Releases · pomerium/sdk-go

07 Jul 16:41

kenjenkins

v0.0.9 Latest

Latest

This release contains improvements to JWT verification and ease of use.

Improvements

Verifier.GetIdentity() will now validate JWT timestamps (iat and exp) against the current time by default. (Previously these timestamps were validated only if a fixed time was provided in the Expected field of the Options struct.)
New() will now provide a default JSONWebKeyStore implementation. (Previously it was required to supply an implementation of this interface.) The default implementation uses an in-memory LRU cache with a small fixed capacity, and should be sufficient for most Pomerium deployments. (The common case involves just one JWT signing key, or two during signing key rotation.)
The Identity struct now includes a field for the Name claim.

This release upgrades the go-jose module from gopkg.in/square/go-jose.v2 to github.com/go-jose/go-jose/v3. As the exported API incorporates some types from this library, any clients using these types will also need to import the new module version.
The definition of the JSONWebKeyStore interface has changed: the key type is now string and the value type is now *jose.JSONWebKey.

Upgrading from v0.0.8:

To set the Expected field in the Options struct (and you should set at least Audience and Issuer here), you will now need to import the package "github.com/go-jose/go-jose/v3/jwt" instead of "gopkg.in/square/go-jose.v2/jwt".
The Datastore field in the Options struct can now be left unset, if the default JSONWebKeyStore implementation is sufficient for your needs. Otherwise, you will need to update your JSONWebKeyStore implementation to conform to the new interface definition.

remove unused test case fields by @kenjenkins in #87
Always validate JWT timestamps by @kenjenkins in #92
build(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 by @dependabot in #89
specify JSONWebKeyStore more precisely by @kenjenkins in #95
provide default Datastore implementation by @kenjenkins in #91
add Name field to the Identity struct by @kenjenkins in #96
remove golangci-lint dependencies by @kenjenkins in #97
update dependabot by @calebdoxsey in #98
build(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.3 to 2.0.4 by @dependabot in #100

Full Changelog: v0.0.8...v0.0.9

calebdoxsey, dependabot, and kenjenkins

Assets 2

28 Apr 18:04

calebdoxsey

v0.0.8: update error messages (#82)

* update error message

* fix tests

Assets 2

29 Nov 17:48

calebdoxsey

v0.0.7

jwks: ignore invalid keys (#58)

Assets 2

19 Jan 18:59

calebdoxsey

v0.0.6

chore(deps): update codecov/codecov-action action to v1.3.0 by @renovate in #5
chore(deps): update codecov/codecov-action action to v1.3.1 by @renovate in #6
chore(deps): update codecov/codecov-action action to v1.3.2 by @renovate in #7
chore(deps): update codecov/codecov-action action to v1.4.0 by @renovate in #8
chore(deps): update codecov/codecov-action action to v1.4.1 by @renovate in #9
chore(deps): update codecov/codecov-action action to v1.5.0 by @renovate in #10
fix(deps): update module gopkg.in/square/go-jose.v2 to v2.6.0 by @renovate in #12
dep: update go-jose to v3 by @desimone in #14
chore(deps): update codecov/codecov-action action to v2 by @renovate in #15
fix(deps): update module github.com/go-jose/go-jose/v3 to v3.0.0 by @renovate in #17
chore(deps): update codecov/codecov-action action to v2.0.2 by @renovate in #16
chore(deps): update actions/checkout action to v2.3.5 by @renovate in #20
chore(deps): update codecov/codecov-action action to v2.1.0 by @renovate in #18
Migrate to verify repo by @travisgroth in #22
chore(deps): update actions/checkout action to v2.4.0 by @renovate in #23
jwks: extract fetch method, add encode function by @calebdoxsey in #24
verifier: fix issuers with ports by @calebdoxsey in #25
tests: fix cover make target, fix linting by @calebdoxsey in #26