https://github.com/mkbeh/xjwt

library provides an API for working with JSON Web Token, using jwt-go
https://github.com/mkbeh/xjwt

auth ed25519 go golang jwt security

Last synced: 15 days ago
JSON representation

library provides an API for working with JSON Web Token, using jwt-go

• Host: GitHub
• URL: https://github.com/mkbeh/xjwt
• Owner: mkbeh
• License: mit
• Created: 2024-12-30T12:49:15.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2026-06-01T15:10:34.000Z (24 days ago)
• Last Synced: 2026-06-01T17:10:46.886Z (23 days ago)
• Topics: auth, ed25519, go, golang, jwt, security
• Language: Go
• Homepage:
• Size: 29.3 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# xjwt

![Go Version](https://img.shields.io/badge/go-1.26+-blue)

![License](https://img.shields.io/badge/license-MIT-green)

Lightweight wrapper around [golang-jwt/jwt](https://github.com/golang-jwt/jwt)

that provides a clean API for creating and validating JSON Web Tokens.

## What is a JWT?

JWT.io has [a great introduction](https://jwt.io/introduction) to JSON Web Tokens.

In short, it's a signed JSON object used for secure data exchange between parties.

Commonly used for `Bearer` tokens in OAuth 2.0. A token consists of three

base64url-encoded parts separated by `.`:

- **Header** — signing algorithm and token type

- **Claims** — the payload: subject, expiration, custom fields, etc.

- **Signature** — verifies the token hasn't been tampered with

See [RFC 7519](https://datatracker.ietf.org/doc/html/rfc7519) for the full spec.

## Requirements

- Go 1.21+

## Installation

```sh

go get github.com/mkbeh/xjwt

```

## Quick Start

```go

package main

import (

	"fmt"

	"time"

	"github.com/golang-jwt/jwt/v5"

	"github.com/mkbeh/xjwt"

)

type MyClaims struct {

	jwt.RegisteredClaims

	UserID string `json:"user_id"`

}

func main() {

	manager, err := xjwt.New(xjwt.WithSecretKey([]byte("secret")))

	if err != nil {

		panic(err)

	}

	// Create token

	token, err := manager.CreateWithClaims(&MyClaims{

		UserID: "42",

		RegisteredClaims: jwt.RegisteredClaims{

			ExpiresAt: xjwt.AddExpiresAt(time.Hour),

		},

	})

	if err != nil {

		panic(err)

	}

	fmt.Println("token:", token)

	// Parse and validate token

	claims := &MyClaims{}

	if err := manager.ParseWithClaims("Bearer "+token, claims); err != nil {

		panic(err)

	}

	fmt.Printf("user_id: %s\n", claims.UserID)

}

```

## Configuration

| Option                                 | Default  | Description       |

|----------------------------------------|----------|-------------------|

| `WithSecretKey([]byte)`                | required | HMAC secret key   |

| `WithSigningMethod(jwt.SigningMethod)` | `HS256`  | Signing algorithm |

## Error Handling

```go

import "errors"

err := manager.ParseWithClaims(tokenString, claims)

switch {

    case errors.Is(err, xjwt.ErrInvalidToken):

    // malformed or missing token

    case errors.Is(err, xjwt.ErrInvalidScheme):

    // missing or wrong scheme (expected Bearer)

    case errors.Is(err, xjwt.ErrTokenExpired):

    // token is expired

    case errors.Is(err, xjwt.ErrInvalidSignature):

    // signature mismatch

}

```

## Examples

More examples can be found in [/examples](https://github.com/mkbeh/xjwt/tree/main/examples).

## License

[MIT](LICENSE)