I'm currently working on an API and after a bit of time, I now understand how to use JWT in Go to get a token. With this token, I can keep a user connected but, how can I logout from the client application?
token.go
package main
import (
"github.com/dgrijalva/jwt-go"
"time"
)
const (
tokenEncodeString = "something"
)
func createToken(user User) (string, error) {
// create the token
token := jwt.New(jwt.SigningMethodHS256)
// set some claims
token.Claims["username"] = user.Username;
token.Claims["password"] = user.Password;
token.Claims["exp"] = time.Now().Add(time.Hour * 72).Unix()
//Sign and get the complete encoded token as string
return (token.SignedString([]byte(tokenEncodeString)))
}
func parseToken(unparsedToken string) (bool, string) {
token, err := jwt.Parse(unparsedToken, func(token *jwt.Token) (interface{}, error) {
return []byte(tokenEncodeString), nil
})
if err == nil && token.Valid {
return true, unparsedToken
} else {
return false, ""
}
}
After research, I found out that I can use a black list, but I really want to know if it's possible with something easier, like the code above.
I also want to find a solution that works with the memory used by the JWT process. Someone who disconnects/connects himself all the time has to have only one token for each session, not one for him and a hundred in a given black list.