Releases: MicahParks/keyfunc
Expose HTTP client as an option
The purpose of this release is to expose an option to override the *http.DefaultClient.
Relevant pull requests:
Ignore unsupported keys by default
The purpose of this release is to ignore unsupported keys in a JWK Set by default.
Relevant issues:
Relevant pull requests:
HTTPTimeout override
c023fc8
MicahParks
Micah Parks
The purpose of this release is to expose the HTTPTimeout override.
This modified the HTTP client behavior in the jwkset project.
Relevant pull requests:
Return all when no key ID
The purpose of this release is to return all keys for JWT for signature verification when the token has no key ID, kid, header. This is enabled by the jwt.VerificationKeySet feature.
This should allow use cases that do not use the without the kid to use this project.
Relevant issues:
Relevant pull requests:
Override defaults
The purpose of this release is to add the NewDefaultOverrideCtx function, which allows for defaults to be overridden.
Package users should now be able to turn JWK Set validation off as well as change other default behaviors.
Relevant issues:
Relevant pull requests:
Allow for user provided ctx during parse
The purpose of this release is to add a new method, .KeyfuncCtx.
This new method accepts a context.Context, then returns a jwt.Keyfunc. This user provided context.Context is used during JWK lookup in the github.com/MicahParks/jwkset package when parsing JWTs. Passing a request scoped context allows the JWT parsing and JWK retrieval to cancel according to the given context.Context behavior instead of the default context.Context, which was provided at keyfunc.Keyfunc initialization.
In practice, this is used to prevent situations where many JWTs with kid not in a remote JWK Set are attempting to be parsed over a long period of time.
Relevant issues:
Relevant pull requests:
Wrap errors where appropriate
The purpose of this pull request is to wrap errors with errors.Join where appropriate.
Relevant issues:
Relevant pull requests:
Automatic unknown key ID refresh
The purpose of this release is to update the jwkset dependency so that the refresh on unknown key ID feature is available by default.
See:
https://github.com/MicahParks/jwkset/releases/tag/v0.5.6
Related pull requests:
Related issues:
X.509 Thumbprint bug fix
JWK Sets have two X.509 thumbprint parameters that are optional. A bug in github.com/MicahParks/jwkset made these parameters required in circumstances that affect the keyfunc project. This release updates this dependency to the latest version.
Thank you, @joshkaplinsky, for reporting this bug!
Please see the below release for details:
https://github.com/MicahParks/jwkset/releases/tag/v0.5.5
Contributors
Assets 2
V3 simplify API by using github.com/MicahParks/jwkset
This upgrade removes most of the code in this repository and outsources JWK and JWK Set related code to the updated github.com/MicahParks/jwkset package. The exported assets from the keyfunc project has been vastly reduced as well, with the intention of making it easier to use for the majority of use cases.
Note
A superset of features from V1 and V2 is available.