golang implements jwt-Golang-php.cn

Home

Backend Development

Golang

golang implements jwt

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

May 22, 2023 am 10:31 AM

In today's Internet application development, security is receiving more and more attention. JSON Web Tokens (JWT) have become one of the common authentication and authorization schemes in most web API designs. JWT is an open standard (RFC 7519) that defines a compact and self-contained way to securely communicate information between parties.

Go language is a very powerful server-side programming language, and it is very easy to implement JWT easily. In this article, we will introduce how to implement JWT in Golang.

1.Introduce dependencies

First, you need to introduce the following libraries:

import (
    "crypto/rand"
    "crypto/rsa"
    "crypto/x509"
    "encoding/base64"
    "encoding/pem"
    "errors"
    "fmt"
    "time"

    "github.com/dgrijalva/jwt-go"
)

crypto/rsa: Contains the functions of generating and parsing RSA public and private keys .
crypto/x509: Contains certificate functions in PKIX format
encoding/base64: used to encode and decode parts of the JWT
encoding/pem: used to extract and Store certificates in PEM format
errors: used to process returned error messages
fmt: standard formatting function
time: standard time function
github .com/dgrijalva/jwt-go: JWT’s main dependency

2. Create a key file

First, you need to create a private key file. Use the following command to generate the private key file:

openssl genrsa -out app.rsa 1024

This will generate a 1024-bit RSA key named app.rsa. We will use this key to generate the JWT.

Generate JWT token

Now, we can create the JWT token using the following code:

func GenerateJWT() (string, error) {
    token := jwt.New(jwt.SigningMethodHS256)
    claims := token.Claims.(jwt.MapClaims)

    claims["authorized"] = true
    claims["user"] = "user@example.com"
    claims["exp"] = time.Now().Add(time.Hour * 1).Unix()

    tokenString, err := token.SignedString([]byte("secret"))
    if err != nil {
        return "", err
    }

    return tokenString, nil
}

This function creates the JWT token using the HS256 algorithm . First, we create a new JWT token object. We then add the statement to its claims. In this example, we declare that "Authorization" is set to "True", the user is set to "user@example.com", and the JWT's expiration time is set to 1 hour later. Finally, we sign the JWT using the provided "secret" ("secret" in this example) and return that string.

Parsing JWT token

We can use the following code to parse the JWT token:

func ParseJWT(tokenString string) (jwt.MapClaims, error) {
    token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
        if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
            return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
        }

        return []byte("secret"), nil
    })

    if err != nil {
        return nil, err
    }

    if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
        return claims, nil
    }

    return nil, errors.New("invalid token")
}

The function accepts the JWT token string and then Try parsing the JWT. Here we use HS256 algorithm to decrypt jwt. First, we need to verify whether the Token is signed using the HMAC algorithm, otherwise an error will be returned. Next, we return an encryption key ("secret" in this example). When parsing is successful, the function returns a verified and unexpired claim. If parsing fails, the function returns an error message.

More advanced encryption methods

In addition to the HS256 algorithm, there are many other encryption algorithms that you can use to encrypt the JWT payload. For example, a JWT signed using the RSA algorithm is more secure than using the HS256 algorithm. Here is a way to generate a JWT token using the RSA algorithm:

func GenerateJWT() (string, error) {
    privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
    if err != nil {
        return "", err
    }

    token := jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims{
        "authorized": true,
        "user":       "user@example.com",
        "exp":        time.Now().Add(time.Hour * 1).Unix(),
    })

    tokenString, err := token.SignedString(privateKey)
    if err != nil {
        return "", err
    }

    return tokenString, nil
}

Here, we first generate a 2048-bit RSA private key. We then sign the JWT token using the RS256 algorithm. Finally, we sign the JWT token using the private key.

