JSON Web Token library
new ApproveTemporal, stronger time constraints on Handler, extra boundary checks on NumericTime mapping
HTTP Bearer extraction + Go version 1.19 compliance (unit-test only)
Reusable HMAC instance + ErrUnsecured constant.
Support processing of crit(ical) JOSE extensions.
RSA PPS was broken as noted by @rschoultz. More loose HTTP acceptance & more strict HTTP checks.
Raw JOSE header exposure.
Audience check and experimental JWK support.
Cleanup with API changes:
AlgError
replaces ErrUnsecured
and ErrAlgUnk
Handler
credentials dropped—KeyRegister
-only now