gofr icon indicating copy to clipboard operation
gofr copied to clipboard
verified publisher icon gofr-dev

Add Example for JWT Authentication Middleware in GoFr

Open aryaman-vohra opened this issue 6 months ago • 4 comments

GoFr already supports custom middleware, but there isn’t an example for implementing JWT-based authentication, which is a common requirement for many microservice applications.

I’d like to contribute by adding a basic example of JWT authentication middleware that:

  • Verifies the presence and validity of a JWT token in the Authorization header
  • Rejects requests without a valid token
  • Allows access to protected routes when the token is valid

This will serve as a reference for developers who want to add token-based authentication to their GoFr apps.

What I Plan to Do-

  • Create a custom middleware function for JWT validation
  • Protect a sample endpoint (e.g., /secure) using this middleware
  • Add a helper route (e.g., /login) to issue a sample token for testing
  • Write test cases for the middleware
  • Add comments and documentation where needed

GoFr supports custom middleware — so we can easily -Plug in your own JWT verification -Add Authorization headers support -Block unauthorized requests -Chain it with other middleware

But we have to write the actual JWT logic.

Adding a JWT Auth example will:

Fill this obvious gap for real-world use Help new users see how to secure routes Become a reference for adding other auth (OAuth, Firebase, etc.)

Please let me know if this is something I can work on. Happy to make any changes based on feedback.

aryaman-vohra avatar Jun 22 '25 04:06 aryaman-vohra

I'd like to work on this issue. Please assign it to me. 🙂

aryaman-vohra avatar Jun 22 '25 05:06 aryaman-vohra

Hey! You can integrate JWT authentication middleware into one of the existing examples (Comment the code out, as it won't work before the user set up the whole workflow on their end.)

Then, write an article detailing the entire process — from setting up JWT authentication and creating the token retrieval endpoint, to configuring the framework to enable JWT support and adding that for user reference for setup.

coolwednesday avatar Jun 23 '25 07:06 coolwednesday

@aryaman-vohra Assigned to you!

Umang01-hash avatar Jun 23 '25 07:06 Umang01-hash

Hey! I've raised a PR (#1895) for this feature:

  • Adds JWT auth example with /login, middleware stub, and secure.go handler.
  • Middleware is commented out until GoFr exposes header access.
  • Includes full README and environment variable-based secret handling.

Awaiting review and workflow approval. Let me know if anything else is needed!

aryaman-vohra avatar Jun 24 '25 07:06 aryaman-vohra