jwt alternatives and similar packages
Based on the "Authentication & OAuth" category.
Alternatively, view jwt alternatives based on common mentions on social networks and blogs.
-
aws-doc-sdk-examples
Welcome to the AWS Code Examples Repository. This repo contains code examples used in the AWS documentation, AWS SDK Developer Guides, and more. For more information, see the Readme.md file below. -
casbin
An authorization library that supports access control models like ACL, RBAC, ABAC in Golang: https://discord.gg/S5UjpzGZjN -
jwt-go
ARCHIVE - Golang implementation of JSON Web Tokens (JWT). This project is now maintained at: -
goth
Package goth provides a simple, clean, and idiomatic way to write authentication packages for Go web applications. -
go-oauth2-server
A standalone, specification-compliant, OAuth2 server written in Golang. -
loginsrv
JWT login microservice with plugable backends such as OAuth2, Google, Github, htpasswd, osiam, .. -
gorbac
goRBAC provides a lightweight role-based access control (RBAC) implementation in Golang. -
github.com/lestrrat-go/jwx/v2
Implementation of various JWx (Javascript Object Signing and Encryption/JOSE) technologies -
permissions2
:closed_lock_with_key: Middleware for keeping track of users, login states and permissions -
jwt-auth
This package provides json web token (jwt) middleware for goLang http servers -
yubigo
Yubigo is a Yubikey client API library that provides an easy way to integrate the Yubico Yubikey into your existing Go-based user authentication infrastructure. -
sessions
A dead simple, highly performant, highly customizable sessions middleware for go http servers. -
Facecontrol
Simple authentication, single sign-on and (optinal) authorization solution.
InfluxDB - Power Real-Time Data Analytics at Scale
Do you think we are missing an alternative of jwt or a related project?
Popular Comparisons
README
jwt
This is a minimal implementation of JWT designed with simplicity in mind.
What is JWT?
Jwt is a signed JSON object used for claims based authentication. A good resource on what JWT Tokens are is jwt.io, and in addition you can always read the RFC.
This implementation doesn't fully follow the specs in that it ignores the algorithm claim on the header. It does this due to the security vulnerability in the JWT specs. Details on the vulnerability can be found here
What algorithms does it support?
- HS256
- HS384
- HS512
How does it work?
How to create a token?
Creating a token is actually pretty easy.
The first step is to pick a signing method. For demonstration purposes we will choose HSMAC256.
algorithm := jwt.HmacSha256("ThisIsTheSecret")
Now we need to the claims, and edit some values
claims := jwt.NewClaim()
claims.Set("Role", "Admin")
Then we will need to sign it!
token, err := algorithm.Encode(claims)
if err != nil {
panic(err)
}
How to authenticate a token?
Authenticating a token is quite simple. All we need to do is...
if algorithm.Validate(token) == nil {
//authenticated
}
How do we get the claims?
The claims are stored in a Claims
struct. To get the claims from a token simply...
claims, err := algorithm.Decode(token)
if err != nil {
panic(err)
}
_, role := claims.Get("Role")
if strings.Compare(role, "Admin") {
//user is an admin
}
How is it different from golang.org/x/oauth2/jwt?
This package contains just the logic for jwt
encoding, decoding, and verification. The golang.org/x/oauth2/jwt
package does not implement the jwt
specifications. Instead it is specifically tied to oauth2
, requiring a TokenURL
, email
and can only use a specific algorithm (RSA).