Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/auth0/go-jwt-middleware
A Middleware for Go Programming Language to check for JWTs on HTTP requests
https://github.com/auth0/go-jwt-middleware
dx-sdk
Last synced: 2 months ago
JSON representation
A Middleware for Go Programming Language to check for JWTs on HTTP requests
- Host: GitHub
- URL: https://github.com/auth0/go-jwt-middleware
- Owner: auth0
- License: mit
- Created: 2014-12-11T15:56:46.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2024-01-29T14:41:50.000Z (5 months ago)
- Last Synced: 2024-01-29T17:43:04.722Z (5 months ago)
- Topics: dx-sdk
- Language: Go
- Homepage:
- Size: 294 KB
- Stars: 1,011
- Watchers: 113
- Forks: 203
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Lists
- awesome - go-jwt-middleware - A Middleware for Go Programming Language to check for JWTs on HTTP requests (Go)
README
[](https://pkg.go.dev/github.com/auth0/go-jwt-middleware/v2)
[](https://goreportcard.com/report/github.com/auth0/go-jwt-middleware/v2)
[](https://github.com/auth0/go-jwt-middleware/blob/master/LICENSE)
[](https://github.com/auth0/go-jwt-middleware/releases)
[](https://codecov.io/gh/auth0/go-jwt-middleware)
[](https://github.com/auth0/go-jwt-middleware/actions?query=branch%3Amaster)
📚 [Documentation](#documentation) • 🚀 [Getting Started](#getting-started) • 💬 [Feedback](#feedback)
## Documentation
- [Godoc](https://pkg.go.dev/github.com/auth0/go-jwt-middleware/v2) - explore the go-jwt-middleware documentation.
- [Docs site](https://www.auth0.com/docs) — explore our docs site and learn more about Auth0.
- [Quickstart](https://auth0.com/docs/quickstart/backend/golang/interactive) - our guide for adding go-jwt-middleware to your app.
## Getting started
### Requirements
This library follows the [same support policy as Go](https://go.dev/doc/devel/release#policy). The last two major Go releases are actively supported and compatibility issues will be fixed. While you may find that older versions of Go may work, we will not actively test and fix compatibility issues with these versions.
- Go 1.19+
### Installation
```shell
go get github.com/auth0/go-jwt-middleware/v2
```
### Usage
```go
package main
import (
"context"
"encoding/json"
"log"
"net/http"
"github.com/auth0/go-jwt-middleware/v2"
"github.com/auth0/go-jwt-middleware/v2/validator"
jwtmiddleware "github.com/auth0/go-jwt-middleware/v2"
)
var handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
claims, ok := r.Context().Value(jwtmiddleware.ContextKey{}).(*validator.ValidatedClaims)
if !ok {
http.Error(w, "failed to get validated claims", http.StatusInternalServerError)
return
}
payload, err := json.Marshal(claims)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
w.Header().Set("Content-Type", "application/json")
w.Write(payload)
})
func main() {
keyFunc := func(ctx context.Context) (interface{}, error) {
// Our token must be signed using this data.
return []byte("secret"), nil
}
// Set up the validator.
jwtValidator, err := validator.New(
keyFunc,
validator.HS256,
"https:///",
[]string{""},
)
if err != nil {
log.Fatalf("failed to set up the validator: %v", err)
}
// Set up the middleware.
middleware := jwtmiddleware.New(jwtValidator.ValidateToken)
http.ListenAndServe("0.0.0.0:3000", middleware.CheckJWT(handler))
}
```
After running that code (`go run main.go`) you can then curl the http server from another terminal:
```
$ curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJpc3MiOiJnby1qd3QtbWlkZGxld2FyZS1leGFtcGxlIiwiYXVkIjoiZ28tand0LW1pZGRsZXdhcmUtZXhhbXBsZSJ9.xcnkyPYu_b3qm2yeYuEgr5R5M5t4pN9s04U1ya53-KM" localhost:3000
```
That should give you the following response:
```
{
"CustomClaims": null,
"RegisteredClaims": {
"iss": "go-jwt-middleware-example",
"aud": "go-jwt-middleware-example",
"sub": "1234567890",
"iat": 1516239022
}
}
```
The JWT included in the Authorization header above is signed with `secret`.
To test how the response would look like with an invalid token:
```
$ curl -v -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.yiDw9IDNCa1WXCoDfPR_g356vSsHBEerqh9IvnD49QE" localhost:3000
```
That should give you the following response:
```
...
< HTTP/1.1 401 Unauthorized
< Content-Type: application/json
{"message":"JWT is invalid."}
...
```
For more examples please check the [examples](./examples) folder.
## Feedback
### Contributing
We appreciate feedback and contribution to this repo! Before you get started, please see the following:
- [Contribution Guide](./CONTRIBUTING.md)
- [Auth0's General Contribution Guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md)
- [Auth0's Code of Conduct Guidelines](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md)
### Raise an issue
To provide feedback or report a bug, [please raise an issue on our issue tracker](https://github.com/auth0/go-jwt-middleware/issues).
### Vulnerability Reporting
Please do not report security vulnerabilities on the public Github issue tracker. The [Responsible Disclosure Program](https://auth0.com/responsible-disclosure-policy) details the procedure for disclosing security issues.
---
Auth0 is an easy to implement, adaptable authentication and authorization platform.
To learn more checkout Why Auth0?
This project is licensed under the MIT license. See the LICENSE file for more info.