From d643afb0abe07782265159e21027f4f8ef6cb2be Mon Sep 17 00:00:00 2001
From: Masahiro Nagano <kazeburo@gmail.com>
Date: Tue, 23 Apr 2019 01:00:05 +0900
Subject: [PATCH] validate signed method

---
 publickey/publickey.go | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/publickey/publickey.go b/publickey/publickey.go
index 2f3bfd7..34a2a9d 100644
--- a/publickey/publickey.go
+++ b/publickey/publickey.go
@@ -48,18 +48,17 @@ func (pk Publickey) Verify(t string) (bool, error) {
 	}
 	t = strings.TrimPrefix(t, "Bearer ")
 	claims := &jwt.StandardClaims{}
-	token, err := jwt.ParseWithClaims(t, claims, func(token *jwt.Token) (interface{}, error) {
+	jwp := &jwt.Parser{
+		ValidMethods:         []string{"RS256", "RS384", "RS512"},
+		SkipClaimsValidation: false,
+	}
+	_, err := jwp.ParseWithClaims(t, claims, func(token *jwt.Token) (interface{}, error) {
 		return pk.verifyKey, nil
 	})
 
 	if err != nil {
 		return false, fmt.Errorf("Token is invalid: %v", err)
 	}
-	if !token.Valid {
-		return false, fmt.Errorf("Token is invalid")
-	}
-	if claims.Valid() != nil {
-		return false, fmt.Errorf("Invalid claims: %v", claims.Valid())
-	}
+
 	return true, nil
 }