{"id":30703294,"url":"https://github.com/deatil/go-jwt","last_synced_at":"2025-09-02T16:58:44.974Z","repository":{"id":301469499,"uuid":"1009174412","full_name":"deatil/go-jwt","owner":"deatil","description":"A JWT (JSON Web Token) library for go.","archived":false,"fork":false,"pushed_at":"2025-07-22T06:37:20.000Z","size":90,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-07-28T00:04:03.496Z","etag":null,"topics":["go-jwt","golang-jwt","jws","jwt","jwt-auth"],"latest_commit_sha":null,"homepage":"https://pkg.go.dev/github.com/deatil/go-jwt","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/deatil.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-26T17:39:29.000Z","updated_at":"2025-07-22T06:37:23.000Z","dependencies_parsed_at":"2025-07-19T17:19:52.840Z","dependency_job_id":"c65238bf-f51a-418a-aa4a-35302e0af5a6","html_url":"https://github.com/deatil/go-jwt","commit_stats":null,"previous_names":["deatil/go-jwt"],"tags_count":17,"template":false,"template_full_name":null,"purl":"pkg:github/deatil/go-jwt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deatil%2Fgo-jwt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deatil%2Fgo-jwt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deatil%2Fgo-jwt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deatil%2Fgo-jwt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deatil","download_url":"https://codeload.github.com/deatil/go-jwt/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deatil%2Fgo-jwt/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273317756,"owners_count":25084037,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-02T02:00:09.530Z","response_time":77,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["go-jwt","golang-jwt","jws","jwt","jwt-auth"],"created_at":"2025-09-02T16:58:34.056Z","updated_at":"2025-09-02T16:58:44.956Z","avatar_url":"https://github.com/deatil.png","language":"Go","funding_links":[],"categories":["Authentication and Authorization"],"sub_categories":[],"readme":"## Go-jwt\n\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://pkg.go.dev/github.com/deatil/go-jwt\" \u003e\u003cimg src=\"https://pkg.go.dev/badge/deatil/go-jwt.svg\" alt=\"Go Reference\"\u003e\u003c/a\u003e\n\u003ca href=\"https://codecov.io/gh/deatil/go-jwt\" \u003e\u003cimg src=\"https://codecov.io/gh/deatil/go-jwt/graph/badge.svg?token=SS2Z1IY0XL\"/\u003e\u003c/a\u003e\n\u003ca href=\"https://goreportcard.com/report/github.com/deatil/go-jwt\" \u003e\u003cimg src=\"https://goreportcard.com/badge/github.com/deatil/go-jwt\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\n### Desc\n\n* A JWT (JSON Web Token) library for go.\n\n\n### What the heck is a JWT?\n\nJWT.io has [a great introduction](https://jwt.io/introduction) to JSON Web Tokens.\n\nIn short, it's a signed JSON object that does something useful (for example, authentication). It's commonly used for `Bearer` tokens in Oauth 2. A token is made of three parts, separated by `.`'s. The first two parts are JSON objects, that have been [base64url](https://datatracker.ietf.org/doc/html/rfc4648) encoded. The last part is the signature, encoded the same way.\n\nThe first part is called the header. It contains the necessary information for verifying the last part, the signature. For example, which encryption method was used for signing and what key was used.\n\nThe part in the middle is the interesting bit. It's called the Claims and contains the actual stuff you care about. Refer to [RFC 7519](https://datatracker.ietf.org/doc/html/rfc7519) for information about reserved keys and the proper way to add your own.\n\n\n### What's in the box?\n\nThis library supports the parsing and verification as well as the generation and signing of JWTs. Current supported signing algorithms are HMAC SHA, RSA, RSA-PSS, and ECDSA, though hooks are present for adding your own.\n\n\n### Download\n\n~~~go\ngo get -u github.com/deatil/go-jwt\n~~~\n\n\n### Get Starting\n\n~~~go\npackage main\n\nimport (\n \"fmt\"\n\n \"github.com/deatil/go-jwt/jwt\"\n)\n\nfunc main() {\n claims := map[string]string{\n \"aud\": \"example.com\",\n \"sub\": \"foo\",\n }\n key := []byte(\"test-key\")\n\n s := jwt.SigningMethodHMD5.New()\n tokenString, err := s.Sign(claims, key)\n if err != nil {\n fmt.Printf(\"Sign: %s \\n\", err.Error())\n return\n }\n\n fmt.Printf(\"Signed: %s \\n\", tokenString)\n\n p := jwt.SigningMethodHMD5.New()\n parsedToken, err := p.Parse(tokenString, key)\n if err != nil {\n fmt.Printf(\"Parse: %s \\n\", err.Error())\n return\n }\n\n claims2, err := parsedToken.GetClaims()\n if err != nil {\n fmt.Printf(\"GetClaims: %s \\n\", err.Error())\n return\n }\n\n aud := claims2[\"aud\"].