package main import ( "net/http" "time" jwt "github.com/dgrijalva/jwt-go" "github.com/labstack/echo" "github.com/labstack/echo/middleware" ) // jwtCustomClaims are custom claims extending default ones. type jwtCustomClaims struct { Name string `json:"name"` Admin bool `json:"admin"` jwt.StandardClaims } func login(c echo.Context) error { username := c.FormValue("username") password := c.FormValue("password") if username == "jon" && password == "shhh!" { // Set custom claims claims := &jwtCustomClaims{ "Jon Snow", true, jwt.StandardClaims{ ExpiresAt: time.Now().Add(time.Hour * 72).Unix(), }, } // Create token with claims token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) // Generate encoded token and send it as response. t, err := token.SignedString([]byte("secret")) if err != nil { return err } return c.JSON(http.StatusOK, map[string]string{ "token": t, }) } return echo.ErrUnauthorized } func accessible(c echo.Context) error { return c.String(http.StatusOK, "Accessible") } func restricted(c echo.Context) error { user := c.Get("user").(*jwt.Token) claims := user.Claims.(*jwtCustomClaims) name := claims.Name return c.String(http.StatusOK, "Welcome "+name+"!") } func main() { e := echo.New() // Middleware e.Use(middleware.Logger()) e.Use(middleware.Recover()) // Login route e.POST("/login", login) // Unauthenticated route e.GET("/", accessible) // Restricted group r := e.Group("/restricted") // Configure middleware with the custom claims type config := middleware.JWTConfig{ Claims: &jwtCustomClaims{}, SigningKey: []byte("secret"), } r.Use(middleware.JWTWithConfig(config)) r.GET("", restricted) if err := e.Start(":1323"); err != nil { e.Logger.Fatal(err) } }