Exemple #1
//ValidateToken validate a token signed by the given certificate with the subject hostname
func ValidateToken(userToken string, certificate *pkix.Certificate, hostname *string) error {
	cert, err := certificate.Export()
	if err != nil {
		return err

	token, err := jwt.Parse(userToken, func(token *jwt.Token) (interface{}, error) {
		// Don't forget to validate the alg is what you expect:
		if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
			return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
		jti := token.Claims["jti"].(string)
		if _, exists := jtiCache[jti]; exists == true {
			return nil, fmt.Errorf("Replay attack!!! jti= %s", jti)
		jtiCache[jti] = token.Claims["exp"].(float64)

		//validate hostname if any
		subject := token.Claims["sub"].(string)
		if subject != "" && subject != *hostname {
			return nil, fmt.Errorf("Mismatch hostname: %s", subject)

		return cert, nil

	if err == nil && token.Valid {
		return nil
	return fmt.Errorf("Token is invalid, %s", err)