This post was published at 19 Oct 2017

Golang

Go is an Open Source programming language developed by Google Inc.
You can see how install pressing here.

Visit my github repository goJwt.

How does it works?

A JSON Web Token is a compact URL-safe means of representing claims to be transferred between two parties.
The claim in a JWT are encoded as a JSON object.

How we login to server?
When you log to your server, server validate your info and response success or fail. If you success, return data.

login-normal

How cookies help us?
Other technique is using cookies, when you log to the server a cookie is created and stores in server, then when you request some data, the server search for cookies and response.

login-cookie

Why use JWT ?
But this method is insecure and is not scalable.
For example, when you work with a lot of servers, when you create a cookie it could happen that cookie was stores in other server that you request and return error.

For this reason, JWT is more useful.
Because it implements a secure method to response with a secure way.
How it works ?

login-jwt

You can find more info pressing here- Official Doc or here - sample.

Web Libraries

JWT-GO

goJweto (Golang JSON Web Token) is a Golang implementation for REST service security.

  • First, You should create your RSA key pairs.
    Create /tls-ssl/jwtkeys/ directory in your root path of your project:

    cd jwt/keys
    openssl genrsa -out rsakey.pem 2048
    openssl rsa -in rsakey.pem -pubout > rsakey.pem.pub
    
  • Or You should create your ECDSA key pairs.
    Create /tls-ssl/jwtkeys/ directory in your root path of your project:

    • First, select a curve list:

      openssl ecparam -list_curves
      
    • Then, select secp256r1 or secp384r1:

      cd jwt/keys
      openssl ecparam -genkey -name secp384r1 | sed -e '1,3d' > ecdsakey.pem
      openssl ec -in ecdsakey.pem -pubout > ecdsakey.pem.pub
      
  • Next, You should download my library:

    go get github.com/jenazads/gojweto/
    
  • Then, you should use for differents Web Frameworks in Go.

    *First, Create a gojweto object, specifying privKeypath, pubKeyPath, nameServer, secretKey, headerAuth in request, algorithm, bytes, and expiration time (in hours).

          var GojwtObject = gojweto.NewGojwetoOptions("", "", "JnzadsServer", "jnzads-rest", "Jnzads-rest-JWT", "HMAC-SHA", "512", 24)
          var GojwtObject = gojweto.NewGojwetoOptions(privECDSAKeyPath, pubECDSAKeyPath, "JnzadsServer", "jnzads-rest", "Jnzads-rest-JWT", "ECDSA", "384", 24)
          var GojwtObject = gojweto.NewGojwetoOptions(privRSAKeyPath, pubRSAKeyPath, "JnzadsServer", "jnzads-rest", "Jnzads-rest-JWT", "RSA", "256", 24)
    
    • Then, generate the token string specifyind a nameserver and username:

        tokenString, _ := GojwtObject.CreateToken(Username)
      
    • Using in Go net/http package:

      • Add examples/goJwetoHandler.go in your controllers directory.

      • Then, in your muxServe add:

          muxHttp.HandleFunc("/setToken", setTokenHandler)
          muxHttp.HandleFunc("/login", LoginHandler)
          muxHttp.HandleFunc("/profile", gojwt.MiddlewareGojwtHeaders(WithAuthHandler, NoAuthHandler))
        
    • Using in BeeGo:

      • Add examples/goJwetoBeeGoController.go in your controllers directory.

      • And, in other controllers, add your new controller instead beegoController.

            import (
              "encoding/json";
              "restfulapi-beego/models";
              //"github.com/astaxie/beego";
            )
        
            type AlertController struct {
                //beego.Controller
                GoJwetoController
            }