{"id":43041565,"url":"https://github.com/spiretechnology/go-jwt","last_synced_at":"2026-01-31T09:13:58.619Z","repository":{"id":57616859,"uuid":"384877955","full_name":"spiretechnology/go-jwt","owner":"spiretechnology","description":"JSON Web Token library in Go","archived":false,"fork":false,"pushed_at":"2022-05-07T18:12:54.000Z","size":37,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-06-20T12:44:22.541Z","etag":null,"topics":["authentication","cryptography","jwt","sessions","verification"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/spiretechnology.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-07-11T06:39:39.000Z","updated_at":"2024-06-20T12:44:22.542Z","dependencies_parsed_at":"2022-08-31T23:21:23.313Z","dependency_job_id":null,"html_url":"https://github.com/spiretechnology/go-jwt","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/spiretechnology/go-jwt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spiretechnology%2Fgo-jwt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spiretechnology%2Fgo-jwt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spiretechnology%2Fgo-jwt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spiretechnology%2Fgo-jwt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/spiretechnology","download_url":"https://codeload.github.com/spiretechnology/go-jwt/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/spiretechnology%2Fgo-jwt/sbom","scorecard":{"id":841668,"data":{"date":"2025-08-11","repo":{"name":"github.com/spiretechnology/go-jwt","commit":"c6cb749644ceec300946bd5e1f042ac2ce6cdcec"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.3,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/22 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull_request.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/spiretechnology/go-jwt/pull_request.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull_request.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/spiretechnology/go-jwt/pull_request.yml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/pull_request.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0603 / GHSA-hp87-p4gw-j4gq"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-23T20:37:13.827Z","repository_id":57616859,"created_at":"2025-08-23T20:37:13.827Z","updated_at":"2025-08-23T20:37:13.827Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28936100,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-31T08:53:31.997Z","status":"ssl_error","status_checked_at":"2026-01-31T08:51:38.521Z","response_time":128,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","cryptography","jwt","sessions","verification"],"created_at":"2026-01-31T09:13:54.953Z","updated_at":"2026-01-31T09:13:58.614Z","avatar_url":"https://github.com/spiretechnology.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# go-jwt\n\nThis repository contains a JSON Web Tokens library written in Go. The library implements JWT creation, parsing, signing, and verification.\n\n### Installation\n\n```sh\ngo get github.com/spiretechnology/go-jwt/v2\n```\n\n### Create a JWT\n\nCreating a JWT is simple. The `Create(...)` function takes two arguments, the claims to include as the payload to the JWT and the `Signer` to use to sign the JWT. The claims can be any value, as long as that value can be serialized to JSON using `json.Marshal`. The signed JWT string is returned.\n\n```go\n// Create a new JWT token\ntoken, err := jwt.Create(\n    myClaims{\n        Name: \"John Smith\",\n        Age:  25,\n    },\n    jwt.HS256Signer([]byte(\"my secret\")),\n)\n```\n\n### Parsing a JWT\n\nParsing a JWT from a string into a `jwt.Token` instance:\n\n```go\n// Parse the token\ntoken, err := jwt.Parse(tokenStr)\n\n// Unmarshal the claims\nvar claims testClaims\nerr := parsedToken.Claims(\u0026claims)\n```\n\n### Verifying a JWT\n\nTo verify a parsed token's signature, call `token.Verify(...)` and provide a verifier corresponding to the signature algorithm you're using.\n\n```go\nok, err := token.Verify(\n    jwt.HS256Verifier([]byte(\"my secret\")),\n)\n```\n\nAn error is returned if something actually goes wrong while verifying the signature. An invalid signature isn't itself an error. When the signature is invalid, but nothing else goes wrong, the return values of the function are `(false, nil)`.\n\nIf the signature is valid, the return values are `(true, nil)`.\n\n### Signature algorithms\n\nThis library implements the following signature algorithms:\n\n\n| Alg   | Description         |\n|-------|---------------------|\n| HS256 | HMAC SHA256         |\n| HS384 | HMAC SHA384         |\n| HS512 | HMAC SHA512         |\n| RS256 | RSA PKCS1v15 SHA256 |\n| RS384 | RSA PKCS1v15 SHA384 |\n| RS512 | RSA PKCS1v15 SHA512 |\n| ES256 | ECDSA SHA256        |\n| ES384 | ECDSA SHA384        |\n| ES512 | ECDSA SHA512        |\n| PS256 | RSA PSS SHA512      |\n| PS384 | RSA PSS SHA512      |\n| PS512 | RSA PSS SHA512      |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspiretechnology%2Fgo-jwt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fspiretechnology%2Fgo-jwt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspiretechnology%2Fgo-jwt/lists"}