go/httpauth-jwt
2
0
Fork 0
Code Issues Pull Requests Packages Releases 1 Activity
Files
d8773b0f9fd5975f393ea4d4184be60122e3dfa6
httpauth-jwt/doc.go

27 lines
1020 B
Go
Raw Normal View History

feat(httpauth-jwt): initial release — self-issued JWT auth middleware v1.0.0 Provides AuthMiddleware (calls httpauth.SetTokenData, accepts Verifier or Signer), IssueTokenPair (access + refresh tokens as jwt.MapClaims, custom claims at top level for ClaimsPermissionProvider compatibility), RefreshTokenPair (blacklist check + rotation + re-issue), and Signer/Verifier implementations for HMAC-SHA256 and RSA-SHA256 including PEM loaders and a public-key-only Verifier for read-only microservices.
2026-05-07 22:18:04 -06:00
// Package jwtauth provides self-issued JWT authentication middleware and token
// management for HTTP services.
//
// It integrates with code.nochebuena.dev/go/httpauth: AuthMiddleware verifies
// Bearer tokens and calls httpauth.SetTokenData, making uid and claims available
// to EnrichmentMiddleware, AuthzMiddleware, and ClaimsPermissionProvider.
//
// Typical flow:
//
// 1. Issue a token pair on login:
//
// signer := jwtauth.NewHMACSigner([]byte(os.Getenv("JWT_SECRET")))
// pair, err := jwtauth.IssueTokenPair(signer, uid, customClaims, cfg)
//
// 2. Protect routes:
//
// r.Use(jwtauth.AuthMiddleware(signer, publicPaths))
// r.Use(httpauth.EnrichmentMiddleware(myEnricher))
//
// 3. Rotate tokens on refresh:
//
// newPair, err := jwtauth.RefreshTokenPair(ctx, signer, refreshToken, blacklist, cfg, freshClaims)
//
// For microservices that only verify tokens (not issue them), use NewRSAPublicKeyVerifier
// or NewRSAPublicKeyVerifierFromPEM with the public key only.
package jwtauth
Reference in New Issue Copy Permalink