๐Ÿ“š go-jwt - Awesome Go Library for Authentication and Authorization

Go Gopher mascot for go-jwt

JWT authentication package providing access tokens and refresh tokens with fingerprinting, Redis storage, and automatic refresh capabilities

๐Ÿท๏ธ Authentication and Authorization
๐Ÿ“‚ Authentication and Authorization
โญ 0 stars
View on GitHub ๐Ÿ”—

Detailed Description of go-jwt

[!NOTE] This README was generated by SKILL, get the ZH version from here.

go-jwt

pkg card codecov license version Mentioned in Awesome Go

ECDSA and Redis-backed JWT authentication library with full token lifecycle management and device fingerprint binding.

Table of Contents

Features

go get github.com/pardnchiu/go-jwt ยท Documentation

Redis-Driven Token Lifecycle

Integrates Redis for complete Access Token and Refresh ID lifecycle management, including creation, verification, refresh, and revocation. Ensures atomicity of multi-key operations through Redis Transaction Pipelines and prevents concurrent Refresh Token race conditions with distributed locks.

Device Fingerprint Binding

Binds tokens to the user's device environment (OS, browser, device type) via SHA-256 hashing. Even if a token is stolen, attackers cannot use it on a different device, fundamentally preventing token hijacking attacks.

Dual-Framework Middleware

Provides plug-and-play middleware for both Gin and standard net/http, automatically handling token verification and expiration refresh flows. Developers retrieve authenticated user data directly from the context without manual token lifecycle intervention.

Architecture

graph TB
    REQ[HTTP Request] --> MW[Middleware<br/>Gin / net/http]
    MW --> V[Verify]
    V -->|Valid Token| AUTH[Return Auth Data]
    V -->|Expired Token| RF[Refresh]
    V -->|No Token| DENY[Deny Access]
    RF -->|Valid Refresh ID| SIGN[Re-sign Access Token]
    RF -->|Threshold Exceeded| CREATE[Full Token Rebuild]
    RF -->|Invalid| DENY
    SIGN --> REDIS[(Redis)]
    CREATE --> REDIS
    V --> FP[Device Fingerprint Check]
    FP --> REDIS

File Structure

go-jwt/
โ”œโ”€โ”€ instance.go       # Initialization and config validation
โ”œโ”€โ”€ create.go         # Token creation and JWT signing
โ”œโ”€โ”€ verify.go         # Token verification and JWT parsing
โ”œโ”€โ”€ refresh.go        # Token refresh with distributed lock
โ”œโ”€โ”€ revoke.go         # Token revocation
โ”œโ”€โ”€ middleware.go     # Gin / net/http middleware
โ”œโ”€โ”€ cookie.go         # Cookie management
โ”œโ”€โ”€ pem.go            # ECDSA key handling
โ”œโ”€โ”€ refreshData.go    # Refresh ID and device fingerprint
โ”œโ”€โ”€ utility.go        # Helper functions
โ”œโ”€โ”€ uuid.go           # UUID v4 generation
โ”œโ”€โ”€ type.go           # Type definitions
โ”œโ”€โ”€ jwt_test.go       # Unit tests
โ””โ”€โ”€ go.mod

License

This project is licensed under the MIT LICENSE.

Author

้‚ฑๆ•ฌๅนƒ Pardn Chiu

Stars

Star

ยฉ๏ธ 2025 ้‚ฑๆ•ฌๅนƒ Pardn Chiu

โ† Back to Authentication and Authorization - Authentication and Authorization