<p>As a beginner, jwt-go is hugely complicated to use for my simple REST authorization. And jwt-go's migrations from 2.0->3.0 has broken all of the existing tutorials that I found. So I'm wondering what is the best alternative package to do the same jobs with less pain and ceremonies? I'm looking for a package that has at least one working tutorial. </p>
<hr/>**评论:**<br/><br/>metamatic: <pre><p>I've got <a href="https://github.com/lpar/jwtauth" rel="nofollow">an implementation of JWT-based session authentication</a> you might find helpful. I recommend <a href="https://github.com/lestrrat/go-jwx" rel="nofollow">go-jwx</a> for your library.</p></pre>gar44: <pre><p>yeah, it looks much cleaner. though the X in jwX is a bit scary! </p></pre>maddiez: <pre><pre><code>var testData = map[string]string{
"sub": "test@example.com",
"name": "Kevin Mitnick",
"given_name": "Kevin",
"family_name": "Mitnick",
"email": "mitnick@example.com",
}
</code></pre>
<p>I see you're a fan :D</p></pre>luckyleprechaun98: <pre><p>If you know how to issue your own tokens in your app, you can put it behind <a href="https://caddyserver.com" rel="nofollow">Caddy</a> and use the JWT middleware to handle authorization. Then you get HTTPS for free and a bunch of other useful middleware that can simplify your downstream application. </p>
<p>I wrote that middleware, so if you use it and have trouble, let me know. </p></pre>Zikes: <pre><p>Looking forward to using that new passthrough subdirective ;D</p></pre>luckyleprechaun98: <pre><p>Yeah whoever wrote that is some kind of genius! Actually, the sad thing is that I don't even use the middleware anymore myself. </p>
<p>I have all my authorization in my app because it's using GRPC and I prefer sessions. The only place I use JWT these days is in the mobile app and for "magic links" that log in when you click on them in an email. </p></pre>gar44: <pre><p>I don't want to use paid services just to be able to deploy JWT. </p></pre>luckyleprechaun98: <pre><p>It's free and open source</p></pre>gar44: <pre><p>Interesting. I'll have a look. Thanks</p></pre>sxan: <pre><p>Yes, do that. I've been slowly replacing nginx with caddy on all of my servers. I've completely stopped building a lot of functionality into every microservice; I let caddy handle it. Awesome kit.</p></pre>mcouturier: <pre><p>I use github.com/SermoDigital/jose. Your intuitions are right. I almost wrote my own implementation at some point because of the nature of go-jwt. </p></pre>toelint: <pre><p>Hi <a href="/u/gar44" rel="nofollow">/u/gar44</a></p>
<p>There is a great example from a Udacity course I took <a href="https://github.com/udacity/ud615/blob/master/app/handlers/login.go" rel="nofollow">here</a>. </p>
<p>Edit: I'll link the <a href="https://www.udacity.com/course/scalable-microservices-with-kubernetes--ud615" rel="nofollow">Udacity Course</a>. It's free. I'm not affiliated with them but I found it useful.</p></pre>gmhafiz: <pre><p><a href="https://github.com/ant0ine/go-json-rest" rel="nofollow">https://github.com/ant0ine/go-json-rest</a> is reasonably easy with good docs.</p></pre>Telefonica46: <pre><p>I wrote a middleware library that makes jwt implementation super easy:
<a href="https://github.com/adam-hanna/jwt-auth" rel="nofollow">https://github.com/adam-hanna/jwt-auth</a></p></pre>gar44: <pre><p>It uses another package for JWT which itself uses jwt-go inside. Not quite what I looked for. </p></pre>randtl: <pre><p><a href="https://github.com/nubo/jwt" rel="nofollow">nubo/jwt</a> is a small (and limited to HMAC SHA-256) lib for JWT handling in Go that I wrote because in 2015 I found existing libs were to complex for my use case and/or too easy to use in an insecure way. </p>
<p>I didn't write a tutorial but a README.md and <a href="https://godoc.org/github.com/nubo/jwt" rel="nofollow">GoDoc</a> with many examples.</p></pre>gar44: <pre><p>Seem tiny and neat. Will try it. Thanks!</p></pre>pkieltyka: <pre><p>hey gar44, one option is <a href="https://github.com/go-chi/jwtauth" rel="nofollow">https://github.com/go-chi/jwtauth</a> - which does use jwt-go v3 under the hood</p></pre>gar44: <pre><p>Well I don't want to learn yet another router to do the jwt. </p></pre>pkieltyka: <pre><p>btw, jwtauth middleware works with all http routers in Go. If you check the import paths, it doesnt even depend on go-chi/chi.</p></pre>bupku5: <pre><p>hey i know you are the author of chi, just wanted to say chi is the best web toolkit for go, by a mile. i exploit every freaking feature. i may have the largest chi routing table in existence. without chi's features my routing would be spaghetti. THANK YOU</p></pre>mynameismuerte: <pre><p>I thought it was still pinned to v2.7? Has that changed very recently?</p>
<p>edit: nevermind, seems like it changed yesterday (and I was just checking the status on the v3 updates yesterday afternoon). Thanks pkieltyka!</p></pre>Sythe2o0: <pre><p>What is an example of a ceremony jwt-go has that you think is painful / unnecessary?</p></pre>TheMue: <pre><p>I'm - naturally ;) - using <a href="https://godoc.org/github.com/tideland/gorest/jwt" rel="nofollow">https://godoc.org/github.com/tideland/gorest/jwt</a>.</p></pre>
