Easily Secure Your Go Web Server Using JWT And Auth0
Securing your web server is always a very important task since you normally don’t want any unauthorized users accessing your server. This tutorial should help you to set up Auth0 together with a Go web server using a JWT middleware for authorization.
Table of Contents
- Create an Application in Auth0
- Create the Go Web Server with JWT Authorization
- Create a valid JWT Access Token
Create an Application in Auth0
First of all, of course, you don’t have to use Auth0 and can simply implement all the user management and signing stuff yourself. But since this is quite some effort and you will always have to work with sensitive (user) data I recommend using some third-party provider to help you with this.
Especially Auth0 has a very generous free plan containing 7000 MAU (as of today) what should be more than enough for smaller applications. So let’s get started. If you don’t already have an account create a new one at https://auth0.com/.
Next, go to “Applications” and create a new application
Enter a name for your application and its type. Since I am building mostly SPAs I will choose this one here also. But you can choose whatever fit your needs.
Using HS256
By default, RS256 is being used as a JWT signature algorithm by Auth0, even though HS256 is absolutely fine here, so we will change this to make our life’s a bit easier so we don’t have to mess around with different key files but just with one simple secret.
Applications → Select Application → Settings → Scroll down to the bottom → Advanced Settings
Here the Checkbox for “OIDC Conformant” has to be ticked off to be able to change the signature algorithm to HS256.