JSON Web Token for Go RFC 7519, also see jwt.io for more.
The latest version is v5
.
There are many JWT libraries, but many of them are hard to use (unclear or fixed API), not optimal (unneeded allocations + strange API). This library addresses all these issues. It's simple to read, to use, memory and CPU conservative.
- Simple API.
- Clean and tested code.
- Optimized for speed.
- Concurrent-safe.
- Dependency-free.
- All well-known algorithms are supported
- HMAC (HS)
- RSA (RS)
- RSA-PSS (PS)
- ECDSA (ES)
- EdDSA (EdDSA)
- or your own!
See GUIDE.md for more details.
Go version 1.17+
go get github.com/cristalhq/jwt/v5
Build new token:
// create a Signer (HMAC in this example)
key := []byte(`secret`)
signer, err := jwt.NewSignerHS(jwt.HS256, key)
checkErr(err)
// create claims (you can create your own, see: ExampleBuilder_withUserClaims)
claims := &jwt.RegisteredClaims{
Audience: []string{"admin"},
ID: "random-unique-string",
}
// create a Builder
builder := jwt.NewBuilder(signer)
// and build a Token
token, err := builder.Build(claims)
checkErr(err)
// here is token as a string
var _ string = token.String()
Parse and verify token:
// create a Verifier (HMAC in this example)
key := []byte(`secret`)
verifier, err := jwt.NewVerifierHS(jwt.HS256, key)
checkErr(err)
// parse and verify a token
tokenBytes := token.Bytes()
newToken, err := jwt.Parse(tokenBytes, verifier)
checkErr(err)
// or just verify it's signature
err = verifier.Verify(newToken)
checkErr(err)
// get Registered claims
var newClaims jwt.RegisteredClaims
errClaims := json.Unmarshal(newToken.Claims(), &newClaims)
checkErr(errClaims)
// or parse only claims
errParseClaims := jwt.ParseClaims(tokenBytes, verifier, &newClaims)
checkErr(errParseClaims)
// verify claims as you wish
var _ bool = newClaims.IsForAudience("admin")
var _ bool = newClaims.IsValidAt(time.Now())
Also see examples: example_test.go.
See these docs.