Skip to content

Releases: auth0/go-jwt-middleware

v2.2.2

23 Aug 19:19
87ed699
Compare
Choose a tag to compare

Security

v2.2.1

22 Jan 15:03
e25777c
Compare
Choose a tag to compare

Security

v2.2.0

04 Dec 11:27
Compare
Choose a tag to compare

Added

Changed

  • ESD-32688: Improve locking and blocking associated with key retrieval #225 (ewanharris)
  • Replace deprecated pkg/errors in favor of Go's standard library #189 (molaga)
  • Replace square/go-jose with go-jose/go-jose #188 (sergiught)
  • Fail to instantiate validator when audience is an empty string #183 (sergiught)

v2.1.0

02 Nov 13:07
b895d8b
Compare
Choose a tag to compare

Added

  • Allow setting a custom http.Client on the jwks.Provider (#151)
  • Add example tests (#157)
  • Add example for the gin web framework (#175)

Fixed

  • Fix CookieTokenExtractor to not throw error when no cookie present (#172)
  • Fix panic threat when using type-cast for customClaims in validator (#165)
  • Fix authentication error when setting multiple audiences on validator (#176)

v2.0.1

21 Mar 21:03
324518f
Compare
Choose a tag to compare

Security

  • Update Crypto dependency (#146)

v2.0.0

19 Jan 13:43
e37a07b
Compare
Choose a tag to compare

BEFORE YOU UPGRADE

  • This is a major release that includes breaking changes. Please see MIGRATION_GUIDE before
    upgrading. This release will require changes to your application.

Added

  • Use github.com/pkg/errors (#98)
  • Add a migration guide (#99)
  • Add cookie token extractor (#93, #63)
  • Add token validator using square/go-jose.v2 (#84, #81, #79, #74, #53)
  • Add allowed signing algorithms in validator (#128)
  • Add issuer and audience as required params in validator (#119)
  • Add support for jwks

Changed

  • Update docs (#72)
  • Reorganize imports across the project
  • Reorder fields to use less memory
  • Split jwtmiddleware into multiple files

Breaking

  • Simplify JWT library functionality into an interface (#77)
  • Rename Claims to RegisteredClaims in validator pkg
  • Refactor main middleware (#90, #51, #51)
  • Write back error messages on DefaultErrorHandler

Fixed

  • Fix code smells and code style

v2.0.0-beta.1

06 Jan 16:54
f2e032f
Compare
Choose a tag to compare
v2.0.0-beta.1 Pre-release
Pre-release

Changed

  • Improved how we pass CustomClaims to Validator for concurrent scenarios (#134)
    • Special thanks to @jessiaA for helping with this!

v2.0.0-beta

08 Dec 08:38
aba8990
Compare
Choose a tag to compare
v2.0.0-beta Pre-release
Pre-release

BEFORE YOU UPGRADE

  • This is a major release that includes breaking changes. Please see MIGRATION_GUIDE before
    upgrading. This release will require changes to your application.

Added

  • Use github.com/pkg/errors (#98)
  • Add a migration guide (#99)
  • Add cookie token extractor (#93, #63)
  • Add token validator using square/go-jose.v2 (#84, #81, #79, #74, #53)
  • Add allowed signing algorithms in validator (#128)
  • Add issuer and audience as required params in validator (#119)
  • Add support for jwks

Changed

  • Update docs (#72)
  • Reorganize imports across the project
  • Reorder fields to use less memory
  • Split jwtmiddleware into multiple files

Breaking

  • Simplify JWT library functionality into an interface (#77)
  • Rename Claims to RegisteredClaims in validator pkg
  • Refactor main middleware (#90, #51, #51)
  • Write back error messages on DefaultErrorHandler

Fixed

  • Fix code smells and code style

v1.0.1

22 Jun 03:15
dec8d9f
Compare
Choose a tag to compare

This release isolates example-only dependencies so you have to import less things. Thanks to @liggitt for the work on this.

v1.0.0

06 Jan 20:51
1c6db3c
Compare
Choose a tag to compare

This version uses a fork of jwt-go in order to address a security vulnerability. Due to jwt-go not being actively maintained we will be looking to switch to a more actively maintained package in the near future.