v2.2.2

Security

• Bump gopkg.in/go-jose/go-jose.v2 from 2.6.2 to 2.6.3 #258 (dependabot[bot])

v2.2.1

Security

• Bump golang.org/x/crypto from 0.4.0 to 0.17.0 #234 (dependabot[bot])
• Bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.2 #229 (dependabot[bot])

v2.2.0

Added

• add echo example #208 (mehulgohil)
• added example for iris web framework #199 (mehulgohil)

Changed

• ESD-32688: Improve locking and blocking associated with key retrieval #225 (ewanharris)
• Replace deprecated pkg/errors in favor of Go's standard library #189 (molaga)
• Replace square/go-jose with go-jose/go-jose #188 (sergiught)
• Fail to instantiate validator when audience is an empty string #183 (sergiught)

v2.1.0

Added

• Allow setting a custom http.Client on the jwks.Provider (#151)
• Add example tests (#157)
• Add example for the gin web framework (#175)

Fixed

• Fix CookieTokenExtractor to not throw error when no cookie present (#172)
• Fix panic threat when using type-cast for customClaims in validator (#165)
• Fix authentication error when setting multiple audiences on validator (#176)

v2.0.1

Security

• Update Crypto dependency (#146)

v2.0.0

BEFORE YOU UPGRADE

• This is a major release that includes breaking changes. Please see MIGRATION_GUIDE before
  upgrading. This release will require changes to your application.

Added

• Use github.com/pkg/errors (#98)
• Add a migration guide (#99)
• Add cookie token extractor (#93, #63)
• Add token validator using square/go-jose.v2 (#84, #81, #79, #74, #53)
• Add allowed signing algorithms in validator (#128)
• Add issuer and audience as required params in validator (#119)
• Add support for jwks

Changed

• Update docs (#72)
• Reorganize imports across the project
• Reorder fields to use less memory
• Split jwtmiddleware into multiple files

Breaking

• Simplify JWT library functionality into an interface (#77)
• Rename Claims to RegisteredClaims in validator pkg
• Refactor main middleware (#90, #51, #51)
• Write back error messages on DefaultErrorHandler

Fixed

• Fix code smells and code style

v2.0.0-beta.1

Changed

• Improved how we pass CustomClaims to Validator for concurrent scenarios (#134)
  • Special thanks to @jessiaA for helping with this!

v2.0.0-beta

BEFORE YOU UPGRADE

• This is a major release that includes breaking changes. Please see MIGRATION_GUIDE before
  upgrading. This release will require changes to your application.

Added

• Use github.com/pkg/errors (#98)
• Add a migration guide (#99)
• Add cookie token extractor (#93, #63)
• Add token validator using square/go-jose.v2 (#84, #81, #79, #74, #53)
• Add allowed signing algorithms in validator (#128)
• Add issuer and audience as required params in validator (#119)
• Add support for jwks

Changed

• Update docs (#72)
• Reorganize imports across the project
• Reorder fields to use less memory
• Split jwtmiddleware into multiple files

Breaking

• Simplify JWT library functionality into an interface (#77)
• Rename Claims to RegisteredClaims in validator pkg
• Refactor main middleware (#90, #51, #51)
• Write back error messages on DefaultErrorHandler

Fixed

• Fix code smells and code style

v1.0.1

This release isolates example-only dependencies so you have to import less things. Thanks to @liggitt for the work on this.

v1.0.0

This version uses a fork of jwt-go in order to address a security vulnerability. Due to jwt-go not being actively maintained we will be looking to switch to a more actively maintained package in the near future.