ECDSA and Redis-backed JWT authentication library with full token lifecycle management and device fingerprint binding.
go get github.com/pardnchiu/go-jwt· Documentation
Integrates Redis for complete Access Token and Refresh ID lifecycle management, including creation, verification, refresh, and revocation. Ensures atomicity of multi-key operations through Redis Transaction Pipelines and prevents concurrent Refresh Token race conditions with distributed locks.
Binds tokens to the user's device environment (OS, browser, device type) via SHA-256 hashing. Even if a token is stolen, attackers cannot use it on a different device, fundamentally preventing token hijacking attacks.
Provides plug-and-play middleware for both Gin and standard net/http, automatically handling token verification and expiration refresh flows. Developers retrieve authenticated user data directly from the context without manual token lifecycle intervention.
graph TB
REQ[HTTP Request] --> MW[Middleware<br/>Gin / net/http]
MW --> V[Verify]
V -->|Valid Token| AUTH[Return Auth Data]
V -->|Expired Token| RF[Refresh]
V -->|No Token| DENY[Deny Access]
RF -->|Valid Refresh ID| SIGN[Re-sign Access Token]
RF -->|Threshold Exceeded| CREATE[Full Token Rebuild]
RF -->|Invalid| DENY
SIGN --> REDIS[(Redis)]
CREATE --> REDIS
V --> FP[Device Fingerprint Check]
FP --> REDIS
go-jwt/
├── instance.go # Initialization and config validation
├── create.go # Token creation and JWT signing
├── verify.go # Token verification and JWT parsing
├── refresh.go # Token refresh with distributed lock
├── revoke.go # Token revocation
├── middleware.go # Gin / net/http middleware
├── cookie.go # Cookie management
├── pem.go # ECDSA key handling
├── refreshData.go # Refresh ID and device fingerprint
├── utility.go # Helper functions
├── uuid.go # UUID v4 generation
├── type.go # Type definitions
├── jwt_test.go # Unit tests
└── go.mod
This project is licensed under the MIT LICENSE.
©️ 2025 邱敬幃 Pardn Chiu