v2.2.1 (2024-01-22)
Security
- Bump golang.org/x/crypto from 0.4.0 to 0.17.0 #234 (dependabot[bot])
- Bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.2 #229 (dependabot[bot])
v2.2.0 (2023-12-01)
Added
- add echo example #208 (mehulgohil)
- added example for iris web framework #199 (mehulgohil)
Changed
- ESD-32688: Improve locking and blocking associated with key retrieval #225 (ewanharris)
- Replace deprecated pkg/errors in favor of Go's standard library #189 (molaga)
- Replace square/go-jose with go-jose/go-jose #188 (sergiught)
- Fail to instantiate validator when audience is an empty string #183 (sergiught)
v2.1.0 (2022-11-02)
- Allow setting a custom
http.Clienton thejwks.Provider(#151) - Add example tests (#157)
- Add example for the
ginweb framework (#175)
- Fix
CookieTokenExtractorto not throw error when no cookie present (#172) - Fix panic threat when using type-cast for
customClaimsinvalidator(#165) - Fix authentication error when setting multiple audiences on
validator(#176)
v2.0.1 (2022-03-21)
- Update Crypto dependency (#146)
v2.0.0 (2022-01-19)
BEFORE YOU UPGRADE
- This is a major release that includes breaking changes. Please see MIGRATION_GUIDE before upgrading. This release will require changes to your application.
- Use github.com/pkg/errors (#98)
- Add a migration guide (#99)
- Add cookie token extractor (#93, #63)
- Add token validator using square/go-jose.v2 (#84, #81, #79, #74, #53)
- Add allowed signing algorithms in validator (#128)
- Add issuer and audience as required params in validator (#119)
- Add support for jwks
- Update docs (#72)
- Reorganize imports across the project
- Reorder fields to use less memory
- Split jwtmiddleware into multiple files
- Simplify JWT library functionality into an interface (#77)
- Rename Claims to RegisteredClaims in validator pkg
- Refactor main middleware (#90, #51, #51)
- Write back error messages on DefaultErrorHandler
- Fix code smells and code style
v2.0.0-beta.1 (2022-01-06)
- Improved how we pass CustomClaims to Validator for concurrent scenarios (#134)
v2.0.0-beta (2021-12-08)
BEFORE YOU UPGRADE
- This is a major release that includes breaking changes. Please see MIGRATION_GUIDE before upgrading. This release will require changes to your application.
- Use github.com/pkg/errors (#98)
- Add a migration guide (#99)
- Add cookie token extractor (#93, #63)
- Add token validator using square/go-jose.v2 (#84, #81, #79, #74, #53)
- Add allowed signing algorithms in validator (#128)
- Add issuer and audience as required params in validator (#119)
- Add support for jwks
- Update docs (#72)
- Reorganize imports across the project
- Reorder fields to use less memory
- Split jwtmiddleware into multiple files
- Simplify JWT library functionality into an interface (#77)
- Rename Claims to RegisteredClaims in validator pkg
- Refactor main middleware (#90, #51, #51)
- Write back error messages on DefaultErrorHandler
- Fix code smells and code style
v1.0.1 (2021-06-21)
- Add .github Setup (#85)
- Fix broken blog link (#83)
v1.0.0 (2021-01-06)
- Add algorithm check as option
- Wrap errors with %w instead of %v (#68)
- Use builtin request context
- Support Go modules (#65)
- Add a simple function for logging
- Add ability to disable auth for preflight requests
- Add JWT Middleware for Go
- Add valid check
- Add a bunch of different ways to extract a token from a request
- Add additional documentation
- Add Martini example
- Add a test case using negroni
- Update FromAuthHeader to use strings.Fields instead of splitting strings by space to make parsing logic more robust (#11)
- Replace "github.com/codegangsta/negroni" (#32)
- Reformat examples to use new Claims type (#57)
- Refactor code to use logf method
- Disabling auth on OPTIONS now default behavior
- Basic cleanups for golint (#56)
- Fix CredentialsOptional flag being ignored
- Fix the examples
- Update jwt-go to v4 to address CVE-2020-26160 (#69)