How to properly setup JWT tokens with TEMPL and Echo (noob)

[jramiroz98]

Hello there, I'm not very proficient with Go and I'm trying to learn while building a small project.
I did manage to generate a JWT token following whats on the cookbook, but I don't know where to store the JWT for my users to get authenticated. For instance many blogs recommend storing the token in a cookie, ive done that, but then how can I make a request that uses all the validation? I'm trying the following:

func loginGET(c echo.Context) error {
	cookie, err := c.Cookie("auth")
	if err != nil {
		return err
	}
	var value interface{}
	value = cookie.Value
	user := value.(*jwt.Token)
	claims := user.Claims.(*jwtCustomClaims)
	name := claims.Name
	println(name)

	return Render(c, http.StatusOK, templates.Login())
}

Yet I get an error saying

interface conversion: interface {} is string, not *jwt

I would like to use the token later to redirect users from pages that they shouldn't use (like the login or register page, once they are logged in) or fetch their information (I have setup a sqlite db with their info)

My experience vastly comes from using Sveltekit and good share of Python.
Thank you in advance!

[jramiroz98]

Hello handsome guy! I just found your solution!
This works just fine:

func loginGET(c echo.Context) error {
	user := c.Get("user").(*jwt.Token)
	claims := user.Claims.(*jwtCustomClaims)
	name := claims.Email
	println(name)

	return Render(c, http.StatusOK, templates.Login())
}

Creating cookie with token

What you need to do is make sure that you are creating your cookies properly! Do it like so (preferably at login):

// Create a cookie
	cookie := new(http.Cookie)
	cookie.Name = "JWTToken"
	cookie.Value = t
	cookie.Expires = time.Now().Add(time.Hour * 72)
	cookie.HttpOnly = true
	cookie.Secure = true // Ensure this is true when serving over HTTPS
	c.SetCookie(cookie)
	return c.JSON(http.StatusOK, echo.Map{
		"token": t,
	})

If you don't add the previous settings to the cookie it wont work.

Reading Token

To read from the cookie you should use the following:

func jwtFromCookie(next echo.HandlerFunc) echo.HandlerFunc {
	return func(c echo.Context) error {
		cookie, err := c.Cookie("JWTToken")
		if err != nil {
			// return echo.ErrUnauthorized
			return next(c)
		}

		c.Request().Header.Set("Authorization", "Bearer "+cookie.Value)
		return next(c)
	}
}

Middleware and config

By doing the previous line of code you get to add the cookie properly into the request before the call. This should be done by using middleware like so:
e.Use(jwtFromCookie)

Also, use:

config := echojwt.Config{
		NewClaimsFunc: func(c echo.Context) jwt.Claims {
			return new(jwtCustomClaims)
		},
		SigningKey: []byte("secret"),
	}
e.Use(jwtFromCookie)
e.Use(echojwt.WithConfig(config))

This will read from the cookie and use the config BEFORE the route is called. Most people group it, so it's definitely recommended