As a beginner, jwt-go is hugely complicated to use for my simple REST authorization. And jwt-go's migrations from 2.0->3.0 has broken all of the existing tutorials that I found. So I'm wondering what is the best alternative package to do the same jobs with less pain and ceremonies? I'm looking for a package that has at least one working tutorial.
评论:
metamatic:
gar44:I've got an implementation of JWT-based session authentication you might find helpful. I recommend go-jwx for your library.
maddiez:yeah, it looks much cleaner. though the X in jwX is a bit scary!
luckyleprechaun98:var testData = map[string]string{ "sub": "test@example.com", "name": "Kevin Mitnick", "given_name": "Kevin", "family_name": "Mitnick", "email": "mitnick@example.com", }I see you're a fan :D
Zikes:If you know how to issue your own tokens in your app, you can put it behind Caddy and use the JWT middleware to handle authorization. Then you get HTTPS for free and a bunch of other useful middleware that can simplify your downstream application.
I wrote that middleware, so if you use it and have trouble, let me know.
luckyleprechaun98:Looking forward to using that new passthrough subdirective ;D
gar44:Yeah whoever wrote that is some kind of genius! Actually, the sad thing is that I don't even use the middleware anymore myself.
I have all my authorization in my app because it's using GRPC and I prefer sessions. The only place I use JWT these days is in the mobile app and for "magic links" that log in when you click on them in an email.
luckyleprechaun98:I don't want to use paid services just to be able to deploy JWT.
gar44:It's free and open source
sxan:Interesting. I'll have a look. Thanks
mcouturier:Yes, do that. I've been slowly replacing nginx with caddy on all of my servers. I've completely stopped building a lot of functionality into every microservice; I let caddy handle it. Awesome kit.
toelint:I use github.com/SermoDigital/jose. Your intuitions are right. I almost wrote my own implementation at some point because of the nature of go-jwt.
gmhafiz:Hi /u/gar44
There is a great example from a Udacity course I took here.
Edit: I'll link the Udacity Course. It's free. I'm not affiliated with them but I found it useful.
Telefonica46:https://github.com/ant0ine/go-json-rest is reasonably easy with good docs.
gar44:I wrote a middleware library that makes jwt implementation super easy: https://github.com/adam-hanna/jwt-auth
randtl:It uses another package for JWT which itself uses jwt-go inside. Not quite what I looked for.
gar44:nubo/jwt is a small (and limited to HMAC SHA-256) lib for JWT handling in Go that I wrote because in 2015 I found existing libs were to complex for my use case and/or too easy to use in an insecure way.
I didn't write a tutorial but a README.md and GoDoc with many examples.
pkieltyka:Seem tiny and neat. Will try it. Thanks!
gar44:hey gar44, one option is https://github.com/go-chi/jwtauth - which does use jwt-go v3 under the hood
pkieltyka:Well I don't want to learn yet another router to do the jwt.
bupku5:btw, jwtauth middleware works with all http routers in Go. If you check the import paths, it doesnt even depend on go-chi/chi.
mynameismuerte:hey i know you are the author of chi, just wanted to say chi is the best web toolkit for go, by a mile. i exploit every freaking feature. i may have the largest chi routing table in existence. without chi's features my routing would be spaghetti. THANK YOU
Sythe2o0:I thought it was still pinned to v2.7? Has that changed very recently?
edit: nevermind, seems like it changed yesterday (and I was just checking the status on the v3 updates yesterday afternoon). Thanks pkieltyka!
TheMue:What is an example of a ceremony jwt-go has that you think is painful / unnecessary?
I'm - naturally ;) - using https://godoc.org/github.com/tideland/gorest/jwt.
