jose

module

v0.0.0-...-7521c7f Latest Latest Go to latest Published: Aug 16, 2025 License: MPL-2.0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/picatz/jose

Links

Open Source Insights

README ¶

JOSE

JavaScript Object Signing and Encryption (JOSE) implemented in Go.

Installation

$ go get github.com/picatz/jose@latest

Example Usage

// Create a public/private key pair (ECDSA)
private, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
	panic(err)
}

// Create a JWT token, sign it with the private key.
token, err := jwt.New(
	header.Parameters{
		header.Type:      jwt.Type,
		header.Algorithm: jwa.ES256,
	},
	jwt.ClaimsSet{
		"sub":  "1234567890",
		"name": "John Doe",
	},
	private,
)
if err != nil {
	panic(err)
}

mux := http.NewServeMux()

mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
	bearerToken, err := jwt.FromHTTPAuthorizationHeader(r)
	if err != nil {
		w.WriteHeader(http.StatusBadRequest)
		return
	}

	token, err = jwt.ParseAndVerify(bearerToken, jwt.WithKey(&private.PublicKey))
	if err != nil {
		w.WriteHeader(http.StatusUnauthorized)
		return
	}

	sub, err := token.Claims.Get(jwt.Subject)
	if err != nil {
		w.WriteHeader(http.StatusBadRequest)
		return
	}

	if sub != "1234567890" {
		w.WriteHeader(http.StatusUnauthorized)
		return
	}

	name, err := token.Claims.Get("name")
	if err != nil {
		w.WriteHeader(http.StatusBadRequest)
		return
	}

	w.WriteHeader(http.StatusOK)
	w.Write([]byte(fmt.Sprintf("Welcome back, %s!", name)))
})

fmt.Println("Listening on http://127.0.0.1:8080")

fmt.Printf("Try running: curl http://127.0.0.1:8080 -H 'Authorization: Bearer %s' -v\n", token)

err = http.ListenAndServe("127.0.0.1:8080", mux)
if err != nil {
	panic(err)
}

RFCs

RFC7515 (JWS) JSON Web Signature
RFC7516 (JWE) JSON Web Encryption
RFC7517 (JWK) JSON Web Key
RFC7518 (JWA) JSON Web Algorithms
RFC7519 (JWT) JSON Web Token

History

JOSE was developed by an IETF working group, started in 2011. The group set out to develop a JSON syntax that could be used by applications to describe "secure data objects". It has become a well-known, standardized mechanism for integrity protection and encryption, as well as the format for keys and algorithm identifiers to support interoperability of security services for protocols that use JSON.

Directories ¶

Path	Synopsis
examples
http command
pprof command
pkg Package jose implements JavaScript Object Signing and Encryption (JOSE) related functionality.	Package jose implements JavaScript Object Signing and Encryption (JOSE) related functionality.
base64 Package base64 provides base64url encoding and decoding functions as defined in RFC 4648 Section 5, specifically for use in JSON Web Signatures (JWS) and JSON Web Tokens (JWT) as specified in RFC 7515.	Package base64 provides base64url encoding and decoding functions as defined in RFC 4648 Section 5, specifically for use in JSON Web Signatures (JWS) and JSON Web Tokens (JWT) as specified in RFC 7515.
header Package header provides a package for JWS and JWE headers as described in RFC 7515 and RFC 7516.	Package header provides a package for JWS and JWE headers as described in RFC 7515 and RFC 7516.
jwa Package jwa implements JWA (JSON Web Algorithms) as defined in RFC 7518.	Package jwa implements JWA (JSON Web Algorithms) as defined in RFC 7518.
jwe Package jwe implements JSON Web Encryption (JWE) functionality as defined in RFC 7516.	Package jwe implements JSON Web Encryption (JWE) functionality as defined in RFC 7516.
jwk Package jwk implements JWK functionality as defined in RFC 7517.	Package jwk implements JWK functionality as defined in RFC 7517.
jwk/thumbprint Package thumbprint provides a simple and easy-to-use interface for working with JSON Web Key (JWK) Thumbprints as defined by RFC 7638.	Package thumbprint provides a simple and easy-to-use interface for working with JSON Web Key (JWK) Thumbprints as defined by RFC 7638.
jws Package jws implements JSON Web Signature (JWS) functionality as defined in RFC 7515.	Package jws implements JSON Web Signature (JWS) functionality as defined in RFC 7515.
jwt Package jwt provides a simple and easy-to-use interface for working with JSON Web Tokens (JWTs) as defined by RFC 7519.	Package jwt provides a simple and easy-to-use interface for working with JSON Web Tokens (JWTs) as defined by RFC 7519.
keyutil Package keyutil provides utility functions for dealing with keys used by the JOSE package for JWT, JWS, JWE, and JWK.	Package keyutil provides utility functions for dealing with keys used by the JOSE package for JWT, JWS, JWE, and JWK.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL