Skip to content
Keel

ss-keel-jwt

ss-keel-jwt provides JWT generation and validation with a ready-to-use Guard implementation. Sign tokens at login, protect routes with the guard, and access the authenticated user anywhere in the handler chain.

Implements: Guard

Planned Installation

Section titled “Planned Installation”
Terminal window
go get github.com/slice-soft/ss-keel-jwt

Planned Usage

Section titled “Planned Usage”

Setup

Section titled “Setup”
import "github.com/slice-soft/ss-keel-jwt"


jwtService := ssjwt.New(ssjwt.Config{
    Secret:     os.Getenv("JWT_SECRET"),
    Expiration: 24 * time.Hour,
})

Generating a Token

Section titled “Generating a Token”
// On login
token, err := jwtService.Sign(ssjwt.Claims{
    Subject: user.ID,
    Custom: map[string]any{
        "role":  user.Role,
        "email": user.Email,
    },
})

Protecting Routes

Section titled “Protecting Routes”
guard := jwtService.Guard()


// Per-route
core.GET("/profile", profileHandler).
    Use(guard.Middleware()).
    WithSecured("bearerAuth")


// Per-group
protected := app.Group("/api/v1", guard.Middleware())
protected.Use(&users.Module{})

Accessing the Authenticated User

Section titled “Accessing the Authenticated User”
func profileHandler(c *core.Ctx) error {
    claims, ok := core.UserAs[*ssjwt.Claims](c)
    if !ok {
        return core.Unauthorized("not authenticated")
    }


    return c.OK(map[string]any{
        "id":   claims.Subject,
        "role": claims.Custom["role"],
    })
}

Refresh Tokens

Section titled “Refresh Tokens”
// Generate a refresh token with longer TTL
refreshToken, _ := jwtService.SignRefresh(ssjwt.Claims{
    Subject: user.ID,
})


// Validate and rotate
newToken, err := jwtService.Refresh(refreshToken)