+++ title = “JWT” url = “/middleware/jwt” [menu.side] name = “JWT” parent = “middleware” weight = 9 +++

JWT 中间件

JWT 提供了一个 JSON Web Token (JWT) 认证中间件。

  • 对于有效的 token,它将用户置于上下文中并调用下一个处理程序。
  • 对于无效的 token,它会发送 “401 - Unauthorized” 响应。
  • 对于丢失或无效的 Authorization 标头,它会发送 “400 - Bad Request” 。

用法

  1. e.Use(middleware.JWT([]byte("secret"))

自定义配置

用法

  1. e.Use(middleware.JWTWithConfig(middleware.JWTConfig{
  2.   SigningKey: []byte("secret"),
  3.   TokenLookup: "query:token",
  4. }))

配置

  1. // JWTConfig defines the config for JWT middleware.
  2. JWTConfig struct {
  3.   // Skipper defines a function to skip middleware.
  4.   Skipper Skipper
  6.   // Signing key to validate token.
  7.   // Required.
  8.   SigningKey interface{}
  10.   // Signing method, used to check token signing method.
  11.   // Optional. Default value HS256.
  12.   SigningMethod string
  14.   // Context key to store user information from the token into context.
  15.   // Optional. Default value "user".
  16.   ContextKey string
  18.   // Claims are extendable claims data defining token content.
  19.   // Optional. Default value jwt.MapClaims
  20.   Claims jwt.Claims
  22.   // TokenLookup is a string in the form of "<source>:<name>" that is used
  23.   // to extract token from the request.
  24.   // Optional. Default value "header:Authorization".
  25.   // Possible values:
  26.   // - "header:<name>"
  27.   // - "query:<name>"
  28.   // - "cookie:<name>"
  29.   TokenLookup string
  31.   // AuthScheme to be used in the Authorization header.
  32.   // Optional. Default value "Bearer".
  33.   AuthScheme string
  34. }

默认配置

  1. DefaultJWTConfig = JWTConfig{
  2.   Skipper:       defaultSkipper,
  3.   SigningMethod: AlgorithmHS256,
  4.   ContextKey:    "user",
  5.   TokenLookup:   "header:" + echo.HeaderAuthorization,
  6.   AuthScheme:    "Bearer",
  7.   Claims:        jwt.MapClaims{},
  8. }

示例