Which Go JWT library should I use?

Use github.com/golang-jwt/jwt/v5 for HS256/RS256 with a simple API — it is the maintained successor to the deprecated dgrijalva/jwt-go. Use github.com/go-jose/go-jose/v4 when you need JWKS verification, EdDSA, JWE, or any JOSE feature beyond basic sign/verify. Never import dgrijalva/jwt-go — it is unmaintained and has known vulnerabilities.

How do I verify a JWT against a JWKS endpoint in Go?

Use go-jose's jose.ParseSigned plus a JWKS fetched with a custom HTTP client. go-jose does not ship an automatic JWKS cache, so fetch the JWKS once, cache it with a TTL (1 hour is typical), find the key whose KeyID matches the token header kid, and call token.Verify(key). For a batteries-included option, use github.com/MicahParks/keyfunc which wraps go-jose and handles caching and key rotation.

How do I handle clock skew when verifying a JWT in Go?

golang-jwt v5 supports WithLeeway(duration): jwt.ParseWithClaims(token, claims, keyFunc, jwt.WithLeeway(60*time.Second)). The leeway applies to exp and nbf. go-jose does not apply automatic leeway — check exp and nbf yourself with a tolerance when you read the claims after verification.

Is dgrijalva/jwt-go safe to use?

No. dgrijalva/jwt-go is unmaintained and has CVE-2020-26160 (audience validation bypass). Migrate to github.com/golang-jwt/jwt/v5, which is the maintained community fork. The API is nearly identical; the import path and a few option names changed.

Guide 2 min read Updated 2026-06-18

Verify JWT in Go (golang-jwt & go-jose)

Q: How do I validate iss and aud in golang-jwt?

golang-jwt v5 ships WithIssuer and WithAudience parser options: jwt.ParseWithClaims(token, claims, keyFunc, jwt.WithValidMethods([]string{'HS256'}), jwt.WithIssuer('https://auth.example.com'), jwt.WithAudience('https://api.example.com')). WithValidMethods is mandatory — without it the token header dictates the algorithm. The library rejects expired tokens automatically via WithExpirationRequired.

Verify JWT signatures in Go with golang-jwt and go-jose. Sign and verify HS256 and RS256 tokens, validate iss/aud/exp, and verify JWTs against a JWKS endpoint with full Go code examples.

Go has two production-grade JWT libraries: golang-jwt/jwt/v5 (the maintained successor to the deprecated dgrijalva/jwt-go) and go-jose/go-jose/v4 (the JOSE-spec library used when you need JWKS, EdDSA, or JWE).

Install

go get github.com/golang-jwt/jwt/v5
go get github.com/go-jose/go-jose/v4

Sign and verify an HS256 token (golang-jwt)

package main

import (
	"crypto/rand"
	"github.com/golang-jwt/jwt/v5"
	"time"
)

var secret = []byte(os.Getenv("JWT_SECRET")) // 32+ bytes

func signToken() (string, error) {
	claims := jwt.MapClaims{
		"sub": "user_123",
		"iss": "https://auth.example.com",
		"aud": "https://api.example.com",
		"exp": time.Now().Add(15 * time.Minute).Unix(),
		"iat": time.Now().Unix(),
	}
	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
	return token.SignedString(secret)
}

func verifyToken(tokenString string) (jwt.MapClaims, error) {
	token, err := jwt.ParseWithClaims(tokenString, jwt.MapClaims{}, func(t *jwt.Token) (interface{}, error) {
		if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
			return nil, fmt.Errorf("unexpected method: %v", t.Header["alg"])
		}
		return secret, nil
	},
		jwt.WithValidMethods([]string{"HS256"}),      // mandatory
		jwt.WithIssuer("https://auth.example.com"),
		jwt.WithAudience("https://api.example.com"),
		jwt.WithLeeway(60*time.Second),               // skew tolerance
	)
	if err != nil {
		return nil, err
	}
	return token.Claims.(jwt.MapClaims), nil
}

Verify a JWT against a JWKS endpoint (go-jose + keyfunc)

import (
	"github.com/go-jose/go-jose/v4"
	"github.com/MicahParks/keyfunc/v3"
	"github.com/golang-jwt/jwt/v5"
)

// keyfunc fetches and caches the JWKS, refreshing on a TTL
jwks, err := keyfunc.New(keyfunc.Options{
	JWKSURL: "https://YOUR_DOMAIN.auth0.com/.well-known/jwks.json",
	RefreshErrorHandler: func(err error) {
		log.Printf("JWKS refresh error: %v", err)
	},
})
if err != nil {
	log.Fatal(err)
}

token, err := jwt.ParseWithClaims(tokenString, jwt.MapClaims{}, jwks.Keyfunc,
	jwt.WithValidMethods([]string{"RS256"}),
	jwt.WithIssuer("https://YOUR_DOMAIN.auth0.com/"),
	jwt.WithAudience("https://api.example.com"),
)

keyfunc handles the JWKS fetch, caching, and background refresh. Do not fetch the JWKS on every request — the latency and the issuer-down dependency are both unacceptable in production.

Sign and verify an RS256 token (go-jose)

signer, _ := jose.NewSigner(jose.SigningKey{Algorithm: jose.RS256, Key: privateKey}, &jose.SignerOptions{
	ExtraHeaders: map[jose.HeaderKey]interface{}{"kid": "rsa-key-v1"},
})
jws, _ := signer.Sign([]byte(`{"sub":"user_123","iss":"https://auth.example.com","aud":"https://api.example.com","exp":` + strconv.FormatInt(time.Now().Add(15*time.Minute).Unix(), 10) + `}`))
token := jws.CompactSerialize()

// Verify
object, _ := jose.ParseSigned(token)
payload, err := object.Verify(publicKey)   // also validates the algorithm
if err != nil {
	log.Fatal("signature invalid")
}

go-jose’s Verify rejects algorithms not matched to the key type, which closes the algorithm-confusion attack at the library level.

Continue reading

JWT decoder → - paste a token to decode and verify it in your browser
JWT Signing Algorithms → - HS256, RS256, ES256, EdDSA with key sizes and code
Registered Claims Reference → - iss, sub, aud, exp, jti, and every RFC 7519 claim
JWT Security Vulnerabilities → - alg:none, algorithm confusion, kid injection, and every fix
Verify JWT in Node.js → - jsonwebtoken and jose code
Verify JWT in Java → - Spring Security and jjwt, including the aud mismatch fix