jwt-go VS goth

Compare jwt-go vs goth and see what are their differences.

jwt-go

ARCHIVE - Golang implementation of JSON Web Tokens (JWT). This project is now maintained at: (by dgrijalva)

goth

Package goth provides a simple, clean, and idiomatic way to write authentication packages for Go web applications. (by markbates)
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
jwt-go goth
14 7
10,354 4,884
- -
1.0 6.2
over 2 years ago 5 days ago
Go Go
MIT License MIT License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

jwt-go

Posts with mentions or reviews of jwt-go. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-05-08.
  • my first golang project!
    7 projects | /r/golang | 8 May 2022
    My only suggestion, because I haven't seen anyone else mention it, is researching your dependencies. In the app you're using https://github.com/dgrijalva/jwt-go, which isn't maintained anymore and in their repo they state that you should use https://github.com/golang-jwt/jwt instead.
  • Golang- What and Why
    12 projects | dev.to | 31 Mar 2022
    There are so many tools created tools using golang like the gh-cli, cockrach-db, jwt, etc. You can see a whole list of applications/tools/frameworks written in Go from this awesome list
  • How to pass jwt.ParseOption into gin-jwt ParseToken for ignoring the Claims Valid() execution.
    3 projects | /r/golang | 21 Mar 2022
    If it is using "github.com/golang-jwt/jwt" under the hood than all you have to do is override the Valid() method on your claims object.
  • go-doudou series 01: How to develop a monolithic RESTful service with go-doudou
    5 projects | dev.to | 24 Jan 2022
    The code logic is query user record from database by input parameter username, if not found, return Incorrect username or password error, if password was correct, issue token. The jwt library used here is golang-jwt/jwt
  • New version of JWT middleware for Fiber (v2.16.0)
    2 projects | /r/golang | 3 Aug 2021
    Abandon https://github.com/dgrijalva/jwt-go library due security issues. Now I use https://github.com/golang-jwt/jwt#jwt-go
  • Food-app
    6 projects | dev.to | 8 Jun 2021
    Go JWT Implementation Link
  • JWT and Go. How to integrate them with security requirements
    3 projects | dev.to | 13 Apr 2021
    The boilerplate application uses the dgrijalva / jwt-go library to work with JWTs. Besides the standard set of claims fields, this library allows you to describe additional fields. In the application, this makes it possible to write to the token the ID of the user to whom it was issued. The library supports the NewWithClaims () and Parse () functions used in the AuthHandler application to create and validate tokens. Also, the Echo framework has a JWT middleware that uses the specified library to validate tokens. This middleware is hooked up in the ConfigureRoutes () function of the template application that declares the routing.
  • How to create and verify JWT & PASETO token in Golang
    3 projects | dev.to | 5 Apr 2021
    There might be many different packages, but I think this one is the most popular: https://github.com/dgrijalva/jwt-go. So let’s copy its URL, and run go get in the terminal to install the package:
  • How do you validate access token from Active Directory with Go?
    2 projects | /r/golang | 4 Mar 2021
    I'm assuming the token you're referring to is the JWT token from AD. You can use this library to validate it - https://github.com/dgrijalva/jwt-go
  • Which go framework should I learn?
    7 projects | /r/golang | 6 Jan 2021
    I don't use any frameworks, but I don't use stdlib only as well. Every time I do something, I search for some of the most commonly used libraries. For example, I don't think everyone uses stdlib for JWT tokens. People would probably go with https://github.com/dgrijalva/jwt-go or choose gorilla mux as a router, same for DB stuff. A lot of people use github.com/jmoiron/sqlx or go.uber.org/zap for logging. But the idea is that you choose the right package and build what makes sense for you. Not relying on a single Framework that maybe doesn't support multiple databases or separating read/write connections, or makes tons of allocations... This is what people mean here. You make conscious choices instead of hoping that some framework has a magic solution for your problems. One of the most critical guiding principles is sticking with stdlib or anything that is stdlib compatible(interfaces).

goth

Posts with mentions or reviews of goth. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-05-31.
  • How to build Auth in 2023 with go?
    6 projects | /r/golang | 31 May 2023
    Also really easy to implement as there are libraries that do all the heavy lifting for you (https://github.com/markbates/goth is a great starting place IMHO)
  • Authentication in Go? Best practices
    4 projects | /r/golang | 7 Mar 2023
  • Simple web app, how to do auth?
    11 projects | /r/golang | 2 Nov 2022
  • The impossible case of pitching rust in a web dev shop
    11 projects | /r/programming | 22 Sep 2022
    For the kind of websites I prefer to build -- server side rendered with HTMX/Alpine for the extra niceness -- Rust I think could be a very good fit. The main downside for my personal projects is the ecosystem. E.g., a good standard way to handle CSRF tokens, standardised oauth2 implementations (like https://github.com/markbates/goth in Go), things like that. I found myself having to write a lot of code that just exists in the Go ecosystem. The main downside for a business is that it's going to make it harder to hire, since Rust genuinely requires more skill. Yes, developers will make mistakes in Go, as it's far too easy to do things like access shared memory in dangerous ways. But on the flip side, it's a lot easier for them to deliver a feature. In a choice between shipping a feature that is buggy in hard to detect ways, vs not being able to deliver at all because you can't get developers, I think it's better to ship.

What are some alternatives?

When comparing jwt-go and goth you can also consider the following projects:

go-jose - An implementation of JOSE standards (JWE, JWS, JWT) in Go

authelia - The Single Sign-On Multi-Factor portal for web apps

fiber-jwt - JWT for fiber

authboss - The boss of http auth.

casbin - An authorization library that supports access control models like ACL, RBAC, ABAC in Golang: https://discord.gg/S5UjpzGZjN

oauth2 - Go OAuth2

go-oauth2-server - A standalone, specification-compliant, OAuth2 server written in Golang.

RBAC - RBAC - Simple, concurrent Role Based Access Control(GO)

gologin - Go login handlers for authentication providers (OAuth1, OAuth2)

jwt-auth - This package provides json web token (jwt) middleware for goLang http servers