1## `jwt-go` Version History 2 3#### 3.2.0 4 5* Added method `ParseUnverified` to allow users to split up the tasks of parsing and validation 6* HMAC signing method returns `ErrInvalidKeyType` instead of `ErrInvalidKey` where appropriate 7* Added options to `request.ParseFromRequest`, which allows for an arbitrary list of modifiers to parsing behavior. Initial set include `WithClaims` and `WithParser`. Existing usage of this function will continue to work as before. 8* Deprecated `ParseFromRequestWithClaims` to simplify API in the future. 9 10#### 3.1.0 11 12* Improvements to `jwt` command line tool 13* Added `SkipClaimsValidation` option to `Parser` 14* Documentation updates 15 16#### 3.0.0 17 18* **Compatibility Breaking Changes**: See MIGRATION_GUIDE.md for tips on updating your code 19 * Dropped support for `[]byte` keys when using RSA signing methods. This convenience feature could contribute to security vulnerabilities involving mismatched key types with signing methods. 20 * `ParseFromRequest` has been moved to `request` subpackage and usage has changed 21 * The `Claims` property on `Token` is now type `Claims` instead of `map[string]interface{}`. The default value is type `MapClaims`, which is an alias to `map[string]interface{}`. This makes it possible to use a custom type when decoding claims. 22* Other Additions and Changes 23 * Added `Claims` interface type to allow users to decode the claims into a custom type 24 * Added `ParseWithClaims`, which takes a third argument of type `Claims`. Use this function instead of `Parse` if you have a custom type you'd like to decode into. 25 * Dramatically improved the functionality and flexibility of `ParseFromRequest`, which is now in the `request` subpackage 26 * Added `ParseFromRequestWithClaims` which is the `FromRequest` equivalent of `ParseWithClaims` 27 * Added new interface type `Extractor`, which is used for extracting JWT strings from http requests. Used with `ParseFromRequest` and `ParseFromRequestWithClaims`. 28 * Added several new, more specific, validation errors to error type bitmask 29 * Moved examples from README to executable example files 30 * Signing method registry is now thread safe 31 * Added new property to `ValidationError`, which contains the raw error returned by calls made by parse/verify (such as those returned by keyfunc or json parser) 32 33#### 2.7.0 34 35This will likely be the last backwards compatible release before 3.0.0, excluding essential bug fixes. 36 37* Added new option `-show` to the `jwt` command that will just output the decoded token without verifying 38* Error text for expired tokens includes how long it's been expired 39* Fixed incorrect error returned from `ParseRSAPublicKeyFromPEM` 40* Documentation updates 41 42#### 2.6.0 43 44* Exposed inner error within ValidationError 45* Fixed validation errors when using UseJSONNumber flag 46* Added several unit tests 47 48#### 2.5.0 49 50* Added support for signing method none. You shouldn't use this. The API tries to make this clear. 51* Updated/fixed some documentation 52* Added more helpful error message when trying to parse tokens that begin with `BEARER ` 53 54#### 2.4.0 55 56* Added new type, Parser, to allow for configuration of various parsing parameters 57 * You can now specify a list of valid signing methods. Anything outside this set will be rejected. 58 * You can now opt to use the `json.Number` type instead of `float64` when parsing token JSON 59* Added support for [Travis CI](https://travis-ci.org/dgrijalva/jwt-go) 60* Fixed some bugs with ECDSA parsing 61 62#### 2.3.0 63 64* Added support for ECDSA signing methods 65* Added support for RSA PSS signing methods (requires go v1.4) 66 67#### 2.2.0 68 69* Gracefully handle a `nil` `Keyfunc` being passed to `Parse`. Result will now be the parsed token and an error, instead of a panic. 70 71#### 2.1.0 72 73Backwards compatible API change that was missed in 2.0.0. 74 75* The `SignedString` method on `Token` now takes `interface{}` instead of `[]byte` 76 77#### 2.0.0 78 79There were two major reasons for breaking backwards compatibility with this update. The first was a refactor required to expand the width of the RSA and HMAC-SHA signing implementations. There will likely be no required code changes to support this change. 80 81The second update, while unfortunately requiring a small change in integration, is required to open up this library to other signing methods. Not all keys used for all signing methods have a single standard on-disk representation. Requiring `[]byte` as the type for all keys proved too limiting. Additionally, this implementation allows for pre-parsed tokens to be reused, which might matter in an application that parses a high volume of tokens with a small set of keys. Backwards compatibilty has been maintained for passing `[]byte` to the RSA signing methods, but they will also accept `*rsa.PublicKey` and `*rsa.PrivateKey`. 82 83It is likely the only integration change required here will be to change `func(t *jwt.Token) ([]byte, error)` to `func(t *jwt.Token) (interface{}, error)` when calling `Parse`. 84 85* **Compatibility Breaking Changes** 86 * `SigningMethodHS256` is now `*SigningMethodHMAC` instead of `type struct` 87 * `SigningMethodRS256` is now `*SigningMethodRSA` instead of `type struct` 88 * `KeyFunc` now returns `interface{}` instead of `[]byte` 89 * `SigningMethod.Sign` now takes `interface{}` instead of `[]byte` for the key 90 * `SigningMethod.Verify` now takes `interface{}` instead of `[]byte` for the key 91* Renamed type `SigningMethodHS256` to `SigningMethodHMAC`. Specific sizes are now just instances of this type. 92 * Added public package global `SigningMethodHS256` 93 * Added public package global `SigningMethodHS384` 94 * Added public package global `SigningMethodHS512` 95* Renamed type `SigningMethodRS256` to `SigningMethodRSA`. Specific sizes are now just instances of this type. 96 * Added public package global `SigningMethodRS256` 97 * Added public package global `SigningMethodRS384` 98 * Added public package global `SigningMethodRS512` 99* Moved sample private key for HMAC tests from an inline value to a file on disk. Value is unchanged. 100* Refactored the RSA implementation to be easier to read 101* Exposed helper methods `ParseRSAPrivateKeyFromPEM` and `ParseRSAPublicKeyFromPEM` 102 103#### 1.0.2 104 105* Fixed bug in parsing public keys from certificates 106* Added more tests around the parsing of keys for RS256 107* Code refactoring in RS256 implementation. No functional changes 108 109#### 1.0.1 110 111* Fixed panic if RS256 signing method was passed an invalid key 112 113#### 1.0.0 114 115* First versioned release 116* API stabilized 117* Supports creating, signing, parsing, and validating JWT tokens 118* Supports RS256 and HS256 signing methods