Releases: MicahParks/keyfunc
Remove usages of io/ioutil (deprecated)
io/ioutil was deprecated in Go 1.16, but I didn't notice until recently. This update replaces all usages of that package with its non-deprecated equivalents. Reference: https://go.dev/doc/go1.16#ioutil
Thank you to our new contributor @chriswolfdesign!
Related issue: #42
Contributors
Assets 2
Request factory and raw JWKS copy
This release contains two new features.
The first is a new field on keyfunc.Options for a request factory. This allows the package user to create the *http.Request used to get the JWKS from the remote resource. This serves multiple use cases, such as attaching a User-Agent via an HTTP header. This is thanks to a new contributor @mgsh!
The second is a new method to get the latest raw JWKS []byte returned from the remote resource.
A few other updates:
- Tests updated to use
Fatalfinstead of a combination ofErrorfandFailNow. - Removed usage of
err.Error()when using string formatting. - Using
logFmtstring formatting constant for log statements in tests.
Contributors
Assets 2
Support non-RFC compliant base64url padding
Trailing padding is required to be removed from base64url encoded keys. This is because RFC 7517 defines base64url the same as RFC 7515 Section 2:
- https://datatracker.ietf.org/doc/html/rfc7517#section-1.1
- https://datatracker.ietf.org/doc/html/rfc7515#section-2
with all trailing '=' characters omitted
However, not all JWKS are perfectly RFC compliant and some include trailing = characters for their base64url encoding. These non-RFC compliant JWKS implementations will be supported since it's trivial to support the removal of trailing = client side and will not impact performance in any noticeable way.
v1.0.3
There have been no effectual changes since v1.0.0
v1.0.1:
- Updates
README.mdmistake.
v1.0.2:
- Updates style of
vardeclarations in the context ofifstatements. - Removes a large amount of comments.
v1.0.3:
- Removes extra newline in new code block.
Code style update
There have been no effectual changes since v1.0.0
v1.0.1:
- Updates
README.mdmistake.
v1.0.2:
- Updates style of
vardeclarations in the context ofifstatements. - Removes a large amount of comments.
v1.0.0 Stable Release
The API is now stabilized and I intend on avoiding a /v2 release. (But one might be required if there is another major github.com/golang-jwt/jwt release.)
Here are a list of changes since v0.10.0:
- Breaking change by renaming
keyfunc.JWKstokeyfunc.JWKS. Renamed other instances of JWKs to JWKS. - Breaking change that makes
keyfunc.Optionsa required, non-variadic, argument. (An empty struct is still valid.) - Only recomputing the JWKS when the remote resources changes.
EdDSAwith aned25519curve is now supported. (ed448is not).- JWTs are marked compatible by
ktyheader value, notalg. - Remote
octkey types, including HMAC, are not supported. (Still supported through given keys.) - When a JWKS is read, all keys are precomputed or ignored.
- A
map[string]interface{}can be returned. The map key is a key ID,kid, to cryptographic keys from the JWKS. It is intended to be read-only.
An important note is that key parsing now depends on the kty header value. This header value is required by the RFC whereas the previous alg value is optional in a JWK Set.
Use time values instead of pointers
This release adds a breaking change. *time.Duration options are now not pointers.
Remove legacy fork support
The purpose of this release is to remove legacy fork support. This means that this project no longer supports:
If you are still using one of these dependencies or another fork, please use or make an issue on: github.com/MicahParks/compatibility-keyfunc
The only dependency now is: github.com/golang-jwt/jwt/v4.
There is an upstream PR to add this project to github.com/golang-jwt/jwt/v4. You can view it here: golang-jwt/jwt#105
If people are in favor of this, I would appreciate it if they would react on the upstream PR with a positive emoji 👍 to their show support. Or a negative one to show their opposition! 👎
Support HMAC, given keys, and custom algorithms
v0.8.0 HMAC note.
v0.7.0
Dependency update.