MCPcopy Index your code
hub / github.com/cristalhq/jwt

github.com/cristalhq/jwt @v5.4.0

Chat with this repo
repository ↗ · DeepWiki ↗ · release v5.4.0 ↗ · + Follow
172 symbols 687 edges 29 files 52 documented · 30% 5 cross-repo links
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

jwt

build-img pkg-img reportcard-img coverage-img version-img

JSON Web Token for Go RFC 7519, also see jwt.io for more.

The latest version is v5.

Rationale

There are many JWT libraries, but many of them are hard to use (unclear or fixed API), not optimal (unneeded allocations + strange API). This library addresses all these issues. It's simple to read, to use, memory and CPU conservative.

Features

  • Simple API.
  • Clean and tested code.
  • Optimized for speed.
  • Concurrent-safe.
  • Dependency-free.
  • All well-known algorithms are supported
  • HMAC (HS)
  • RSA (RS)
  • RSA-PSS (PS)
  • ECDSA (ES)
  • EdDSA (EdDSA)
  • or your own!

See GUIDE.md for more details.

Install

Go version 1.17+

go get github.com/cristalhq/jwt/v5

Example

Build new token:

// create a Signer (HMAC in this example)
key := []byte(`secret`)
signer, err := jwt.NewSignerHS(jwt.HS256, key)
checkErr(err)

// create claims (you can create your own, see: ExampleBuilder_withUserClaims)
claims := &jwt.RegisteredClaims{
    Audience: []string{"admin"},
    ID:       "random-unique-string",
}

// create a Builder
builder := jwt.NewBuilder(signer)

// and build a Token
token, err := builder.Build(claims)
checkErr(err)

// here is token as a string
var _ string = token.String()

Parse and verify token:

// create a Verifier (HMAC in this example)
key := []byte(`secret`)
verifier, err := jwt.NewVerifierHS(jwt.HS256, key)
checkErr(err)

// parse and verify a token
tokenBytes := token.Bytes()
newToken, err := jwt.Parse(tokenBytes, verifier)
checkErr(err)

// or just verify it's signature
err = verifier.Verify(newToken)
checkErr(err)

// get Registered claims
var newClaims jwt.RegisteredClaims
errClaims := json.Unmarshal(newToken.Claims(), &newClaims)
checkErr(errClaims)

// or parse only claims
errParseClaims := jwt.ParseClaims(tokenBytes, verifier, &newClaims)
checkErr(errParseClaims)

// verify claims as you wish
var _ bool = newClaims.IsForAudience("admin")
var _ bool = newClaims.IsValidAt(time.Now())

Also see examples: example_test.go.

Documentation

See these docs.

License

MIT License.

Extension points exported contracts — how you extend this code

Signer (Interface)
Signer is used to sign tokens. [6 implementers]
algo.go
BuilderOption (FuncType)
BuilderOption is used to modify builder properties.
build.go
Verifier (Interface)
Verifier is used to verify tokens. [7 implementers]
algo.go

Core symbols most depended-on inside this repo

NewSignerES
called by 19
algo_es.go
NewVerifierES
called by 19
algo_es.go
NewSignerHS
called by 18
algo_hs.go
NewSignerRS
called by 18
algo_rs.go
Build
called by 15
build.go
NewNumericDate
called by 15
numeric_date.go
NewVerifierRS
called by 13
algo_rs.go
NewSignerPS
called by 13
algo_ps.go

Shape

Function 91
Method 62
Struct 13
TypeAlias 3
Interface 2
FuncType 1

Languages

Go100%

Modules by API surface

jwt.go15 symbols
jwt_test.go12 symbols
build_test.go11 symbols
algo_hs.go11 symbols
algo.go11 symbols
claims.go10 symbols
build.go10 symbols
algo_es.go10 symbols
algo_rs.go9 symbols
algo_ps.go9 symbols
jwt_bench_test.go8 symbols
example_test.go7 symbols

For agents

$ claude mcp add jwt \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact