Using JWT in the gin framework

Posted by kidbrax on Sat, 29 Jan 2022 02:03:13 +0100

The full name of JWT is JSON Web Token. It is a cross domain authentication solution and belongs to an open standard. It specifies an implementation method of Token. At present, it is mostly used in front and back-end separation projects and oauth2 0 business scenario.

What is JWT?

Why JWT?

In some previous web projects, we usually used cookie session mode to realize user authentication. The relevant processes are as follows:

The user fills in the user name and password in the browser and sends them to the server
After the server verifies the user name and password, it will generate a session data and a corresponding ID (usually called session_id) to save the relevant information of the current user
When the server returns a response, the session of the previous step will be_ Cookie whose ID is written to the user's browser
Each subsequent user's request from the browser will automatically carry the session_ Cookie with ID
The server passes the session in the request_ ID can find the previously saved session data of the user, so as to obtain the relevant information of the user.

This scheme relies on the client (browser) to save cookies, and needs to store the user's session data on the server.

In the era of mobile Internet, our users may use browsers or apps to access our services. Our web applications may be deployed on different ports at the front and back ends. Sometimes we need to support third-party login, so the cookie session mode is a little weak.

JWT is a lightweight authentication mode based on Token. After the server passes the authentication, a JSON object will be generated. After signing, a Token (Token) will be obtained and sent back to the user. The user only needs to bring this Token for subsequent requests, and the server can obtain the relevant information of the user after decryption.

To connect the principle of JWT, I recommend you to read: Ruan Yifeng's introduction to JWT

Generate JWT and parse JWT

Here, we directly use the JWT go library to realize our functions of generating JWT and parsing JWT.

Define requirements

We need to customize our own requirements to determine what data is saved in JWT. For example, we specify that username information should be stored in JWT, so we define a MyClaims structure as follows:

// MyClaims custom declaration structure and embedded JWT StandardClaims
// jwt package comes with jwt Standardclaims contains only official fields
// We need to record an additional username field here, so we need to customize the structure
// If you want to save more information, you can add it to this structure
type MyClaims struct {
	Username string `json:"username"`
	jwt.StandardClaims
}

Then we define the expiration time of JWT, taking 2 hours as an example:

const TokenExpireDuration = time.Hour * 2

Next, you need to define Secret:

var MySecret = []byte("Summer slipped away")

Generate JWT

// GenToken generates JWT
func GenToken(username string) (string, error) {
	// Create our own statement
	c := MyClaims{
		username, // Custom field
		jwt.StandardClaims{
			ExpiresAt: time.Now().Add(TokenExpireDuration).Unix(), // Expiration time
			Issuer:    "my-project",                               // Issuer 
		},
	}
	// Creates a signed object using the specified signing method
	token := jwt.NewWithClaims(jwt.SigningMethodHS256, c)
	// Use the specified secret signature and obtain the complete encoded string token
	return token.SignedString(MySecret)
}

Parsing JWT

// ParseToken parsing JWT
func ParseToken(tokenString string) (*MyClaims, error) {
	// Parse token
	token, err := jwt.ParseWithClaims(tokenString, &MyClaims{}, func(token *jwt.Token) (i interface{}, err error) {
		return MySecret, nil
	})
	if err != nil {
		return nil, err
	}
	if claims, ok := token.Claims.(*MyClaims); ok && token.Valid { // Verification token
		return claims, nil
	}
	return nil, errors.New("invalid token")
}