Skip to content

Release v3.0.0-beta.0 #367

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
developerkunal merged 4 commits into from
Jan 9, 2026
Merged

Release v3.0.0-beta.0 #367

developerkunal merged 4 commits into from
Jan 9, 2026

Conversation

@developerkunal
Copy link
Contributor

@developerkunal developerkunal commented Jan 9, 2026

BEFORE YOU UPGRADE

  • This is a major release that includes breaking changes. Please see MIGRATION_GUIDE.md before upgrading. This release will require changes to your application.

Added

  • Pure options pattern for validator, middleware, and JWKS provider (#357, #358, #360)
  • DPoP (Demonstrating Proof-of-Possession) support per RFC 9449 (#363)
  • Framework-agnostic core package for reusable validation logic (#356)
  • Type-safe claims retrieval with generics (GetClaims[T](), MustGetClaims[T](), HasClaims())
  • Structured logging support compatible with log/slog
  • Support for 14 signature algorithms (HS256/384/512, RS256/384/512, PS256/384/512, ES256/384/512, ES256K, EdDSA)
  • Enhanced error responses with RFC 6750 compliance
  • Trusted proxy configuration for DPoP behind reverse proxies
  • Multiple issuer and audience support with new APIs
  • Documentation and linting configuration (#361)

Changed

  • Migrated from square/go-jose to lestrrat-go/jwx v3 (#358)
  • Module path updated to github.com/auth0/go-jwt-middleware/v3 (#355)
  • Minimum Go version updated to 1.24 (#355)
  • Update examples for v3 module path and new APIs

Breaking

  • Pure options pattern: All constructors (New()) now require functional options instead of positional parameters
  • Context key: ContextKey{} is no longer exported - use GetClaims[T]() helper function
  • Custom claims now use generics for type safety
  • TokenExtractor returns ExtractedToken (with scheme) instead of string
  • Type naming: ExclusionUrlHandler renamed to ExclusionURLHandler

Migration Example

v2:

// Validator with positional parameters
jwtValidator, err := validator.New(
    keyFunc,
    validator.RS256,
    "https://issuer.example.com/",
    []string{"my-api"},
)

// Middleware
middleware := jwtmiddleware.New(jwtValidator.ValidateToken)

// Claims access via context key
claims := r.Context().Value(jwtmiddleware.ContextKey{}).(*validator.ValidatedClaims)

v3:

// Validator with pure options
jwtValidator, err := validator.New(
    validator.WithKeyFunc(keyFunc),
    validator.WithAlgorithm(validator.RS256),
    validator.WithIssuer("https://issuer.example.com/"),
    validator.WithAudience("my-api"),
)

// Middleware with options
middleware, err := jwtmiddleware.New(
    jwtmiddleware.WithValidator(jwtValidator),
)

// Type-safe claims with generics
claims, err := jwtmiddleware.GetClaims[*validator.ValidatedClaims](r.Context())

See MIGRATION_GUIDE.md for complete migration instructions.

@developerkunal
chore: prepare v3.0.0-beta.0 release
eb0a8a0 
  - Update CHANGELOG.md with v3.0.0-beta.0 release notes
  - Add migration example showing v2 vs v3 usage
  - Update .version to v3.0.0-beta.0
@developerkunal
docs: fix migration guide filename in README
e53ba3b 
- Update MIGRATION.md references to MIGRATION_GUIDE.md
Copilot AI review requested due to automatic review settings January 9, 2026 08:41
@developerkunal developerkunal requested a review from a team as a code owner January 9, 2026 08:41
@codecov-commenter
Copy link

codecov-commenter commented Jan 9, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (v3@42333f2). Learn more about missing BASE report.

Additional details and impacted files 
@@          Coverage Diff          @@
##             v3     #367   +/-   ##
=====================================
  Coverage      ?   96.55%           
=====================================
  Files         ?       18           
  Lines         ?     1508           
  Branches      ?        0           
=====================================
  Hits          ?     1456           
  Misses        ?       34           
  Partials      ?       18

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@developerkunal
chore: update dependencies to latest versions
fa291c1 
- github.com/goccy/go-json v0.10.3 => v0.10.5
- github.com/lestrrat-go/httprc/v3 v3.0.1 => v3.0.3
- github.com/valyala/fastjson v1.6.4 => v1.6.7
- golang.org/x/crypto v0.45.0 => v0.46.0
- golang.org/x/sys v0.38.0 => v0.40.0
Copilot AI reviewed Jan 9, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR prepares the v3.0.0-beta.0 release, updating version metadata and fixing documentation references. The release represents a major version upgrade with breaking changes including a pure options pattern, migration to lestrrat-go/jwx v3, and type-safe claims retrieval with generics.

Key Changes:

  • Updated version number from v2.3.1 to v3.0.0-beta.0
  • Added comprehensive v3.0.0-beta.0 release notes to CHANGELOG.md
  • Fixed incorrect migration guide references from MIGRATION.md to MIGRATION_GUIDE.md

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
.version Updated version number from v2.3.1 to v3.0.0-beta.0
CHANGELOG.md Added v3.0.0-beta.0 release entry with detailed breaking changes, additions, and migration examples
README.md Fixed migration guide reference from incorrect MIGRATION.md to correct MIGRATION_GUIDE.md

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@developerkunal
ci: update GitHub Actions to latest versions
8b6f962 
- actions/checkout v5 => v6 (except govulncheck, kept at v5 to avoid auth conflict)
- actions/setup-go v6 => v6.1.0
- codecov/codecov-action 5.5.1 => 5.5.2
- golangci/golangci-lint-action v9.1.0 => v9.2.0
@developerkunal developerkunal merged commit 7fa93b1 into v3 Jan 9, 2026
6 checks passed
@developerkunal developerkunal deleted the release/v3.0.0-beta.0 branch January 9, 2026 09:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@duedares-rvj duedares-rvj duedares-rvj approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@developerkunal @codecov-commenter @duedares-rvj