Configuration
All knobs on goJwt.Config — Redis, PEM keys, Option defaults, Cookie attributes, and CheckAuth.
Config structure
| Field | Type | Required | Description |
|---|---|---|---|
Redis |
Redis |
Yes | Redis connection settings |
File |
*File |
No | PEM key file paths |
Option |
*Option |
No | Token parameter tuning |
Cookie |
*Cookie |
No | Cookie attribute settings |
CheckAuth |
func(Auth) (bool, error) |
No | Custom user validation callback |
Redis settings
| Field | Type | Required | Description |
|---|---|---|---|
Host |
string |
Yes | Redis host address |
Port |
int |
Yes | Redis port |
Password |
string |
No | Redis password |
DB |
int |
Yes | Redis database number |
Option defaults
Applied by validOptionData when fields are zero or empty:
| Field | Default | Description |
|---|---|---|
AccessTokenExpires |
15m |
Access Token expiration |
RefreshIdExpires |
7d |
Refresh ID expiration |
AccessTokenCookieKey |
access_token |
Access Token cookie key |
RefreshIdCookieKey |
refresh_id |
Refresh ID cookie key |
MaxVersion |
5 |
Refresh count before Refresh ID rebuild |
RefreshTTL |
0.5 |
TTL ratio threshold for Refresh ID rebuild |
PrivateKey |
empty | Inline private PEM text |
PublicKey |
empty | Inline public PEM text |
Cookie settings
| Field | Type | Default | Description |
|---|---|---|---|
Domain |
*string |
None | Cookie domain |
Path |
*string |
/ |
Cookie path |
SameSite |
*http.SameSite |
Lax |
SameSite attribute |
Secure |
*bool |
false |
HTTPS only |
HttpOnly |
*bool |
true |
HttpOnly flag |
PEM keys
Three configuration methods, in priority order:
File.PrivateKeyPath/File.PublicKeyPath— specify file pathsOption.PrivateKey/Option.PublicKey— provide PEM text directly- Auto-detect
./keys/private-key.pemand./keys/public-key.pem; generates a new ECDSA P-256 key pair if not found
CheckAuth
Optional callback invoked during refresh. Return false (or an error) to force logout when the user no longer exists or should not remain authenticated.
CheckAuth: func(auth goJwt.Auth) (bool, error) {
return userExists(auth.ID)
},
Full example
secure := true
jwtAuth, err := goJwt.New(goJwt.Config{
Redis: goJwt.Redis{
Host: "localhost",
Port: 6379,
Password: "secret",
DB: 1,
},
Option: &goJwt.Option{
AccessTokenExpires: 10 * time.Minute,
RefreshIdExpires: 14 * 24 * time.Hour,
MaxVersion: 3,
RefreshTTL: 0.4,
},
Cookie: &goJwt.Cookie{
Secure: &secure,
},
CheckAuth: func(auth goJwt.Auth) (bool, error) {
return auth.ID != "", nil
},
})