Validate Avnology ID access tokens locally using github.com/avnology/sdk-go/verify.

Verify JWTs in Go

The verify subpackage of github.com/avnology/sdk-go ships a JWTVerifier that fetches the Avnology gateway's JWKS once and caches it, then performs local verification on every subsequent request. No Ory terminology leaks into the types -- claims use Avnology-native names.

Install

go get github.com/avnology/sdk-go@latest

Minimum viable verifier

net/http middleware

package main

import (
    "context"
    "net/http"
    "strings"

    "github.com/avnology/sdk-go/verify"
)

Or use the prebuilt helper from github.com/avnology/sdk-go/http:

import avnologyhttp "github.com/avnology/sdk-go/http"

handler := avnologyhttp.RequireAuth(v)(myHandler)

Router-specific subpackages

import avnologychi   "github.com/avnology/sdk-go/http/chi"
import avnologygin   "github.com/avnology/sdk-go/http/gin"
import avnologyecho  "github.com/avnology/sdk-go/http/echo"
import avnologyfiber "github.com/avnology/sdk-go/http/fiber

Each lives in its own go.mod so the root SDK doesn't pull in every router's deps.

Claims reference

type Claims struct {
    Subject        string
    UserID         string
    OrganizationID string
    SessionID      string
    Permissions    []string
    Scope          string
    Audience       []

Performance notes

JWKS fetch adds ~20ms on first call; zero thereafter.
Verify is goroutine-safe. Share the verifier across your whole process.
If your service is latency-sensitive, bump Options.CacheTTL to 15 minutes and accept a slower detection of key rotations (gateway pre-publishes new keys for 48h, so this is safe).

Verify JWTs (Go)