Authenticated encrypted API tokens (IETF XChaCha20-Poly1305 AEAD) for Golang

Overview

PkgGoDev GoReportCard Coverage Status Codebeat badge GitHub Actions CI Status GitHub Actions CodeQL Status

InstallationUsage exampleBenchmarksBuild StatusLicense


branca.go is branca token specification implementation for Golang 1.15+.

Features and benefits:

  • Pure Go implementation;
  • No third-party dependencies at all;
  • 100% code coverage;
  • Fuzz tests.

Installation

Make sure you have a working Go 1.16+ workspace (instructions), then:

go get pkg.re/essentialkaos/branca.v1

For update to latest stable release, do:

go get -u pkg.re/essentialkaos/branca.v1

Usage example

package main

import (
  "fmt"
  
  "pkg.re/essentialkaos/branca.v1"
)

func main() {
  key := "abcd1234abcd1234abcd1234abcd1234"
  brc, err := branca.NewBranca([]byte(key))

  if err != nil {
    fmt.Printf("Error: %v\n", err)
    return
  }

  payload := "MySuperSecretData"
  token, err := brc.EncodeToString([]byte(payload))

   if err != nil {
    fmt.Printf("Error: %v\n", err)
    return
  }

  fmt.Printf("Token: %s\n", token)
}

Benchmarks

You can run benchmarks by yourself using make bench command.

BrancaSuite.BenchmarkBase62Decoding            1000000     1046 ns/op      384 B/op      6 allocs/op
BrancaSuite.BenchmarkBase62Encoding            1000000     1913 ns/op      512 B/op      6 allocs/op
BrancaSuite.BenchmarkBrancaDecoding            5000000      373 ns/op       48 B/op      2 allocs/op
BrancaSuite.BenchmarkBrancaDecodingFromString  1000000     1463 ns/op      432 B/op      8 allocs/op
BrancaSuite.BenchmarkBrancaEncoding            1000000     1677 ns/op      208 B/op      4 allocs/op
BrancaSuite.BenchmarkBrancaEncodingToString     500000     3977 ns/op      720 B/op     10 allocs/op

Build Status

Branch Status
master CI
develop CI

License

MIT

Issues
  • Problems With Go Modules

    Problems With Go Modules

    Bug report

    System info:

    • Version: latest
    • OS (e.g. from /etc/*-release): Solus
    • Kernel (uname -a): Linux desktop-chan 5.6.19-159.current #1 SMP PREEMPT Fri Oct 16 17:49:06 UTC 2020 x86_64 GNU/Linux
    • Go version (go version): go version go1.15.4 linux/amd64
    • Install tools: go mod tidy

    Steps to reproduce:

    1. Import the package using github.com/essentialkaos/branca.
    2. Run go mod tidy.

    Expected behavior:

    Everything should install.

    Actual behavior:

    Cannot install dependency pkg.re/check.v1.

    Additional info:

    These are the logs from go mod tidy.

    go: finding module for package github.com/essentialkaos/branca
    go: found github.com/essentialkaos/branca in github.com/essentialkaos/branca v1.3.0
    go: finding module for package golang.org/x/crypto/chacha20poly1305
    go: finding module for package pkg.re/check.v1
    go: found golang.org/x/crypto/chacha20poly1305 in golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897
    go: finding module for package pkg.re/check.v1
    main imports
    	github.com/essentialkaos/branca tested by
    	github.com/essentialkaos/branca.test imports
    	pkg.re/check.v1: git fetch -f origin refs/heads/*:refs/heads/* refs/tags/*:refs/tags/* in /home/h4ckedneko/.go/pkg/mod/cache/vcs/5a34ed54ed3cd750b349944fdc8bd0a4cd5d46a0754dbd413978f8364e2c27bf: exit status 128:
    	error: RPC failed; HTTP 307 curl 22 The requested URL returned error: 307
    	fatal: the remote end hung up unexpectedly
    

    Apparently, packages from pkg.re cannot be discovered by the Go Modules Services.

    I've created my temporary fork at h4ckedneko/branca and changed the import URL of go-check then everything worked fine.

    issue • bug 
    opened by h4ckedneko 3
  • Bump github/codeql-action from 1 to 2

    Bump github/codeql-action from 1 to 2

    Bumps github/codeql-action from 1 to 2.

    Changelog

    Sourced from github/codeql-action's changelog.