When parsing the JWT token, a different approach also needs to be taken:

func ParseJWT(tokenString string) (jwt.MapClaims, error) {
    publicKey := `
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtpZKxF+1MDwcJ61KeJt
GjHYiAL46jEewsjF9oBz59J2y5/v/tE/RQjJjOtGvLQ5LfPYBK+j+Z6QIwU1ZzCJ
I0MT5mn81znZCsy7zcZI7+kRPG8Fk5JzKM2ug7RAuYqnOjArL8+V+uS4Moh2RWdN
yZizvjajzKtbH5zLC49Dd3X/SrjzPQpzt8HY4Z7YxYej8/Akl3nxdx9Q/OPG2NYP
xtflmpLLJc7roqkfVwwMQeC1apHr/klI3FHPvK/pzBoUCUOpTfnyvHg8O1+PyMKJ
CldHEhuzUsTR5jM5fXv0M4+vL36QO8k1WhO4gcQTD6X7fIWqFhfrRM/jreG+bv8c
7wIDAQAB
-----END PUBLIC KEY-----
`

    block, _ := pem.Decode([]byte(publicKey))
    if block == nil {
        return nil, errors.New("failed to decode PEM block containing public key")
    }

    pub, err := x509.ParsePKIXPublicKey(block.Bytes)
    if err != nil {
        return nil, err
    }

    token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
        if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
            return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
        }

        return pub, nil
    })

    if err != nil {
        return nil, err
    }

    if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
        return claims, nil
    }

    return nil, errors.New("invalid token")
}

In this function, we need to extract the RSA public key first and then pass it to the jwt.Parse function. When parsing the token, the jwt-go library will automatically use the public key for verification. Note that the public key used here is provided in PKIX format. You can use a tool like OpenSSL to export the PEM public key to PKIX format.

6. Summary

In this article, we introduced how to create and parse JWT tokens in Golang using HS256 and RS256 algorithms. This is a common authentication and authorization scheme that you can use in future web applications. Hope this article is helpful to you.

The above is the detailed content of golang implements jwt. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

How do you use the pprof tool to analyze Go performance?Mar 21, 2025 pm 06:37 PM

The article explains how to use the pprof tool for analyzing Go performance, including enabling profiling, collecting data, and identifying common bottlenecks like CPU and memory issues.Character count: 159

How do you write unit tests in Go?Mar 21, 2025 pm 06:34 PM

The article discusses writing unit tests in Go, covering best practices, mocking techniques, and tools for efficient test management.

How do I write mock objects and stubs for testing in Go?Mar 10, 2025 pm 05:38 PM

This article demonstrates creating mocks and stubs in Go for unit testing. It emphasizes using interfaces, provides examples of mock implementations, and discusses best practices like keeping mocks focused and using assertion libraries. The articl

How can I define custom type constraints for generics in Go?Mar 10, 2025 pm 03:20 PM

This article explores Go's custom type constraints for generics. It details how interfaces define minimum type requirements for generic functions, improving type safety and code reusability. The article also discusses limitations and best practices

How can I use tracing tools to understand the execution flow of my Go applications?Mar 10, 2025 pm 05:36 PM

This article explores using tracing tools to analyze Go application execution flow. It discusses manual and automatic instrumentation techniques, comparing tools like Jaeger, Zipkin, and OpenTelemetry, and highlighting effective data visualization

Explain the purpose of Go's reflect package. When would you use reflection? What are the performance implications?Mar 25, 2025 am 11:17 AM

The article discusses Go's reflect package, used for runtime manipulation of code, beneficial for serialization, generic programming, and more. It warns of performance costs like slower execution and higher memory use, advising judicious use and best

How do you use table-driven tests in Go?Mar 21, 2025 pm 06:35 PM

The article discusses using table-driven tests in Go, a method that uses a table of test cases to test functions with multiple inputs and outcomes. It highlights benefits like improved readability, reduced duplication, scalability, consistency, and a

How do you specify dependencies in your go.mod file?Mar 27, 2025 pm 07:14 PM

The article discusses managing Go module dependencies via go.mod, covering specification, updates, and conflict resolution. It emphasizes best practices like semantic versioning and regular updates.

See all articles