Awesome Open Source
Awesome Open Source


Build Status Go Report Card GoDoc

branca is a secure alternative to JWT, This implementation is written in pure Go (no cgo dependencies) and implements the branca token specification.


Go 1.13+


go get -u


package main

import (

func main() {
	b := branca.NewBranca("supersecretkeyyoushouldnotcommit") // This key must be exactly 32 bytes long.
	// Encode String to Branca Token.
	token, err := b.EncodeToString("Hello world!")
	if err != nil {
    //b.SetTTL(3600) // Uncomment this to set an expiration (or ttl) of the token (in seconds).
    //token = "87y8daMzSkn7PA7JsvrTT0JUq1OhCjw9K8w2eyY99DKru9FrVKMfeXWW8yB42C7u0I6jNhOdL5ZqL" // This token will be not allowed if a ttl is set.
	// Decode Branca Token.
	message, err := b.DecodeToString(token)
	if err != nil {
		fmt.Println(err) // token is expired.
	fmt.Println(token) // 87y8da....
	fmt.Println(message) // Hello world!


Here are a few things that need to be done:

  • [x] Remove cgo dependencies.
  • [x] Move to a pure XChaCha20 algorithm in Go.
  • [x] Add more tests than just acceptance tests.
  • [x] Increase test coverage.
  • [ ] Additional Methods. (Encode, Decode []byte)
  • [ ] Performance benchmarks.
  • [ ] More comments, examples and documentation.


Contributions are welcome! Fork this repo and add your changes and submit a PR.

If you would like to fix a bug, add a feature or provide feedback you can do so in the issues section.

You can run tests by runnning go test. Running go test; go vet; golint is recommended.



Alternatives To Branca
Select To Compare

Alternative Project Comparisons
Related Awesome Lists
Top Programming Languages

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Go (172,393
Golang (172,393
Token (29,373
Crypto (11,452
Cryptography (11,452
Jwt (10,361
Encrypted (5,013
Cgo (657
Token Authetication (55
Xchacha20 Poly1305 (36
Token Authentication (26
Api Token (8
Branca (8