labstack
Upgrade to jwt v4
Better to upgrade to JWT library v4 which is better than original one. Also, there is a deprecation of StandardClaims
StandardClaims are a structured version of the JWT Claims Set, as referenced at https://datatracker.ietf.org/doc/html/rfc7519#section-4. They do not follow the specification exactly, since they were based on an earlier draft of the specification and not updated. The main difference is that they only support integer-based date fields and singular audiences. This might lead to incompatibilities with other JWT implementations. The use of this is discouraged, instead the newer RegisteredClaims struct should be used.
Please see https://github.com/labstack/echo/pull/2122#issuecomment-1065904491
@aldas thank you for information. But the issue causes not by v3 or v4. But due to the wrong result JWT token. For now we have found that the token generated with old version is not validated by other JWT libraries. For now we have checked ruby and php implementation.
Creating a token and parsing a token is two different things. JWT middleware does not create tokens.
If you want to parse claims into different type of struct (by different library or never version) then there is https://github.com/labstack/echo/blob/572466d92889a5c946885ec90d5a94d7ad25b0a3/middleware/jwt.go#L111
As I mentioned in that comment - upgrading to v4 is breaking change and it is a quite sneaky change as Echo would start to use v4 structs and insert them into context but your middlewares/handler (whereever you are checking claims) are still importing v3 struct and if you do not have tests your requests will panic when you do the cast.
To make changes backward compatible, a new middleware should be added, and the old one should be marked as deprecated, so that we enforce people using the new version and don't break the existing code.
Closing. After v4.10.0 we will introduce separate repo for JWT middleware and mark middleware in core as deprecated.