i'm making api (with go) , i'm working on session part. after research use session, found jwt interesting.
however i'm not sure understand how use after tutorials. idea:
func main() { router := mux.newrouter().strictslash(true) router.handlefunc("/login", login) router.handlefunc("/logout", logout) router.handlefunc("/register", register) http.listenandserve(":8080", router) } after requests handled, create differents functions.
func login(w http.responsewriter, r *http.request) { /* here have search in database (sql, know how it). if user registered, create token , give him, how can it? */ } func logout(w http.responsewriter, r *http.request) { /* token , stop/delete it? */ } func register(w http.responsewriter, r *http.request) { /* search if user isn't register , then, if isn't, create user in database (i know how it). connect him again, how make new token? */ } lot of tutorials on web seems hard want simple. want handle package (code above) work service package have engine token authentication.
a second point i'm not sure understand saving of token. if user connects himself, best? each time user runs app, app connects , new token saved information (user/password) or app save token forever? , server, token managed , saved automatically jwt or have put in sql database?
thank !
edit 1
thank ! after read answer, encapsulated code (token.go) it
package services import ( "fmt" "github.com/dgrijalva/jwt-go" "time" "../models" ) var tokenencodestring string = "something" func createtoken(user models.user) (string, error) { // create token token := jwt.new(jwt.signingmethodhs256) // set claims token.claims["username"] = user.username; token.claims["password"] = user.password; token.claims["exp"] = time.now().add(time.hour * 72).unix() //sign , complete encoded token string return (token.signedstring(tokenencodestring)) } func parsetoken(unparsedtoken string) (bool, string) { token, err := jwt.parse(unparsedtoken, func(token *jwt.token) (interface{}, error) { // don't forget validate alg expect: if _, ok := token.method.(*jwt.signingmethodrsa); !ok { return nil, fmt.errorf("unexpected signing method: %v", token.header["alg"]) } return mylookupkey(token.header["kid"]), nil }) if err == nil && token.valid { return true, unparsedtoken } else { return false, "" } } however, got following error: "token.go: undefined: mylookupkey" looked on internet , found encapsulated function have prototype:
func exampleparse(mytoken string, mylookupkey func(interface{}) (interface{}, error)) { /* same code in func parsetoken() */ } so difference between function , one? how can use one?
thanks !
hi first of need import jwt library in golang (go github.com/dgrijalva/jwt-go) can find library documentation in below link.
https://github.com/dgrijalva/jwt-go
first need create token
// create token token := jwt.new(jwt.signingmethodhs256) // set claims token.claims["foo"] = "bar" token.claims["exp"] = time.now().add(time.hour * 72).unix() // sign , complete encoded token string tokenstring, err := token.signedstring(mysigningkey) and after parse token
token, err := jwt.parse(mytoken, func(token *jwt.token) (interface{}, error) { // don't forget validate alg expect: if _, ok := token.method.(*jwt.signingmethodrsa); !ok { return nil, fmt.errorf("unexpected signing method: %v", token.header["alg"]) } return mylookupkey(token.header["kid"]), nil }) if err == nil && token.valid { delivergoodness("!") } else { deliverutterrejection(":(") } also there examples use jwt in golang https://github.com/slok/go-jwt-example
edit-1
package main import ( "fmt" "time" "github.com/dgrijalva/jwt-go" ) const ( mysigningkey = "wow,muchshibe,todogge" ) func main() { createdtoken, err := examplenew([]byte(mysigningkey)) if err != nil { fmt.println("creating token failed") } exampleparse(createdtoken, mysigningkey) } func examplenew(mysigningkey []byte) (string, error) { // create token token := jwt.new(jwt.signingmethodhs256) // set claims token.claims["foo"] = "bar" token.claims["exp"] = time.now().add(time.hour * 72).unix() // sign , complete encoded token string tokenstring, err := token.signedstring(mysigningkey) return tokenstring, err } func exampleparse(mytoken string, mykey string) { token, err := jwt.parse(mytoken, func(token *jwt.token) (interface{}, error) { return []byte(mykey), nil }) if err == nil && token.valid { fmt.println("your token valid. style.") } else { fmt.println("this token terrible! cannot accept this.") } } 
Comments
Post a Comment