{"id":29151355,"url":"https://github.com/karpeleslab/jwt","last_synced_at":"2025-10-16T06:13:11.782Z","repository":{"id":134252199,"uuid":"414515515","full_name":"KarpelesLab/jwt","owner":"KarpelesLab","description":"Golang jwt tokens without any external dependency","archived":false,"fork":false,"pushed_at":"2024-05-15T13:42:34.000Z","size":80,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-05-16T03:03:25.722Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/KarpelesLab.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-10-07T08:13:08.000Z","updated_at":"2024-05-27T11:35:05.052Z","dependencies_parsed_at":"2024-05-16T02:57:59.698Z","dependency_job_id":"6d62a0eb-52fe-41e1-a636-236a72c9eeb6","html_url":"https://github.com/KarpelesLab/jwt","commit_stats":null,"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"purl":"pkg:github/KarpelesLab/jwt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KarpelesLab%2Fjwt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KarpelesLab%2Fjwt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KarpelesLab%2Fjwt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KarpelesLab%2Fjwt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/KarpelesLab","download_url":"https://codeload.github.com/KarpelesLab/jwt/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KarpelesLab%2Fjwt/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262870877,"owners_count":23377314,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-07-01T00:09:03.905Z","updated_at":"2025-10-16T06:13:06.719Z","avatar_url":"https://github.com/KarpelesLab.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![GoDoc](https://godoc.org/github.com/KarpelesLab/jwt?status.svg)](https://godoc.org/github.com/KarpelesLab/jwt)\n\n# Yet another jwt lib\n\nThis is a simple lib made for small footprint and easy usage\n\nIt allows creating, signing, reading and verifying jwt tokens easily (see code examples below).\n\n## JWT?\n\nJWT.io has [a great introduction](https://jwt.io/introduction) to JSON Web Tokens.\n\nIn short, it's a signed JSON object that does something useful (for example, authentication). It's commonly used for `Bearer` tokens in Oauth 2. A token is made of three parts, separated by `.`'s. The first two parts are JSON objects, that have been [base64url](https://datatracker.ietf.org/doc/html/rfc4648) encoded. The last part is the signature, encoded the same way.\n\nThe first part is called the header. It contains the necessary information for verifying the last part, the signature. For example, which encryption method was used for signing and what key was used.\n\nThe part in the middle is the interesting bit. It's called the Claims and contains the actual stuff you care about. Refer to [RFC 7519](https://datatracker.ietf.org/doc/html/rfc7519) for information about reserved keys and the proper way to add your own.\n\n(courtesy of [golang-jwt](https://github.com/golang-jwt/jwt#what-the-heck-is-a-jwt)).\n\n## Why another jwt lib?\n\nThe main issue I have with [the existing JWT lib](https://github.com/golang-jwt/jwt) is that the syntax is too heavy and I had something else in mind in terms of what would make a convenient JWT lib. I've had also issues with it performing checks on incoming `crypto.Signer` objects that prevent third party signature providers such has hardware modules, and a few other things. JWT is a simple enough standard so building a new lib isn't that much work.\n\nNote that all algos are always linked (hmac, rsa, ecdsa, ed25519). All libs are also pulled by go's `crypto/x509` so you probably have these already compiled in. If go decides to avoid building these in, then I will move these in submodules, but for now there is no need to do so.\n\n## TODO\n\nThere are some things that still remain to be done:\n\n* [ ] Implement more verification methods\n* [ ] Test, test and test\n* [ ] Write more documentation\n* [ ] Support encrypted JWT tokens\n* [ ] Apply Payload to go objects using reflect\n\n# Examples\n\n## Create \u0026 sign a new token\n\n```go\nimport _ \"crypto/sha256\"\n\npriv := []byte(\"this is a hmac key\")\ntok := jwt.New(jwt.HS256)\ntok.Header().Set(\"kid\", keyId) // syntax to set header values\ntok.Payload().Set(\"iss\", \"myself\")\ntok.Payload().Set(\"exp\", time.Now().Add(365*24*time.Hour).Unix())\nsignedToken, err := tok.Sign(rand.Reader, priv)\n```\n\n## Verify a token\n\n```go\nimport _ \"crypto/sha256\"\n\ntoken, err := jwt.ParseString(input)\nif err != nil {\n\t...\n}\npublicKey := fetchPublicKey(token.GetKeyId())\nerr = token.Verify(jwt.VerifyAlgo(jwt.ES256, jwt.RS256), jwt.VerifySignature(publicKey), jwt.VerifyExpiresAt(time.Now(), false))\nif err != nil {\n\t...\n}\nlog.Printf(\"token iss value = %s\", token.Payload().Get(\"iss\"))\n```\n\n## Create a non-json token\n\n```go\nimport _ \"crypto/sha256\"\n\npriv := []byte(\"this is a hmac key\")\ntok := jwt.New(jwt.HS256)\ntok.Header().Set(\"kid\", keyId)\ntok.SetRawPayload(binData, \"octet-stream\") // can pass cty=\"\" to not set content type\nsignedToken, err := tok.Sign(priv)\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkarpeleslab%2Fjwt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkarpeleslab%2Fjwt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkarpeleslab%2Fjwt/lists"}