Skip to Content
Clerk logo

Clerk Docs

Ctrl + K
Go to clerk.com

Verifying a session in Go

Protect your backend APIs

Go makes it really easy to create a simple HTTP server, and Clerk makes it simple to authenticate any request. The following examples shows how to verify a session and retrieve the corresponding user.

package main import ( "net/http" "strings" "github.com/clerk/clerk-sdk-go/clerk" ) func main() { client, _ := clerk.NewClient(`{{secret}}`) http.HandleFunc("/hello", func(w http.ResponseWriter, r *http.Request) { // get session token from Authorization header sessionToken := r.Header.Get("Authorization") sessionToken = strings.TrimPrefix(sessionToken, "Bearer ") // verify the session sessClaims, err := client.VerifyToken(sessionToken) if err != nil { w.WriteHeader(http.StatusUnauthorized) w.Write([]byte("Unauthorized")) return } // get the user, and say welcome! user, err := client.Users().Read(sessClaims.Claims.Subject) if err != nil { panic(err) } w.Write([]byte("Welcome " + *user.FirstName)) }) http.ListenAndServe(":8080", nil) }

Using middleware

The Clerk SDK also provides a simple middleware that adds the active session to the request's context.

package main import ( "net/http" "github.com/clerk/clerk-sdk-go/clerk" ) func main() { client, _ := clerk.NewClient(`{{secret}}`) mux := http.NewServeMux() injectActiveSession := clerk.WithSessionV2(client) mux.Handle("/hello", injectActiveSession(helloUserHandler(client))) http.ListenAndServe(":8080", mux) } func helloUserHandler(client clerk.Client) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { ctx := r.Context() sessClaims, ok := clerk.SessionFromContext(ctx) if !ok { w.WriteHeader(http.StatusUnauthorized) w.Write([]byte("Unauthorized")) return } user, err := client.Users().Read(sessClaims.Claims.Subject) if err != nil { panic(err) } w.Write([]byte("Welcome " + *user.FirstName)) } }

Last updated on February 13, 2024

What did you think of this content?

Clerk © 2024