the requested hash function is unavailable

[tonyqui]

Greeting folks,
I am currently trying to perform the validation of a JWT token issued by AzureActiveDirectory.

Here's the header:

{ "typ":"JWT", "nonce":"fF8GUtxqSoRupyeXtb-7Azd1VC9y0zmaV9HpBE2r4_w", "alg":"RS256", "x5t":"-KI3Q9nNR7bRofxmeZoXqbHZGew", "kid":"-KI3Q9nNR7bRofxmeZoXqbHZGew"}

I can find the corresponding certificate using the following API:
https://login.microsoftonline.com/common/discovery/keys

I'm trying to call Validate method through:

test := &jwt.SigningMethodRSA{}
err = test.Verify(signstring, signature, &publickey)
where:

• signstring is the base64urldecoded version of JWS payload
• signature is the JWS Signature retrieved from JWT token
• publickey is a *rsa.PublicKey representing the public key (I attempted to extract it from certificate through jwt.Parse and creating directly a new structure from modulus and exponent found in previous Azure api call).

At the time of the execution, Verify method returns an error:
the requested hash function is unavailable
I am not sure if this is linked to any pre-requisite not met or to any other mis-configuration of RSA hash.

Any clue about what I should be checking?

[oxisto]

Wo do not fully support JWS, so I hope this works, but what you need to do is the following:

token, err := jwt.ParseWithClaims(tokenString, &jwt.RegisteredClaims{}, func(token *jwt.Token) (interface{}, error) {
   return publickey, nil
}

tokenString would be the complete base64urlencoded version of the token. Maybe try passing in the complete JWS?

You probably also don't want to extract the public key by hand. There is an excellent library called http://github.com/MicahParks/keyfunc which you can use use as the keyfunc argument to jwt.ParseWithClaims.