(string)\n fmt.Printf(\"Parseed aud: %s \\n\", aud)\n}\n~~~\n\n\n### Token Validator\n\n~~~go\npackage main\n\nimport (\n \"fmt\"\n \"time\"\n\n \"github.com/deatil/go-jwt/jwt\"\n)\n\nfunc main() {\n tokenString := \"eyJ0eXAiOiJKV0UiLCJhbGciOiJFUzI1NiIsImtpZCI6ImtpZHMifQ.eyJpc3MiOiJpc3MiLCJpYXQiOjE1Njc4NDIzODgsImV4cCI6MTc2Nzg0MjM4OCwiYXVkIjoiZXhhbXBsZS5jb20iLCJzdWIiOiJzdWIiLCJqdGkiOiJqdGkgcnJyIiwibmJmIjoxNTY3ODQyMzg4fQ.dGVzdC1zaWduYXR1cmU\"\n\n token := jwt.NewToken(jwt.JWTEncoder)\n token.parse(tokenString)\n\n validator, err := jwt.NewValidator(token)\n if err != nil {\n fmt.Printf(\"NewValidator: %s \\n\", err.Error())\n return\n }\n\n // validator.withLeeway(3)\n\n // output:\n // HasBeenIssuedBy: true\n fmt.Printf(\"HasBeenIssuedBy: %v \\n\", .{validator.HasBeenIssuedBy(\"iss\")})\n\n // now := time.Now().Unix()\n\n // have functions:\n // validator.HasBeenIssuedBy(\"iss\") // iss\n // validator.IsRelatedTo(\"sub\") // sub\n // validator.IsIdentifiedBy(\"jti rrr\") // jti\n // validator.IsPermittedFor(\"example.com\") // audience\n // validator.HasBeenIssuedBefore(now) // iat, now is time timestamp\n // validator.IsMinimumTimeBefore(now) // nbf, now is time timestamp\n // validator.IsExpired(now) // exp, now is time timestamp\n}\n~~~\n\n\n### Signing Methods\n\nThe JWT library have signing methods:\n\n - `RS256`: jwt.SigningMethodRS256\n - `RS384`: jwt.SigningMethodRS384\n - `RS512`: jwt.SigningMethodRS512\n\n - `PS256`: jwt.SigningMethodPS256\n - `PS384`: jwt.SigningMethodPS384\n - `PS512`: jwt.SigningMethodPS512\n\n - `ES256`: jwt.SigningMethodES256\n - `ES384`: jwt.SigningMethodES384\n - `ES512`: jwt.SigningMethodES512\n\n - `EdDSA`: jwt.SigningMethodEdDSA\n - `ED25519`: jwt.SigningMethodED25519\n\n - `HMD5`: jwt.SigningMethodHMD5\n - `HSHA1`: jwt.SigningMethodHSHA1\n - `HS224`: jwt.SigningMethodHS224\n - `HS256`: jwt.SigningMethodHS256\n - `HS384`: jwt.SigningMethodHS384\n - `HS512`: jwt.SigningMethodHS512\n\n - `BLAKE2B`: jwt.SigningMethodBLAKE2B\n\n - `none`: jwt.SigningMethodNone\n\n\n### Custom Signing Method\n\n~~~go\npackage jwt\n\nimport (\n \"errors\"\n \"crypto\"\n \"crypto/rand\"\n \"crypto/ecdsa\"\n \"math/big\"\n\n \"github.com/deatil/go-jwt/jwt\"\n)\n\nvar (\n SigningES256 = NewSignECDSA(crypto.SHA256, 32, \"ES256\")\n\n // use the struct\n SigningMethodES256 = jwt.NewJWT[*ecdsa.PrivateKey, *ecdsa.PublicKey](SigningES256, jwt.JWTEncoder)\n)\n\ntype SignECDSA struct {\n Name string\n Hash crypto.Hash\n KeySize int\n}\n\nfunc NewSignECDSA(hash crypto.Hash, keySize int, name string) *SignECDSA {\n return \u0026SignECDSA{\n Name: name,\n Hash: hash,\n KeySize: keySize,\n }\n}\n\nfunc (s *SignECDSA) Alg() string {\n return s.Name\n}\n\nfunc (s *SignECDSA) SignLength() int {\n return 2*s.KeySize\n}\n\nfunc (s *SignECDSA) Sign(msg []byte, key *ecdsa.PrivateKey) ([]byte, error) {\n hasher := s.Hash.New()\n hasher.Write([]byte(msg))\n\n rr, ss, err := ecdsa.Sign(rand.Reader, key, hasher.Sum(nil))\n if err != nil {\n return nil, err\n }\n\n keyBytes := s.KeySize\n\n signed := make([]byte, 2*keyBytes)\n rr.FillBytes(signed[0:keyBytes])\n ss.FillBytes(signed[keyBytes:])\n\n return signed, nil\n}\n\nfunc (s *SignECDSA) Verify(msg []byte, signature []byte, key *ecdsa.PublicKey) (bool, error) {\n signLength := s.SignLength()\n if len(signature) != signLength {\n return false, errors.New(\"go-jwt: sign length error\")\n }\n\n rr := big.NewInt(0).SetBytes(signature[:s.KeySize])\n ss := big.NewInt(0).SetBytes(signature[s.KeySize:])\n\n hasher := s.Hash.New()\n hasher.Write([]byte(msg))\n\n res := ecdsa.Verify(key, hasher.Sum(nil), rr, ss)\n return res, nil\n}\n~~~\n\n\n### LICENSE\n\n* The library LICENSE is `Apache2`, using the library need keep the LICENSE.\n\n\n### Copyright\n\n* Copyright deatil(https://github.com/deatil).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeatil%2Fgo-jwt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdeatil%2Fgo-jwt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeatil%2Fgo-jwt/lists"}