documentation around key type

hmac.go

@@ -47,6 +47,7 @@ func (m *SigningMethodHMAC) Alg() string {
 }
 
 // Verify the signature of HSXXX tokens.  Returns nil if the signature is valid.
+// Key must be []byte
 func (m *SigningMethodHMAC) Verify(signingString, signature string, key interface{}) error {
 	// Verify the key is the right type
 	keyBytes, ok := key.([]byte)

keyfunc.go

@@ -6,6 +6,12 @@ import "fmt"
 // the key for verification.  The function receives the parsed,
 // but unverified Token.  This allows you to use properties in the
 // Header of the token (such as `kid`) to identify which key to use.
+//
+// Each signing method accepts a different type of key. See the documentation
+// for the signing method you're using to ensure you have the correct key type.
+// Examples:
+// - SigningMethodRSA ('RS256', etc) takes *rsa.PublicKey
+// - SigningMethodHSA ('HS256', etc) takes []byte
 type Keyfunc func(*Token) (interface{}, error)
 
 // KnownKeyfunc is a helper for generating a Keyfunc from a known

token.go

@@ -41,6 +41,11 @@ func NewWithClaims(method SigningMethod, claims Claims) *Token {
 }
 
 // SignedString returns the complete, signed token
+// Each signing method accepts a different type of key. See the documentation
+// for the signing method you're using to ensure you have the correct key type.
+// Examples:
+// - SigningMethodRSA ('RS256', etc) takes *rsa.PrivateKey
+// - SigningMethodHSA ('HS256', etc) takes []byte
 func (t *Token) SignedString(key interface{}, opts ...SigningOption) (string, error) {
 	var sig, sstr string
 	var err error