    2.1.8 - 08 Apr 2022

    • Update default CodeQL bundle version to 2.8.5. #1014
    • Fix error where the init action would fail due to a GitHub API request that was taking too long to complete #1025

    2.1.7 - 05 Apr 2022

    • A bug where additional queries specified in the workflow file would sometimes not be respected has been fixed. #1018

    2.1.6 - 30 Mar 2022

    • [v2+ only] The CodeQL Action now runs on Node.js v16. #1000
    • Update default CodeQL bundle version to 2.8.4. #990
    • Fix a bug where an invalid commit_oid was being sent to code scanning when a custom checkout path was being used. #956
    Commits
    • 2c03704 Allow the version of the ML-powered pack to depend on the CLI version
    • dd6b592 Simplify ML-powered query status report definition
    • a90d8bf Merge pull request #1011 from github/henrymercer/ml-powered-queries-pr-check
    • dc0338e Use latest major version of actions/upload-artifact
    • 57096fe Add a PR check to validate that ML-powered queries are run correctly
    • b0ddf36 Merge pull request #1012 from github/henrymercer/update-actions-major-versions
    • 1ea2f2d Merge branch 'main' into henrymercer/update-actions-major-versions
    • 9dcc141 Merge pull request #1010 from github/henrymercer/stop-running-ml-powered-quer...
    • ea751a9 Update other Actions from v2 to v3
    • a2949f4 Update actions/checkout from v2 to v3
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    PR • MAINTENANCE 
    opened by dependabot[bot] 0
  • Bump github.com/essentialkaos/check from 1.2.1 to 1.3.0

    Bump github.com/essentialkaos/check from 1.2.1 to 1.3.0

    Bumps github.com/essentialkaos/check from 1.2.1 to 1.3.0.

    Release notes

    Sourced from github.com/essentialkaos/check's releases.

    Version 1.3.0

    Moderate Urgency

    Changelog

    New Features

    • Added new checker ErrorMatchesOS
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    PR • MAINTENANCE 
    opened by dependabot[bot] 0
  • Bump actions/setup-go from 2 to 3

    Bump actions/setup-go from 2 to 3

    Bumps actions/setup-go from 2 to 3.

    Release notes

    Sourced from actions/setup-go's releases.

    v3.0.0

    What's Changed

    Breaking Changes

    With the update to Node 16, all scripts will now be run with Node 16 rather than Node 12.

    This new major release removes the stable input, so there is no need to specify additional input to use pre-release versions. This release also corrects the pre-release versions syntax to satisfy the SemVer notation (1.18.0-beta1 -> 1.18.0-beta.1, 1.18.0-rc1 -> 1.18.0-rc.1).

    steps:
      - uses: actions/[email protected]
      - uses: actions/[email protected]
        with:
          go-version: '1.18.0-rc.1' 
      - run: go version
    

    Add check-latest input

    In scope of this release we add the check-latest input. If check-latest is set to true, the action first checks if the cached version is the latest one. If the locally cached version is not the most up-to-date, a Go version will then be downloaded from go-versions repository. By default check-latest is set to false. Example of usage:

    steps:
      - uses: actions/[email protected]
      - uses: actions/[email protected]
        with:
          go-version: '1.16'
          check-latest: true
      - run: go version
    

    Moreover, we updated @actions/core from 1.2.6 to 1.6.0

    v2.1.5

    In scope of this release we updated matchers.json to improve the problem matcher pattern. For more information please refer to this pull request

    v2.1.4

    What's Changed

    New Contributors

    Full Changelog: https://github.com/actions/setup-go/compare/v2.1.3...v2.1.4

    v2.1.3

    • Updated communication with runner to use environment files rather then workflow commands

    v2.1.2

    This release includes vendored licenses for this action's npm dependencies.

