A simple JWT/JWKS service implementation in go as a learning exercise.
This is a simple service with a sqlite DB designed to show off various aspects of go and how a JWT/JWKS service might work. THIS SHOULD NOT BE USED IN PRODUCTION! Please do not use this as a basis for a production auth service. Instead find a well supported, open source package that is actively maintained or use a dedicated auth provider, like Auth0.
The service uses a sqlite database for storage and is seeded with a series of DB migrations
in the migrations directory. Additional data or schema changes should be made through
new migrations.
The code can support roatating keys in the jwt.KeyStore type. The code to roate the keys
is currently missing and so it only holds a single key that does not rotate.
Given an email address and password, validates if the password for a user matches the bcrypt hashed value stored in the sqlite database. Returns HTTP/401 Unauthorized if the values do not match.
Request Body:
{
"email": "...",
"password": "..."
}
Response Body:
{
"jwt": "..."
}
Returns the profile fields for the user identified by the JWT token in the Authorization header.
Returns HTTP/401 Unauthorized if the header is missing, the JWT is expired, incorrect or if the
user profile doesn't exist.
Response Body:
{
"email": "...",
"name": "...",
"location": "..."
}
Returns the active set of public keys used to sign JWT tokens in the JWKS format. See RFC 7517 for response format details.
You can start the service with go run . from the project root directory.