#JWT

Mar 07, 2026 · Engineering

JWT in 150 lines of Go — the case against the library

HS256 JWT issue + verify + audience check + expiry in pure stdlib. Why pulling a third-party JWT library is the wrong call for security-critical code.

GoJWTSecurityStdlib

Mar 06, 2026 · Engineering

HS256 vs RS256 — pick the wrong one and explain why

Symmetric vs asymmetric JWT signing. The choice changes what fails when a key leaks, who can verify, and how rotation works.

GoJWTSecurityCryptography