Skip to content

Latest commit

 

History

History
45 lines (35 loc) · 1.5 KB

jwt.md

File metadata and controls

45 lines (35 loc) · 1.5 KB

Overview

  1. How to Create, Sign & verify a jwt 1 Candidate libs for jwt

Libs

https://github.com/golang-jwt/jwt

  1. Pro: Well documented
  2. Pro: Actively Maintained
  3. Pro: Easy to access standard claims (exp, iss, ...)
  4. Pro: Many examples
  5. Pro: Allows embedding standard claims into custom claims
  6. Pro: Dates are compatible with time.Time
  7. Pro: Over 3,000 stars on Github
  8. Pro: Protects against alg=none by default
  9. Pro: Simple to handle Expired & NotYet cases
  10. Pro: Sources reference https://datatracker.ietf.org
  11. Pro: Support for arbitrary claims
  12. Pro: Supports alternative clocks (time provider)
  13. Con: No support for compact serialize

Examples

  1. Sign
  2. Verify/Parse

https://pkg.go.dev/gopkg.in/square/go-jose.v2

  1. Pro: support for arbitrary claims
  2. Pro: support for compact serialize

https://github.com/kataras/jwt

  1. Pro: Actively Maintained
  2. Pro: protects against alg=none by default
  3. Pro: Supports alternative clocks (time provider)
  4. Pro: well documented
  5. Con: under 200 stars on Github

Rejected

https://github.com/gbrlsnchs/jwt

  1. Con: Abandonware

Idioms

  1. Always select the algorithm to for parsing (don't let the token decide)