I am trying to validate my json token but i am not able to do that,
Here is my sample token
Header:
{
"alg": "HS256",
"typ": "JWT"
}
Payloads:
{
"admin": false,
"School_ID": 123,
"name": "XXXXXX",
"sub": "XXXXXXXX"
}
Singature: Key
My problem is as soon as i am trying to manipulate JSON web token and change the value of admin 'false' to 'true', it is bypassing my API and becoming as an admin user from the normal user, to prevent that i tried using
token, err: = new(jwt.Parser).ParseWithClaims(tokenString, newClaims(), func( * jwt.Token)(interface {}, error) {
return tokenString, nil
})
but problem still there can anyone help me how to fix that issue as its critical security bug and i need to fix it.