rss resume / curriculum vitae linkedin linkedin gitlab github twitter mastodon instagram
Go Tip: Azure Active Directory + JWT
Jul 17, 2018

Let’s cover how to use Azure Active Directory (for authentication) and JSON Web Tokens (for authorizing) your enterprise users in Go!

By the way this is not your classic How to use Go with JWT (search golang jwt on Google, or any other search engine for that) this is more focused on using specifically the actual Azure Active Directory service for getting the JSON Web Token and then using that to authorize your API.


  1. You understand what JSON Web Tokens and OpenID Connect are.
  2. If you don’t have an Azure account, then register!, next make sure you activate the free account to properly have access to using Active Directory, don’t forget to de-active it in 30 days or you will spend moneys!
  3. Register your application with your Active Directory tenant, for the Application type use Web app / API; make sure you read that link completely to understand the rationale behind the final Go example.

If this is your first time using Azure Active Directory, a few really important things to know:

  • The Sign-on URL is supposed to be the endpoint used for authorization, you can always change it.
  • The Tenant is the name, you get that by going to Azure Active Directory, it’s on the Overview tab.

Azure Active Directory Tenant image full size

  • To enable returning Security Groups information in the claims you have to edit the Manifest and replace the value of groupMembershipClaims with SecurityGroup, basically this:

Azure Active Directory Manifest image full size

  • For testing purposes create a few users and a few groups (use Security type), add some users to the groups, make sure you write down those Object IDs, those will be used as parameters for our Go program.


Take a look at the existing repository, the important bits are the following:

Back to posts