jwtauth uses jwt-go, uuid and go-redis
redis is used for storing token blacklist
jwtauth.Setup(jwtsecret string, redisclient redis.Client, atExpiry time.Duration, rtExpiry time.Duration):
- initializes jwt secret key, redis client and expiration duration for access and refresh token.
jwtauth.CreateToken(id uint64):
- creates access and refresh token based on jwt secret key
- access token expires in 15 minutes
- refresh token expires in 7 days
- subject is id.
- sets jti to uuid v4, same for access and refresh token
jwtauth.LogoutToken(r http.Request):
- requires access token in authorization header
- adds jti to blacklist with 7 days expiry
jwtauth.RefreshTokens(r http.Request):
- gets access token from authorization header, refresh token from request body
- access token must be expired
- access token and refresh token must have same jti
- adds jti to blacklist with 7 days expiry
Check usage in gotodo project: