A golang library implementing Nostr Web Tokens.
go get github.com/pippellia-btc/nwt
Setting the Authorization header of an http.Request from a Nostr event
if err := nwt.SetAuth(request, event); err != nil {
slog.Info("failed to set auth header", "error", err)
}Parsing a token from the Authorization header of an http.Request
token, err := nwt.Parse(request)
if err != nil {
slog.Info("failed to parse token", "error", err)
}Validating the token using the default StrictValidator
validator := nwt.StrictValidator{
Identifier: "example.com" // domain to be present in the audience claim
ClockSkew: time.Minute // tolerance for clock differences
}
if err := validator.Validate(token); err != nil {
slog.Info("token is invalid", "reason", err)
}Or create a custom validator by satisfying the Validator interface
// Validator wraps the Validate method for validating Tokens.
// The token is considered valid iff Validate returns nil.
//
// Implementations may enforce different policies for what constitutes a valid token,
// but are generally expected to at least validate the time-based claims with [ValidateTimeBounds].
//
// As an example, check out [StrictValidator].
type Validator interface {
Validate(Token) error
}