Paseto middleware for GoLang
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

GO Paseto Middleware

License Travis Go Report Card GoDoc

A middleware that will check that a Paseto token is sent in a request. It will then set the contents of the token into the context of the request.

This module allows you authenticate HTTP requests using Paseto.


go get

Using it

This library is written for use with o1egl's paseto library.

You can use the pasetomiddleware with default net/http as follows:

package auth

type Backend struct {
	secretKey string

func Auth() *Backend {
	if authBackendInstance == nil {
		authBackendInstance = &Backend{
			secretKey: "YELLOW SUBMARINE, BLACK WIZARDRY", // Obviously don't use this exact string.

	return authBackendInstance

func (backend *Backend) Middleware(optional bool) *pasetomiddleware.PasetoMiddleware {
	middleware, _ := pasetomiddleware.New(
		pasetomiddleware.Extractor(func(r *http.Request) (string, error) {
			cookie, err := r.Cookie("paseto")
			if err != nil {
				return "", err
			return cookie.Value, nil

		pasetomiddleware.Decryptor(func(pas string, token *paseto.JSONToken, footer *string) error {
			v2 := paseto.NewV2()
			err := v2.Decrypt(pas, []byte(backend.secretKey), token, footer)
			return err


	return middleware
    package api

    router := mux.newRouter()

    router.Handle("/profile", auth.Auth().Middleware(false).NextFunc(profile)).Methods("GET")
    // You can also use .Next(http.Handler) to add another middleware.

To get the token from the request, you will do the following:

// This is initiated before.
var authedMiddleware *pasetomiddleware.PasetoMiddleware

func getUUIDFromRequest(r *http.Request) (uuid.UUID, error) {
	t, ok := r.Context().Value(authedMiddleware.TokenProperty).(*paseto.JSONToken)
	if !ok {
		return uuid.New(), errors.New("token not valid")

    // I put the UUID string with the user key into the token Map
	id := t.Get("user")
	if id == "" {
		return uuid.New(), errors.New("token not valid")

    // Parses the UUID
	uid, err := uuid.Parse(fmt.Sprint(id))
	return uid, err


This project was heavily inspired by GO-JWT-Middleware.