Question 1

How do I sign a JWT with Go JOSE?

Accepted Answer

Use the NewSigner function from the jose package with a supported private key (e.g., RSA or ECDSA) and specify the algorithm like RS256. The Godoc reference provides code examples for creating and verifying signed tokens.

Question 2

Go JOSE vs golang-jwt/jwt-go: which is better for JWT?

Accepted Answer

Go JOSE is more comprehensive, supporting JWE and JWS beyond JWT, with strict standards compliance. Jwt-go is simpler and focused only on JWT, so choose Go JOSE if you need full JOSE features or jwt-go for basic token handling without encryption.

Question 3

Does Go JOSE support Ed25519 signatures?

Accepted Answer

Yes, Ed25519 support is available from version 2 onwards, identified by the EdDSA algorithm in the signing table. However, ensure you're using a compatible version, as older versions may not include it.

Question 4

How to encrypt data for multiple recipients with Go JOSE?

Accepted Answer

Use the NewMultiEncrypter function, passing multiple public keys or JWKs for recipients. Note that direct encryption modes like ECDH-ES are not supported in multi-recipient mode, as mentioned in the README's footnotes.

Question 5

What are the breaking changes in Go JOSE version 5?

Accepted Answer

Version 5 will introduce API changes and require Go's encoding/json/v2, which is experimental in Go 1.25. This may affect how JSON is handled and necessitate code updates, so monitor the release notes for migration guidance.

Question 6

Is Go JOSE's JSON parsing case-sensitive?

Accepted Answer

Yes, Go JOSE uses a forked JSON parser that enforces case-sensitive member name matching to ensure consistency across languages, preventing interoperability bugs that can arise from Go's default case-insensitive behavior.

go-jose

What is go-jose?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions