GitHub - brianvoe/sjwt: Simple JWT Golang (original) (raw)
Simple JSON Web Token - Uses HMAC SHA-256
Minimalistic and efficient tool for handling JSON Web Tokens in Go applications. It offers a straightforward approach to integrating JWT for authentication and security, designed for ease of use.
Features
- Easy JWT for Go: Implement JWT in Go with minimal effort.
- Secure & Simple: Reliable security features, easy to integrate.
- Open Source: MIT licensed, open for community contributions.
Install
Security note:
GenerateandVerifyrequire secrets that are at least 32 random bytes. Generate keys withcrypto/rand(for examplehex.EncodeToString) rather than hard-coding test values in production.
go get -u github.com/brianvoe/sjwt
Example
// Set Claims claims := sjwt.New() claims.Set("username", "billymister") claims.Set("account_id", 8675309)
// Generate jwt secretKey := []byte("0123456789abcdef0123456789abcdef") jwt, err := claims.Generate(secretKey) if err != nil { panic(err) }
Example parse
secretKey := []byte("0123456789abcdef0123456789abcdef")
// Create a token claims := sjwt.New() claims.Set("name", "John Doe") jwt, err := claims.Generate(secretKey) if err != nil { panic(err) }
// Parse jwt (no signature verification yet) parsed, err := sjwt.Parse(jwt) if err != nil { panic(err) }
// Get claims name, err := parsed.GetStr("name") // John Doe
Example verify and validate
secretKey := []byte("0123456789abcdef0123456789abcdef")
// Create a token claims := sjwt.New() claims.Set("name", "John Doe") jwt, err := claims.Generate(secretKey) if err != nil { panic(err) }
// Verify the signature before trusting the payload if !sjwt.Verify(jwt, secretKey) { panic("signature mismatch") }
// Parse the payload parsedClaims, err := sjwt.Parse(jwt) if err != nil { panic(err) }
// Validate will check(if set) Expiration At and Not Before At dates if err := parsedClaims.Validate(); err != nil { panic(err) }
Example usage of registered claims
// Set Claims claims := sjwt.New() claims.SetTokenID() // UUID generated claims.SetSubject("Subject Title") // Subject of the token claims.SetIssuer("Google") // Issuer of the token claims.SetAudience([]string{"Google", "Facebook"}) // Audience the toke is for claims.SetIssuedAt(time.Now()) // IssuedAt in time, value is set in unix claims.SetNotBeforeAt(time.Now().Add(time.Hour * 1)) // Token valid in 1 hour claims.SetExpiresAt(time.Now().Add(time.Hour * 24)) // Token expires in 24 hours
// Generate jwt secretKey := []byte("0123456789abcdef0123456789abcdef") jwt, err := claims.Generate(secretKey) if err != nil { panic(err) }
Example usage of struct to claims
type Info struct {
Name string json:"name"
}
// Marshal your struct into claims info := Info{Name: "Billy Mister"} claims, err := sjwt.ToClaims(info) if err != nil { panic(err) }
// Generate jwt secretKey := []byte("0123456789abcdef0123456789abcdef") jwt, err := claims.Generate(secretKey) if err != nil { panic(err) }
Why?
For all the times I have needed the use of a jwt, its always been a simple HMAC SHA-256 and thats normally the use of most jwt tokens.