Skip to content

v1.0.0 Stable Release
Compare
Choose a tag to compare
@MicahParks MicahParks released this 06 Dec 14:24
v1.0.0
a7636b7
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

The API is now stabilized and I intend on avoiding a /v2 release. (But one might be required if there is another major github.com/golang-jwt/jwt release.)

Here are a list of changes since v0.10.0:

  • Breaking change by renaming keyfunc.JWKs to keyfunc.JWKS. Renamed other instances of JWKs to JWKS.
  • Breaking change that makes keyfunc.Options a required, non-variadic, argument. (An empty struct is still valid.)
  • Only recomputing the JWKS when the remote resources changes.
  • EdDSA with an ed25519 curve is now supported. (ed448 is not).
  • JWTs are marked compatible by kty header value, not alg.
  • Remote oct key types, including HMAC, are not supported. (Still supported through given keys.)
  • When a JWKS is read, all keys are precomputed or ignored.
  • A map[string]interface{} can be returned. The map key is a key ID, kid, to cryptographic keys from the JWKS. It is intended to be read-only.

An important note is that key parsing now depends on the kty header value. This header value is required by the RFC whereas the previous alg value is optional in a JWK Set.

Assets 2
Loading