Go Jwt Middleware Versions Save

A Middleware for Go Programming Language to check for JWTs on HTTP requests

v2.2.1

3 months ago

Security

v2.2.0

5 months ago

Added

Changed

  • ESD-32688: Improve locking and blocking associated with key retrieval #225 (ewanharris)
  • Replace deprecated pkg/errors in favor of Go's standard library #189 (molaga)
  • Replace square/go-jose with go-jose/go-jose #188 (sergiught)
  • Fail to instantiate validator when audience is an empty string #183 (sergiught)

v2.1.0

1 year ago

Added

  • Allow setting a custom http.Client on the jwks.Provider (#151)
  • Add example tests (#157)
  • Add example for the gin web framework (#175)

Fixed

  • Fix CookieTokenExtractor to not throw error when no cookie present (#172)
  • Fix panic threat when using type-cast for customClaims in validator (#165)
  • Fix authentication error when setting multiple audiences on validator (#176)

v2.0.1

2 years ago

Security

  • Update Crypto dependency (#146)

v2.0.0

2 years ago

BEFORE YOU UPGRADE

  • This is a major release that includes breaking changes. Please see MIGRATION_GUIDE before upgrading. This release will require changes to your application.

Added

  • Use github.com/pkg/errors (#98)
  • Add a migration guide (#99)
  • Add cookie token extractor (#93, #63)
  • Add token validator using square/go-jose.v2 (#84, #81, #79, #74, #53)
  • Add allowed signing algorithms in validator (#128)
  • Add issuer and audience as required params in validator (#119)
  • Add support for jwks

Changed

  • Update docs (#72)
  • Reorganize imports across the project
  • Reorder fields to use less memory
  • Split jwtmiddleware into multiple files

Breaking

  • Simplify JWT library functionality into an interface (#77)
  • Rename Claims to RegisteredClaims in validator pkg
  • Refactor main middleware (#90, #51, #51)
  • Write back error messages on DefaultErrorHandler

Fixed

  • Fix code smells and code style

v2.0.0-beta.1

2 years ago

Changed

  • Improved how we pass CustomClaims to Validator for concurrent scenarios (#134)
    • Special thanks to @jessiaA for helping with this!

v2.0.0-beta

2 years ago

BEFORE YOU UPGRADE

  • This is a major release that includes breaking changes. Please see MIGRATION_GUIDE before upgrading. This release will require changes to your application.

Added

  • Use github.com/pkg/errors (#98)
  • Add a migration guide (#99)
  • Add cookie token extractor (#93, #63)
  • Add token validator using square/go-jose.v2 (#84, #81, #79, #74, #53)
  • Add allowed signing algorithms in validator (#128)
  • Add issuer and audience as required params in validator (#119)
  • Add support for jwks

Changed

  • Update docs (#72)
  • Reorganize imports across the project
  • Reorder fields to use less memory
  • Split jwtmiddleware into multiple files

Breaking

  • Simplify JWT library functionality into an interface (#77)
  • Rename Claims to RegisteredClaims in validator pkg
  • Refactor main middleware (#90, #51, #51)
  • Write back error messages on DefaultErrorHandler

Fixed

  • Fix code smells and code style

v1.0.1

2 years ago

This release isolates example-only dependencies so you have to import less things. Thanks to @liggitt for the work on this.

v1.0.0

3 years ago

This version uses a fork of jwt-go in order to address a security vulnerability. Due to jwt-go not being actively maintained we will be looking to switch to a more actively maintained package in the near future.