Question 1

How do I integrate jwt-auth with the Gin web framework?

Accepted Answer

The README provides an untested example showing how to wrap the jwt-auth middleware with Gin's handler functions. You need to use restrictedRoute.Process in a custom middleware, but be aware it's not officially tested and may require adjustments.

Question 2

jwt-auth vs golang-jwt/jwt: which is better for Go?

Accepted Answer

jwt-auth is a higher-level middleware with built-in CSRF protection and dual tokens, ideal for quick API security. In contrast, golang-jwt/jwt is a lower-level library for JWT signing/verification, offering more flexibility but requiring manual implementation of auth flows.

Question 3

How to handle token refresh automatically in jwt-auth?

Accepted Answer

jwt-auth automatically refreshes auth tokens using the longer-lived refresh tokens when they expire, as per the Design section. You need to issue tokens on login and set up the token ID checker function to validate refresh tokens.

Question 4

Can I use jwt-auth for mobile app authentication?

Accepted Answer

Yes, by setting BearerTokens to true, you can use header-based tokens for mobile apps. However, the README cautions that tokens should be stored securely, separate from CSRF secrets, to prevent JavaScript access.

Question 5

How to add user roles to JWT tokens with jwt-auth?

Accepted Answer

Use the CustomClaims map in the ClaimsType struct when issuing tokens. For example, claims.CustomClaims["Role"] = "admin" before calling IssueNewTokens, as shown in the API section.

Question 6

Does jwt-auth support OAuth2 or social logins?

Accepted Answer

No, jwt-auth is designed for JWT-based authentication only and does not include built-in support for OAuth2, OpenID Connect, or social login providers. You would need to handle external auth separately and issue JWTs afterward.

jwt-auth

What is jwt-auth?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions