Need Help?

  •   Chat on Gitter
  •   Github Issues
  •   Ask on StackOverflow - tag aahframework

Tutorial of REST API JWT Auth - Security

Goal of this tutorial is to demonstrate aah framework’s Generic Auth scheme to JSON Web Token (JWT) auth security implementation. It is easy and robust implementation.

Before you begin, I would request you to take a moment to read security design of aah, Authentication and Authorization.

Generic Auth has more possibilities, this tutorial implements JSON Web Token (JWT) using Generic auth scheme.

How to get the aah tutorials source code?

go get -u -d github.com/go-aah/tutorials


Focus on following files/directory:

  rest-api-jwt-auth/app/controllers/info.go
  rest-api-jwt-auth/app/security/*
  rest-api-jwt-auth/config/security.conf
  rest-api-jwt-auth/config/routes.conf

Explanation

  • controllers package
    • Implements token /v1/token endpoint to issue a JSON Web Token (JWT).
    • Implements reportee endpoint to demonstrate Authentication and Authorization feature.
  • security package
    • Implements interface authc.Authenticator to validate JSON Web Token (JWT) and returns Subject’s authc.AuthenticationInfo to Security Manager.
    • Implements interface authz.Authorizer to provide Subject’s Roles and Permissions to Security Manager.
    • Implemented security interfaces security/AuthenticationProvider & security/AuthorizationProvider gets registered in security.conf
    • Implements JWT based configuration
  • security.conf has Generic Auth Scheme defined and JWT configuration.
  • routes.conf has default_auth = "jwt_auth" defined for all routes and respective auth attribute defined for certain route as appropriate.

Let’s see it in the action

aah run -i github.com/go-aah/tutorials/rest-api-jwt-auth

Use your favorite REST client to make a request

Demo Users

  • user1@example.com/welcome123
  • user2@example.com/welcome123
  • user3@example.com/welcome123 (user is in locked state)
  • admin@example.com/welcome123

While you’re doing various requests also observe the application logs and API response to see more information.

API Endpoints

Getting JWT Token

Send JSON payload with username and password.

{
  "username": "user1@example.com",
  "password": "welcome123"
}

And pass token via Header Authorization: Bearer <token>.



Spread the word of aah, the web framework for Go. Thank you!