README
¶
simplejwt 
A simple JWT package.
Generate and verify JWT tokens
package main
import (
"fmt"
"time"
"github.com/xyproto/simplejwt"
)
func main() {
// Set the JWT secret
simplejwt.SetSecret("your-secret-key")
// Generate a token
payload := simplejwt.Payload{
Subject: "1234567890",
Expires: time.Now().Add(time.Hour),
}
token, err := simplejwt.Generate(payload, nil)
if err != nil {
fmt.Printf("Failed to generate token: %v\n", err)
return
}
fmt.Printf("Generated token: %s\n", token)
// Validate the token
decodedPayload, err := simplejwt.Validate(token)
if err != nil {
fmt.Printf("Failed to validate token: %v\n", err)
return
}
fmt.Printf("Decoded payload: %+v\n", decodedPayload)
}
Subjectis the user or system that the token is about.Expiresis the expiration time of the token.- The secret key is used when JWT tokens are generated or verified, together with the HMAC SHA256 algorithm.
This example is also available as cmd/simple/main.go.
An even simpler example
package main
import (
"fmt"
"github.com/xyproto/simplejwt"
)
func main() {
// Set the secret that is used for generating and validating JWT tokens
simplejwt.SetSecret("hunter1")
// Generate a token by passing in a subject and for how many seconds the token should last
token := simplejwt.SimpleGenerate("bob@zombo.com", 3600)
if token == "" {
fmt.Println("Failed to generate token")
return
}
fmt.Printf("Generated token: %s\n", token)
// Validate the token
decodedSubject := simplejwt.SimpleValidate(token)
if decodedSubject == "" {
fmt.Println("Failed to validate token")
return
}
fmt.Printf("Decoded payload, got subject: %s\n", decodedSubject)
}
Set up a simple HTTP server
This is a simple HTTP server that can be accessed in a browser as http://localhost:4000.
It has the following endpoints:
/- a HTML page with instructions for how to usecurl./generate- for generating a JWT token./protected- for retrieving protected data, but only if it is also given a valid JWT token.
package main
import (
"fmt"
"net/http"
"strings"
"time"
"github.com/xyproto/simplejwt"
)
func generateHandler(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodPost {
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
return
}
payload := simplejwt.Payload{
Subject: "1234567890",
Expires: time.Now().Add(time.Hour),
}
token, err := simplejwt.Generate(payload, nil)
if err != nil {
http.Error(w, "Error generating token", http.StatusInternalServerError)
return
}
w.Header().Set("Content-Type", "text/plain")
w.Write([]byte(token))
}
func protectedHandler(w http.ResponseWriter, r *http.Request) {
authHeader := r.Header.Get("Authorization")
if authHeader == "" {
http.Error(w, "Authorization header not provided", http.StatusUnauthorized)
return
}
token := strings.TrimPrefix(authHeader, "Bearer ")
if token == "" {
http.Error(w, "Token not provided", http.StatusUnauthorized)
return
}
_, err := simplejwt.Validate(token)
if err != nil {
http.Error(w, "Invalid or expired token", http.StatusUnauthorized)
return
}
w.Header().Set("Content-Type", "application/json")
w.Write([]byte(`{"message": "Access granted to protected data."}`))
}
func rootHandler(w http.ResponseWriter, r *http.Request) {
html := `
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Simple JWT Example</title>
<style>
body {
font-family: Arial, sans-serif;
max-width: 800px;
margin: 0 auto;
padding: 1rem;
}
pre {
background-color: #f5f5f5;
padding: 0.5rem;
overflow-x: scroll;
}
</style>
</head>
<body>
<h1>Simple JWT Example</h1>
<p>Use the following curl commands to interact with the server:</p>
<h2>1. Generate a JWT token</h2>
<p>Send a POST request to <code>/generate</code> to generate a JWT token:</p>
<pre>curl -X POST http://localhost:4000/generate</pre>
<h2>2. Access protected data</h2>
<p>Send a GET request to <code>/protected</code> with the token in the Authorization header to access protected data:</p>
<pre>curl -H "Authorization: Bearer <your_token_here>" http://localhost:4000/protected</pre>
<p>Replace <code><your_token_here></code> with the token you received from the previous command.</p>
</body>
</html>
`
w.Header().Set("Content-Type", "text/html")
w.Write([]byte(html))
}
func main() {
http.HandleFunc("/", rootHandler)
http.HandleFunc("/generate", generateHandler)
http.HandleFunc("/protected", protectedHandler)
fmt.Println("Server running on :4000")
http.ListenAndServe(":4000", nil)
}
This example is also available as cmd/server/main.go.
General info
- Version: 1.2.0
- License: BSD-3
- Author: Alexander F. Rødseth <xyproto@archlinux.org>
Documentation
¶
Overview ¶
Package simplejwt provides a simple JWT implementation for generating and validating JWT tokens with HMAC SHA256 signatures.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Generate ¶
Generate generates a JWT token with the provided payload and an optional custom header.
func SetSecret ¶ added in v1.0.1
func SetSecret(secret string)
SetSecret sets the secret key used for generating and validating JWT tokens.
func SimpleGenerate ¶ added in v1.2.0
SimpleGenerate takes a payload subject and the number of seconds forward in time the generated token should be valid for. A string is returns that is either empty (if there were errors), or contains the generated JWT token.
func SimpleValidate ¶ added in v1.2.0
SimpleValidate checks if the given JWT token is valid. If it is, the suject of the payload is returned. If not, an empty string is returned.
Types ¶
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.