Skip to content

feat: use standard errors on MapClaims validation (v4) #447

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: v4
Choose a base branch
from
Open

feat: use standard errors on MapClaims validation (v4) #447

wants to merge 1 commit into from

Conversation

viniciusgabrielfo
Copy link

Not sure if v4 still receives updates

But trying to handle proper the expiration errors in a project that uses jwt/v4 when we want to identify the Token Expired error for example, as is a custom error we need to check by string comparison.

Just adding the proper exported standardized errors on MapClaims Valid().

This change can cause issues for users that have already created validations using a CamelCase string comparison when call Parse() like:

token, err := jwt.Parse(tokenString, keyFunc{})
if strings.EqualFold(err, "Token is expired") {
    // handle error
}

OR

token, err := jwt.Parse(tokenString, keyFunc{})
if err.Error() == "Token is expired" {
    // handle error
}

Since the standardized expired error uses lower case t and the current custom errors use upper case T

@viniciusgabrielfo viniciusgabrielfo changed the title feat: use standard errors on MapClaims validation feat: use standard errors on MapClaims validation (v4) Jul 1, 2025
@oxisto
Copy link
Collaborator

oxisto commented Jul 15, 2025
edited
Loading

Not sure if v4 still receives updates

But trying to handle proper the expiration errors in a project that uses jwt/v4 when we want to identify the Token Expired error for example, as is a custom error we need to check by string comparison.

Just adding the proper exported standardized errors on MapClaims Valid().

This change can cause issues for users that have already created validations using a CamelCase string comparison when call Parse() like:

token, err := jwt.Parse(tokenString, keyFunc{})
if strings.EqualFold(err, "Token is expired") {
    // handle error
}

OR

token, err := jwt.Parse(tokenString, keyFunc{})
if err.Error() == "Token is expired" {
    // handle error
}

Since the standardized expired error uses lower case t and the current custom errors use upper case T

Thanks for your contribution. Well this is tricky one, our policy states that we only support security updates for v4 but develpment is focused on v5 (and v6, see #335). I strongly suggest to upgrade to v5, which should be more or less harmless.

Additionally, changing the error strings is sort of a breaking change as well, this is why we did not touch it in v4, so I am afraid I would vote no against this PR, sorry :(

@mfridman your thoughts?

@oxisto oxisto requested a review from mfridman July 24, 2025 06:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mfridman mfridman Awaiting requested review from mfridman

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@viniciusgabrielfo @oxisto