How to extract and verify token sent from frontend
Solution 1
The server requires a token string without added strings in my case I have added Bearer string to the token string in the header when sending request to the web server i.e.
'Authorization':'Bearer ' + localStorage.getItem('id_token')
At the web server we need to split only the valid token without the Bearer string
reqToken := r.Header.Get("Authorization")
splitToken := strings.Split(reqToken, "Bearer ")
reqToken = splitToken[1]
As a result it becomes valid token without nil.
Solution 2
The answer above is slightly incorrect because after splitting the reqToken
, there should only be one value in splitToken
, which is the token itself.
Assuming that the token is of the following format:
'Authorization': 'Bearer <YOUR_TOKEN_HERE>'
Which is the standard format - with a space between the string "Bearer" and the actual token itself.
The following code will perform the correct token extraction:
reqToken := r.Header.Get("Authorization")
splitToken := strings.Split(reqToken, "Bearer")
if len(splitToken) != 2 {
// Error: Bearer token not in proper format
}
reqToken = strings.TrimSpace(splitToken[1])
fmt.Println(reqToken) // <YOUR_TOKEN_HERE>
Solution 3
Credit: https://github.com/harlow/authtoken/blob/master/authtoken.go
const BEARER_SCHEMA = "Bearer "
authHeader := req.Header.Get("Authorization")
token := authHeader[len(BEARER_SCHEMA):]
Solution 4
1)here there is the function profilehandler (author theShivaa);
link1: https://gist.github.com/theShivaa/999cec98fc29d77ea47b2bdaf0a6b4fb
link2: https://medium.com/@theShiva5/creating-simple-login-api-using-go-and-mongodb-9b3c1c775d2f
2)to use/test this function, in the bash shell I run this command.
curl -i -H "Accept: application/json" -H "Content-Type: application/json" -H "Authorization:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmaXJzdG5hbWUiOiJwaXBwbzIiLCJsYXN0bmFtZSI6InBpcHBvMyIsInVzZXJuYW1lIjoicGlwcG8xZiJ9.MkcI4JNUgoOeMzJUhDe4dLOsK3zXSAGC9fCV5EqwA98" -X GET http://localhost:8080/profile
poise
Updated on July 10, 2022Comments
-
poise almost 2 years
I am using "github.com/dgrijalva/jwt-go", and able to send a token to my frontend, and what I would like to know how I could retrieve the token sent from the frontend so that I can verify if the token that was sent is valid and if so the secured resource will be delivered.
Here is the token sent from frontend JavaScript:
headers: { 'Authorization':'Bearer' + localStorage.getItem('id_token') }
Here is the code to send token
token := jwt.New(jwt.GetSigningMethod("HS256")) claims := make(jwt.MapClaims) claims["userName"] = loginRequest.UserName claims["exp"] = time.Now().Add(time.Minute * 60).Unix() token.Claims = claims tokenString, err := token.SignedString([]byte(SecretKey)) tokenByte, err := json.Marshal(data) w.WriteHeader(201) w.Write(tokenByte)
Here is the code to verify the token
func VerifyToken(r *http.Request) bool { reqToken := r.Header.Get("Authorization") token, err := jwt.Parse(reqToken, func(t *jwt.Token) (interface{}, error) { return []byte(SecretKey), nil }) if err == nil && token.Valid { fmt.Println("valid token") return true } else { fmt.Println("invalid token") return false } }
Am getting nil token as a return, my guess is I have sent bearer and I think it might need parsing if so how?