6

I'm using Jose library to create JWE's. I have successfully managed to create and parse JWE. JWT has fields like exp, iat which help in invalidating token after a certain period of time.

How can I set expiry on JWE ?

Here's what I've tried, without exp:

package main

import (
    jose "gopkg.in/square/go-jose.v2"
)

// len(key) is 32
func CreateJWE(value, key string)(string, error){
    encrypter, err := jose.NewEncrypter(jose.A256GCM, jose.Recipient{Algorithm: jose.A256GCMKW, Key: []byte(key)}, nil)
    if err != nil {
        return "", err
    }
    object, err := encrypter.Encrypt([]byte(value)])
    if err != nil {
        return "", err
    }
    return object.FullSerialize(), nil
}

func ParseJWE(jwe, key string)(string, error){
    object, err := jose.ParseEncrypted(jwe)
    if err != nil {
        return "", err
    }
    b, err := (*object).Decrypt(key)
    return string(b), err
}
Ankit Deshpande
  • 3,476
  • 1
  • 29
  • 42
  • 1
    Hum... you will need to use the `jwt` subpackage. There is an example in the godoc: https://godoc.org/gopkg.in/square/go-jose.v2/jwt#example-Encrypted The `jwt.Claims` has `Expiry`, and it is that you are looking for. I hope it helps. – Jota Santos Feb 05 '19 at 13:49
  • 2
    I think you mean JWT tbh? JWE is just the encryption for the object in a JWT isn't it? Looks like that guy couldn't be bothered to make some decent documentation – Dominic Feb 05 '19 at 13:59
  • @Dominic I think I read somewhere that JWE and JWS are two types of JWT. Is it correct ? – Ankit Deshpande Feb 05 '19 at 16:48
  • @JamilloSantos Thanks a lot mate, you saved the day. – Ankit Deshpande Feb 05 '19 at 16:51
  • Ah yes I think you are correct - https://medium.facilelogin.com/jwt-jws-and-jwe-for-not-so-dummies-b63310d201a3. Generally people just refer to JWT though. Shame the developer made something so low level with only generated docs, hope Go doesn't "go" the same way as Java. In Node this is so trivial! – Dominic Feb 05 '19 at 16:54
  • Yup. It needs more docs for sure. I was also surprised to see that this lib is quite popular without proper docs. – Ankit Deshpande Feb 05 '19 at 17:36

1 Answers1

0

JWEs do not have expiration

u should use JWT for resolve it

look at this Q&A in github

and this stackoverflow question, it's for python but i tell it for reading and open ur mind about this subject

Seyed Hossein Hosseini motlagh
  • 152
  • 1
  • 9