Using JWT with Labstack Echo

Today, let's have a look at how you can use <a href="http://jwt.io">JWT Authentication</a> in <a href="http://golang.org">Go</a>. We are going to use it in combination with <a href="http://echo.labstack.com">Labstack Echo</a> (my preferred tool for creating web servers with <a href="http://golang.org">Go</a>). Let's define a simple webserver supporting <a href="http://jwt.io">JWT Authentication</a> like this: <div class="highlight"><pre>package main import ( "net/http" "time" "github.com/dgrijalva/jwt-go" "github.com/labstack/echo/v4" "github.com/labstack/echo/v4/middleware" "github.com/pieterclaerhout/go-log" ) const secret = "secret" type jwtCustomClaims struct { Name string `json:"name"` UUID string `json:"uuid"` Admin bool `json:"admin"` jwt.StandardClaims } func login(c echo.Context) error { username := c.FormValue("username") password := c.FormValue("password") if username != "pieter" || password != "claerhout" { return echo.ErrUnauthorized } claims := &jwtCustomClaims{ Name: "Pieter Claerhout", UUID: "9E98C454-C7AC-4330-B2EF-983765E00547", Admin: true, StandardClaims: jwt.StandardClaims{ ExpiresAt: time.Now().Add(time.Hour * 72).Unix(), }, } token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) t, err := token.SignedString([]byte(secret)) if err != nil { return err } return c.JSON(http.StatusOK, map[string]string{ "token": t, }) } func accessible(c echo.Context) error { return c.String(http.StatusOK, "Accessible") } func restricted(c echo.Context) error { user := c.Get("user").(*jwt.Token) claims := user.Claims.(*jwtCustomClaims) log.InfoDump(claims, "claims") name := claims.Name return c.String(http.StatusOK, "Welcome "+name+"!") } func main() { e := echo.New() e.HideBanner = true e.HidePort = true e.Use(middleware.Logger()) e.Use(middleware.Recover()) e.POST("/login", login) e.GET("/", accessible) r := e.Group("/restricted") config := middleware.JWTConfig{ Claims: &jwtCustomClaims{}, SigningKey: []byte("secret"), } r.Use(middleware.JWTWithConfig(config)) r.GET("", restricted) e.Logger.Fatal(e.Start(":8080")) } </pre></div> Looking at the code, there are several endpoints defined: <ul> <li><code>/login</code>: can be used to get a JWT token based on your login credentials</li> <li><code>/</code>: an endpoint which doesn't require authentication</li> <li><code>/restricted</code>: an endpoint which does require a valid JWT authentication token</li> </ul> The server will register itself on port <code>8080</code> and we're ready to go. You can start the server like: <pre><code>$ go run server.go</code></pre> You can then use the <code>/login</code> endpoint to get a token: <pre><code>$ curl -s -X POST -d 'username=pieter' -d 'password=claerhout' http://localhost:8080/login {"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiUGlldGVyIENsYWVyaG91dCIsInV1aWQiOiI5RTk4QzQ1NC1DN0FDLTQzMzAtQjJFRi05ODM3NjVFMDA1NDciLCJhZG1pbiI6dHJ1ZSwiZXhwIjoxNjEwMzgzNTU0fQ.JqJ4x2yPXOmxJB1n4GqpfKnIMyorX2zF7kbWbfchX4c"}</code></pre> You can then use this token to access the restricted URL: <pre><code>$ curl http://localhost:8080/restricted -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiUGlldGVyIENsYWVyaG91dCIsInV1aWQiOiI5RTk4QzQ1NC1DN0FDLTQzMzAtQjJFRi05ODM3NjVFMDA1NDciLCJhZG1pbiI6dHJ1ZSwiZXhwIjoxNjEwMzgzNTU0fQ.JqJ4x2yPXOmxJB1n4GqpfKnIMyorX2zF7kbWbfchX4c" Welcome Pieter Claerhout!</code></pre> In addition, the server log will show you the contents of the authentication token: <pre><code>claims &main.jwtCustomClaims{ Name: "Pieter Claerhout", UUID: "9E98C454-C7AC-4330-B2EF-983765E00547", Admin: true, StandardClaims: jwt.StandardClaims{ Audience: "", ExpiresAt: 1610383647, Id: "", IssuedAt: 0, Issuer: "", NotBefore: 0, Subject: "", }, }</code></pre> The complete working implementation can be found <a href="https://github.com/pieterclaerhout/example-jwt">on GitHub</a>.

Related Posts