📚 sjwt - Awesome Go Library for Authentication and Authorization

Go Gopher mascot for sjwt

Simple jwt generator and parser

🏷️ Authentication and Authorization
📂 Authentication and Authorization
0 stars
View on GitHub 🔗

Detailed Description of sjwt

alt text

sjwt Go Report Card GoDoc license

Buy Me A Coffee

Simple JSON Web Token - Uses HMAC SHA-256

Minimalistic and efficient tool for handling JSON Web Tokens in Go applications. It offers a straightforward approach to integrating JWT for authentication and security, designed for ease of use.

Features

  • Easy JWT for Go: Implement JWT in Go with minimal effort.
  • Secure & Simple: Reliable security features, easy to integrate.
  • Open Source: MIT licensed, open for community contributions.

Install

Security note: Generate and Verify require secrets that are at least 32 random bytes. Generate keys with crypto/rand (for example hex.EncodeToString) rather than hard-coding test values in production.

go get -u github.com/brianvoe/sjwt

Example

// Set Claims
claims := sjwt.New()
claims.Set("username", "billymister")
claims.Set("account_id", 8675309)

// Generate jwt
secretKey := []byte("0123456789abcdef0123456789abcdef")
jwt, err := claims.Generate(secretKey)
if err != nil {
    panic(err)
}

Example parse

secretKey := []byte("0123456789abcdef0123456789abcdef")

// Create a token
claims := sjwt.New()
claims.Set("name", "John Doe")
jwt, err := claims.Generate(secretKey)
if err != nil {
    panic(err)
}

// Parse jwt (no signature verification yet)
parsed, err := sjwt.Parse(jwt)
if err != nil {
    panic(err)
}

// Get claims
name, err := parsed.GetStr("name") // John Doe

Example verify and validate

secretKey := []byte("0123456789abcdef0123456789abcdef")

// Create a token
claims := sjwt.New()
claims.Set("name", "John Doe")
jwt, err := claims.Generate(secretKey)
if err != nil {
    panic(err)
}

// Verify the signature before trusting the payload
if !sjwt.Verify(jwt, secretKey) {
    panic("signature mismatch")
}

// Parse the payload
parsedClaims, err := sjwt.Parse(jwt)
if err != nil {
    panic(err)
}

// Validate will check(if set) Expiration At and Not Before At dates
if err := parsedClaims.Validate(); err != nil {
    panic(err)
}

Example usage of registered claims

// Set Claims
claims := sjwt.New()
claims.SetTokenID()                                  // UUID generated
claims.SetSubject("Subject Title")                   // Subject of the token
claims.SetIssuer("Google")                           // Issuer of the token
claims.SetAudience([]string{"Google", "Facebook"})   // Audience the toke is for
claims.SetIssuedAt(time.Now())                       // IssuedAt in time, value is set in unix
claims.SetNotBeforeAt(time.Now().Add(time.Hour * 1)) // Token valid in 1 hour
claims.SetExpiresAt(time.Now().Add(time.Hour * 24))  // Token expires in 24 hours

// Generate jwt
secretKey := []byte("0123456789abcdef0123456789abcdef")
jwt, err := claims.Generate(secretKey)
if err != nil {
    panic(err)
}

Example usage of struct to claims

type Info struct {
    Name string `json:"name"`
}

// Marshal your struct into claims
info := Info{Name: "Billy Mister"}
claims, err := sjwt.ToClaims(info)
if err != nil {
    panic(err)
}

// Generate jwt
secretKey := []byte("0123456789abcdef0123456789abcdef")
jwt, err := claims.Generate(secretKey)
if err != nil {
    panic(err)
}

Why?

For all the times I have needed the use of a jwt, its always been a simple HMAC SHA-256 and thats normally the use of most jwt tokens.

← Back to Authentication and Authorization - Authentication and Authorization