How to Implement JWT Authentication in Go

Implement JWT authentication in Go by generating a token with a secret key and validating it in a middleware handler. Use the github.com/golang-jwt/jwt/v5 library to sign the token with HMAC and verify it against the request header.

package main

import (
	"net/http"
	"time"
	"github.com/golang-jwt/jwt/v5"
)

var secretKey = []byte("your-secret-key")

func generateToken(userID string) (string, error) {
	claims := jwt.MapClaims{
		"user_id": userID,
		"exp":     time.Now().Add(time.Hour * 24).Unix(),
	}
	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
	return token.SignedString(secretKey)
}

func authMiddleware(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		authHeader := r.Header.Get("Authorization")
		if authHeader == "" {
			http.Error(w, "missing authorization header", http.StatusUnauthorized)
			return
		}
		tokenString := authHeader[7:] // Remove "Bearer " prefix
		token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
			if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
				return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
			}
			return secretKey, nil
		})
		if err != nil || !token.Valid {
			http.Error(w, "invalid token", http.StatusUnauthorized)
			return
		}
		next.ServeHTTP(w, r)
	})
}

JWT authentication lets your Go server trust requests without checking a database every time. It works like a digital ID card: the server signs a token with a secret key, and the client sends that token back with every request. The server checks the signature to ensure the card hasn't been forged before letting the user in.