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    PR • MAINTENANCE 
    opened by dependabot[bot] 0
Releases(v1.3.2)
Owner
ESSENTIAL KAOS
CODE • DESIGN • UX
ESSENTIAL KAOS
Authenticated and encrypted API tokens using modern crypto

Branca Token Authenticated and encrypted API tokens using modern crypto. What? Branca is a secure, easy to use token format which makes it hard to sho

Mika Tuupola 185 May 22, 2022
Package gorilla/securecookie encodes and decodes authenticated and optionally encrypted cookie values for Go web applications.

securecookie securecookie encodes and decodes authenticated and optionally encrypted cookie values. Secure cookies can't be forged, because their valu

Gorilla Web Toolkit 581 Jun 29, 2022
Gets Firebase auth tokens (for development purposes only)Gets Firebase auth tokens

Firebase Token Gets Firebase auth tokens (for development purposes only) Getting started Create Firebase project Setup Firebase authentication Setup G

MousyBusiness 1 Nov 17, 2021
Utility to generate tokens to interact with GitHub API via GitHub App integration

GitHub App Authentication for integration with GitHub Introduction GitHub Apps are the officially recommended way to integrate with GitHub because of

GitHub Advanced Security 2 Mar 16, 2022
Golang implementation of JSON Web Tokens (JWT)

jwt-go A go (or 'golang' for search engine friendliness) implementation of JSON Web Tokens NEW VERSION COMING: There have been a lot of improvements s

Dave Grijalva 10.4k Jul 4, 2022
Platform-Agnostic Security Tokens implementation in GO (Golang)

Golang implementation of PASETO: Platform-Agnostic Security Tokens This is a 100% compatible pure Go (Golang) implementation of PASETO tokens. PASETO

Oleg Lobanov 608 Jun 26, 2022
Golang jwt tokens without any external dependency

Yet another jwt lib This is a simple lib made for small footprint and easy usage It allows creating, signing, reading and verifying jwt tokens easily

Karpelès Lab Inc. 1 Oct 11, 2021
OauthMicroservice-cassandraCluster - Implement microservice of oauth using golang and cassandra to store user tokens

implement microservice of oauth using golang and cassandra to store user tokens

Mehdi 1 Jan 24, 2022
Safe, simple and fast JSON Web Tokens for Go

jwt JSON Web Token for Go RFC 7519, also see jwt.io for more. The latest version is v3. Rationale There are many JWT libraries, but many of them are h

cristaltech 552 Jul 2, 2022
Herbert Fischer 197 Jun 10, 2022
A go implementation of JSON Web Tokens

jwt-go A go (or 'golang' for search engine friendliness) implementation of JSON Web Tokens NEW VERSION COMING: There have been a lot of improvements s

null 2.8k Jun 29, 2022
an stateless OpenID Connect authorization server that mints ID Tokens from Webauthn challenges

Webauthn-oidc Webauthn-oidc is a very minimal OIDC authorization server that only supports webauthn for authentication. This can be used to bootstrap

Arian van Putten 13 May 16, 2022
Minting OIDC tokens from GitHub Actions for use with OpenFaaS

minty Experiment for minting OIDC tokens from GitHub Actions for use with OpenFaaS Why would you want this? Enable third-parties to deploy to your ope

Alex Ellis 9 Oct 31, 2021
A simple and lightweight library for creating, formatting, manipulating, signing, and validating JSON Web Tokens in Go.

GoJWT - JSON Web Tokens in Go GoJWT is a simple and lightweight library for creating, formatting, manipulating, signing and validating Json Web Tokens

Toby 5 Feb 7, 2022
Microservice generates pair of access and refresh JSON web tokens signed by user identifier.

go-jwt-issuer Microservice generates pair access and refresh JSON web tokens signed by user identifier. ?? Deployed on Heroku Run tests: export SECRET

Oleksii Velychko 27 Apr 14, 2022
Generate and verify JWT tokens with Trusted Platform Module (TPM)

golang-jwt for Trusted Platform Module (TPM) This is just an extension for go-jwt i wrote over thanksgiving that allows creating and verifying JWT tok

null 2 Mar 2, 2022
Go module with token package to request Azure Resource Manager and Azure Graph tokens.

azAUTH Go module with token package to request Azure Resource Manager and Azure Graph tokens. prerequisites Install azure cli: https://docs.microsoft.

Bart 1 Dec 1, 2021
Generate and verify JWT tokens with PKCS-11

golang-jwt for PKCS11 Another extension for go-jwt that allows creating and verifying JWT tokens where the private key is embedded inside Hardware lik

null 0 Dec 6, 2021
Generate a generic library of 2FA tokens compatible with Google Authenticator

towfa Generate a generic library of 2FA tokens compatible with Google Authenticator go get -u github.com/golandscape/twofa $twofa "you secret" result:

golandscape 13 Mar 23, 2022