Documentation

Configuration

All knobs on goJwt.Config — Redis, PEM keys, Option defaults, Cookie attributes, and CheckAuth.

Config structure

Field Type Required Description
Redis Redis Yes Redis connection settings
File *File No PEM key file paths
Option *Option No Token parameter tuning
Cookie *Cookie No Cookie attribute settings
CheckAuth func(Auth) (bool, error) No Custom user validation callback

Redis settings

Field Type Required Description
Host string Yes Redis host address
Port int Yes Redis port
Password string No Redis password
DB int Yes Redis database number

Option defaults

Applied by validOptionData when fields are zero or empty:

Field Default Description
AccessTokenExpires 15m Access Token expiration
RefreshIdExpires 7d Refresh ID expiration
AccessTokenCookieKey access_token Access Token cookie key
RefreshIdCookieKey refresh_id Refresh ID cookie key
MaxVersion 5 Refresh count before Refresh ID rebuild
RefreshTTL 0.5 TTL ratio threshold for Refresh ID rebuild
PrivateKey empty Inline private PEM text
PublicKey empty Inline public PEM text
Field Type Default Description
Domain *string None Cookie domain
Path *string / Cookie path
SameSite *http.SameSite Lax SameSite attribute
Secure *bool false HTTPS only
HttpOnly *bool true HttpOnly flag

PEM keys

Three configuration methods, in priority order:

  1. File.PrivateKeyPath / File.PublicKeyPath — specify file paths
  2. Option.PrivateKey / Option.PublicKey — provide PEM text directly
  3. Auto-detect ./keys/private-key.pem and ./keys/public-key.pem; generates a new ECDSA P-256 key pair if not found

CheckAuth

Optional callback invoked during refresh. Return false (or an error) to force logout when the user no longer exists or should not remain authenticated.

CheckAuth: func(auth goJwt.Auth) (bool, error) {
    return userExists(auth.ID)
},

Full example

secure := true
jwtAuth, err := goJwt.New(goJwt.Config{
    Redis: goJwt.Redis{
        Host:     "localhost",
        Port:     6379,
        Password: "secret",
        DB:       1,
    },
    Option: &goJwt.Option{
        AccessTokenExpires: 10 * time.Minute,
        RefreshIdExpires:   14 * 24 * time.Hour,
        MaxVersion:         3,
        RefreshTTL:         0.4,
    },
    Cookie: &goJwt.Cookie{
        Secure: &secure,
    },
    CheckAuth: func(auth goJwt.Auth) (bool, error) {
        return auth.ID != "", nil
    },
})
中文