Verifying a session
Protect Your Backend APIs
Go makes it really easy to create a simple HTTP server, and Clerk makes it really easy to authenticate any request. In the following example you can learn how to verify a session and retrieve the corresponding user.
.env1package main23import (4"net/http"5"strings"67"github.com/clerkinc/clerk-sdk-go/clerk"8)910func main() {11client, _ := clerk.NewClient("your_secret_key")1213http.HandleFunc("/hello", func(w http.ResponseWriter, r *http.Request) {14// get session token from Authorization header15sessionToken := r.Header.Get("Authorization")16sessionToken = strings.TrimPrefix(sessionToken, "Bearer ")1718// verify the session19sessClaims, err := client.VerifyToken(sessionToken)20if err != nil {21w.WriteHeader(http.StatusUnauthorized)22w.Write([]byte("Unauthorized"))23return24}2526// get the user, and say welcome!27user, err := client.Users().Read(sessClaims.Claims.Subject)28if err != nil {29panic(err)30}3132w.Write([]byte("Welcome " + *user.FirstName))33})3435http.ListenAndServe(":8080", nil)36}37
Using middleware
The Clerk SDK also provides a simple middleware that adds the active session to the request's context.
.env1package main23import (4"net/http"56"github.com/clerkinc/clerk-sdk-go/clerk"7)89func main() {10client, _ := clerk.NewClient("your_secret_key")1112mux := http.NewServeMux()1314injectActiveSession := clerk.WithSession(client)15mux.Handle("/hello", injectActiveSession(helloUserHandler(client)))1617http.ListenAndServe(":8080", mux)18}1920func helloUserHandler(client clerk.Client) http.HandlerFunc {21return func(w http.ResponseWriter, r *http.Request) {22ctx := r.Context()2324sessClaims, ok := ctx.Value(clerk.ActiveSessionClaims).(*clerk.SessionClaims)25if !ok {26w.WriteHeader(http.StatusUnauthorized)27w.Write([]byte("Unauthorized"))28return29}3031user, err := client.Users().Read(sessClaims.Claims.Subject)32if err != nil {33panic(err)34}3536w.Write([]byte("Welcome " + *user.FirstName))37}38}39