v4.4.3

What's Changed

• fix: link update for README.md for v4 by @krokite in #217
• Implement a BearerExtractor by @WhyNotHugo in #226
• Bump matrix to support latest go version (go1.19) by @mfridman in #231
• Include https://github.com/golang-jwt/jwe in README by @oxisto in #229
• Add doc comment to ParseWithClaims by @jkopczyn in #232
• Refactor: removed the unneeded if statement by @Krout0n in #241
• No pointer embedding in the example by @oxisto in #255

New Contributors

• @krokite made their first contribution in #217
• @WhyNotHugo made their first contribution in #226
• @jkopczyn made their first contribution in #232
• @Krout0n made their first contribution in #241

Full Changelog: v4.4.2...v4.4.3

v4.4.2

What's Changed

• Added MicahParks/keyfunc to extensions by @oxisto in #194
• Update link to v4 on pkg.go.dev page by @polRk in #195
• add installation guidelines to the README file by @morelmiles in #204
• chore: replace ioutil with io and os by @estensen in #198
• CI check for Go code formatting by @mfridman in #206
• Create SECURITY.md by @mfridman in #171
• Update SECURITY.md by @oxisto in #207
• Fixed integer overflow in NumericDate.MarshalJSON by @qqiao in #200
• Claims in rsa_test.go Table Driven Test are Unused by @gkech in #212

New Contributors

• @polRk made their first contribution in #195
• @morelmiles made their first contribution in #204
• @estensen made their first contribution in #198
• @qqiao made their first contribution in #200
• @gkech made their first contribution in #212

Full Changelog: v4.4.1...v4.4.2

v4.4.1

What's Changed

• Add go1.18 to ci pipeline by @mfridman in #173
• Revert "feat: port clockskew support (#139)" by @mfridman in #184

Note, this release contains a Go module retraction for a prior release v4.4.0:

retract (
    v4.4.0 // Contains a backwards incompatible change to the Claims interface.
)

Full Changelog: v4.4.0...v4.4.1

v4.4.0

What's Changed

• fix: expired token error message by @ydylla in #165
• feat: port clockskew support by @ksegun in #139

New Contributors

• @ydylla made their first contribution in #165
• @ksegun made their first contribution in #139

Full Changelog: v4.3.0...v4.4.0

v4.3.0

What's Changed

• Support errors.Is for token extractors by @stefantds in #141
• Implementing Is(err) bool to support Go 1.13 style error checking by @oxisto in #136
• remove unnecessary for loop in token signing string for readability by @hyeonjae in #34
• updated README.md to contain more extensions by @matelang in #155
• Add JWT logo attribution by @mfridman in #161
• fix: fixed typo detect by cSpell by @giautm in #164
• Set json encoding precision by @mfridman in #162

New Contributors

• @stefantds made their first contribution in #141
• @hyeonjae made their first contribution in #34
• @matelang made their first contribution in #155
• @giautm made their first contribution in #164

Full Changelog: v4.2.0...v4.3.0

v4.2.0

• Fix the comment of VerifyExpiresAt (#109) @shogo82148
• Introducing functional-style options for the Parser type (#108) @oxisto
• Improve code comments, including security consideration (#107) @sebastien-rosset
• Fix int64 overflow in newNumericDateFromSeconds (#112) @PiotrKozimor
• Fixes jwt command to support EdDSA algorithm (#118) @AlexanderYastrebov
• Revert Encoding/Decoding changes for better compatibility (#117) @ajermaky
• Allow none algorithm in jwt command (#121) @AlexanderYastrebov
• Unwrap for ValidationError (#125) @kdeberk
• cmd: list supported algorithms (-alg flag) (#123) @AlexanderYastrebov
• Added VerifyIssuer method to RegisteredClaims (#130) @tfonfara

v4.1.0

• Adds support for go1.17 (#89).
• Adds RFC7519-compliant RegisteredClaims struct (#15). Use this instead of StandardClaims (deprecated but not removed).
• Adds generic crypto.Signer for ed25519.PublicKey (#95).
• Adds regular code scanning (#101).
• Corrects "exp" logic to conform to https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.4 (#86).
• Adds additional parsing tests (#106).
• Changed error string (#97).
• Various Code fixes and cleanup (#53, #83, #102, #103).

v4.0.0

• Adds Go module support (#41). You can import this package using the following import path:

github.com/golang-jwt/jwt/v4

This release, and any future /v4 work is intended to be backwards-compatible with existing v3.x.y tags.

See the migration guide for more details.

v3.2.2

• Starting from this release, we are adopting the policy to support the most 2 recent versions of Go currently available. By the time of this release, this is Go 1.15 and 1.16 (#28).
• Fixed a potential issue that could occur when the presence of exp, iat or nbf was not required for verification and contained invalid contents, i.e. non-numeric/date. Thanks for @thaJeztah for making us aware of that and @giorgos-f3 for originally reporting it to the formtech fork (#40).
• Added support for EdDSA / ED25519 (#36).
• Optimized allocations (#33).

v3.2.1

• Import Path Change: See MIGRATION_GUIDE.md for tips on updating your code
  • Changed the import path from github.com/dgrijalva/jwt-go to github.com/golang-jwt/jwt
• Fixed type confusion issue between string and []string in VerifyAudience (#12). This fixes CVE-2020-26160