https://github.com/oreqizer/go-jaywt

:unlock: A utility package for extracting and validating JWT tokens from requests.
https://github.com/oreqizer/go-jaywt

auth go jwt token

Last synced: about 1 year ago
JSON representation

:unlock: A utility package for extracting and validating JWT tokens from requests.

• Host: GitHub
• URL: https://github.com/oreqizer/go-jaywt
• Owner: oreqizer
• License: mit
• Created: 2016-12-04T19:40:27.000Z (over 9 years ago)
• Default Branch: master
• Last Pushed: 2017-07-17T11:01:14.000Z (almost 9 years ago)
• Last Synced: 2025-02-01T06:27:42.407Z (over 1 year ago)
• Topics: auth, go, jwt, token
• Language: Go
• Homepage:
• Size: 13.7 KB
• Stars: 2
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# JayWT

[![godoc](https://img.shields.io/badge/godoc-reference-blue.svg)](https://godoc.org/github.com/oreqizer/go-jaywt)

[![Build Status](https://travis-ci.org/oreqizer/go-jaywt.svg?branch=master)](https://travis-ci.org/oreqizer/go-jaywt)

[![codecov](https://codecov.io/gh/oreqizer/go-jaywt/branch/master/graph/badge.svg)](https://codecov.io/gh/oreqizer/go-jaywt)

A utility package that provides a DRY approach to extracting and validating JWT tokens.

> While it solves the exact problem [go-jwt-middleware](https://github.com/auth0/go-jwt-middleware) does, it doesn't have Gorilla context as a dependency and lets you use your own type of claims.

## Usage

The API basically consists of three important functions and an `Options` struct:

* Create a new instance with `jaywt.New(&jaywt.Options{})`

* Extract & verify a JWT using `jaywt.Get(request)`

* Extract & verify a JWT with custom claims using `jaywt.GetWithClaims(request, &MyClaims{})`

### Dependencies

* [jwt-go](https://github.com/dgrijalva/jwt-go)

## Examples

Create an instance (all options are optional):

```go

j := jaywt.New(&jaywt.Options{

    // Defaults to 'nil'

    Keyfunc: func(_ *jwt.Token) (interface{}, error) {

        return []byte("secretAF"), nil

    },

    // Defaults to 'Authorization' header being: Bearer 

    Extractor: func(r *http.Request) (string, error) {

        return r.Header.Get("X-Authorization"), nil

    },

    // This is the default:

    SigningMethod: jwt.SigningMethodHS256,

})

```

### Get JWT

Create any middleware you like! All you need is a `http.Request`. An example using [gin](https://github.com/gin-gonic/gin):

```go

// usage: api.Use(AuthMiddleware(p))

func AuthMiddleware(j *jaywt.Core) gin.HandlerFunc {

	return func(c *gin.Context) {

		token, err := j.Get(c.Request)

		if err != nil {

			c.AbortWithError(http.StatusUnauthorized, err)

			return

		}

		c.Set("userId", token.Claims.Subject)

		c.Next()

	}

}

```

### Get JWT with claims

Pass your claims struct as a second argument to `GetWithClaims`:

```go

type MyClaims struct {

	Doe string `json:"doe"`

	// important to allow jwt-go built-in validation:

	jwt.StandardClaims

}

func AuthMiddleware(j *jaywt.Core) gin.HandlerFunc {

	return func(c *gin.Context) {

		token, err := j.GetWithClaims(c.Request, &MyClaims{})

		if err != nil {

			c.AbortWithError(http.StatusUnauthorized, err)

			return

		}

		claims, ok := token.Claims.(*MyClaims) 

		if !ok {

			c.AbortWithStatus(http.StatusUnauthorized)

			return

		}

		c.Set("userId", claims.Subject)

		c.Set("doe", claims.Doe)

		c.Next()

	}

}

```

## License

MIT