Recently, my buddies from Blimp
piqued my interest about JSON Web Tokens (JWT). You can find very detailed specs about it here
. In this post, I want to guide you through implementing the equivalent of sessions, but with JWT.
The traditional session approach usually requires the client to store some sort of value in its cookies, while the server must have some sort of session storage where it stores that same value. For each request the client makes, the server has to make a network trip to check that the cookie's value is in the session storage.
What if there was no need for a session store? What if you could generate a token that could contain all the necessary information to prove that the request
is coming from an authenticated user? You can, using JWT.
I will try to walk you through implementing this in your Go server. For this implementation I decided to go with dgrijalva's
Before we begin, we need to generate RSA keys for our project which we will use to sign the tokens. To do so, run the following commands: