Skip to content
go-zero

JWT Authentication

JWT Authentication

Section titled “JWT Authentication”

go-zero supports JWT auth natively — declare @jwt in your API spec and the framework handles token validation automatically.

API Spec

Section titled “API Spec”
service user-api {
    // public
    @handler Login
    post /user/login (LoginReq) returns (LoginResp)


    // protected
    @jwt Auth
    @handler GetProfile
    get /user/profile (ProfileReq) returns (ProfileResp)
}

Configuration

Section titled “Configuration”
etc/user-api.yaml
Auth:
  AccessSecret: "your-256-bit-secret"
  AccessExpire: 86400

Generate a Token

Section titled “Generate a Token”
internal/logic/loginlogic.go
import (
    "time"
    "github.com/golang-jwt/jwt/v4"
)


func generateToken(secret string, userId int64) (string, error) {
    claims := jwt.MapClaims{
        "userId": userId,
        "exp":    time.Now().Add(24 * time.Hour).Unix(),
    }
    return jwt.NewWithClaims(jwt.SigningMethodHS256, claims).SignedString([]byte(secret))
}

Read Claims in Logic

Section titled “Read Claims in Logic”
userId, _ := l.ctx.Value("userId").(json.Number).Int64()

Test

Section titled “Test”
Terminal window
TOKEN=$(curl -s -X POST http://localhost:8888/user/login \
  -H "Content-Type: application/json" \
  -d '{"username":"alice","password":"secret"}' | jq -r .token)


curl -H "Authorization: Bearer $TOKEN" http://localhost:8888/user/profile