachedKey)
 }
 
-func (m *KMSSigningMethod) Sign(signingString string, keyConfig interface{}) (string, error) {
+func (m *KMSSigningMethod) Sign(signingString string, keyConfig interface{}) ([]byte, error) {
 	// Expecting a jwtkms.Config as the keyConfig to use AWS KMS to Sign tokens.
 	cfg, ok := keyConfig.(*Config)
 
@@ -185,11 +181,11 @@ func (m *KMSSigningMethod) Sign(signingString string, keyConfig interface{}) (st
 			return m.fallbackSigningMethod.Sign(signingString, keyConfig)
 		}
 
-		return "", jwt.ErrInvalidKeyType
+		return nil, jwt.ErrInvalidKeyType
 	}
 
 	if !m.hash.Available() {
-		return "", jwt.ErrHashUnavailable
+		return nil, jwt.ErrHashUnavailable
 	}
 
 	hasher := m.hash.New()
@@ -205,16 +201,16 @@ func (m *KMSSigningMethod) Sign(signingString string, keyConfig interface{}) (st
 
 	signOutput, err := cfg.kmsClient.Sign(cfg.ctx, signInput)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 
 	formattedSig := signOutput.Signature
 	if m.postSignatureSigFormatterFunc != nil {
 		formattedSig, err = m.postSignatureSigFormatterFunc(signOutput.Signature)
 		if err != nil {
-			return "", err
+			return nil, err
 		}
 	}
 
-	return jwt.EncodeSegment(formattedSig), nil
+	return formattedSig, nil
 }

jwtkms/kms_signingmethod_test.go

@@ -3,7 +3,7 @@ package jwtkms
 import (
 	"testing"
 
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/matelang/jwt-go-aws-kms/v2/jwtkms/internal/mockkms"
 )