Added

• Bump Go version to 1.23 and update example dependencies #328 (developerkunal)
• [GH-288] Add Support for WithSynchronousRefresh Option in CachingProvider for Blocking/Non-Blocking Key Refresh #314 (developerkunal)
• SDK-5703 [GH-283] Add support for exclusion URLs in JWT middleware #319 (developerkunal)

Fixed

• fix(oidc): Validate HTTP response status and improve error messaging in OIDC (#308) #316 (developerkunal)

Security

• Bump gopkg.in/go-jose/go-jose.v2 from 2.6.2 to 2.6.3 #258 (dependabot[bot])

Security

• Bump golang.org/x/crypto from 0.4.0 to 0.17.0 #234 (dependabot[bot])
• Bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.2 #229 (dependabot[bot])

Added

• add echo example #208 (mehulgohil)
• added example for iris web framework #199 (mehulgohil)

Changed

• ESD-32688: Improve locking and blocking associated with key retrieval #225 (ewanharris)
• Replace deprecated pkg/errors in favor of Go's standard library #189 (molaga)
• Replace square/go-jose with go-jose/go-jose #188 (sergiught)
• Fail to instantiate validator when audience is an empty string #183 (sergiught)

Added

• Allow setting a custom http.Client on the jwks.Provider (#151)
• Add example tests (#157)
• Add example for the gin web framework (#175)

Fixed

• Fix CookieTokenExtractor to not throw error when no cookie present (#172)
• Fix panic threat when using type-cast for customClaims in validator (#165)
• Fix authentication error when setting multiple audiences on validator (#176)

Security

• Update Crypto dependency (#146)

BEFORE YOU UPGRADE

• This is a major release that includes breaking changes. Please see MIGRATION_GUIDE before
  upgrading. This release will require changes to your application.

Added

• Use github.com/pkg/errors (#98)
• Add a migration guide (#99)
• Add cookie token extractor (#93, #63)
• Add token validator using square/go-jose.v2 (#84, #81, #79, #74, #53)
• Add allowed signing algorithms in validator (#128)
• Add issuer and audience as required params in validator (#119)
• Add support for jwks

Changed

• Update docs (#72)
• Reorganize imports across the project
• Reorder fields to use less memory
• Split jwtmiddleware into multiple files

Breaking

• Simplify JWT library functionality into an interface (#77)
• Rename Claims to RegisteredClaims in validator pkg
• Refactor main middleware (#90, #51, #51)
• Write back error messages on DefaultErrorHandler

Fixed

• Fix code smells and code style

Changed

• Improved how we pass CustomClaims to Validator for concurrent scenarios (#134)
  • Special thanks to @jessiaA for helping with this!

BEFORE YOU UPGRADE

• This is a major release that includes breaking changes. Please see MIGRATION_GUIDE before
  upgrading. This release will require changes to your application.

Added

• Use github.com/pkg/errors (#98)
• Add a migration guide (#99)
• Add cookie token extractor (#93, #63)
• Add token validator using square/go-jose.v2 (#84, #81, #79, #74, #53)
• Add allowed signing algorithms in validator (#128)
• Add issuer and audience as required params in validator (#119)
• Add support for jwks

Changed

• Update docs (#72)
• Reorganize imports across the project
• Reorder fields to use less memory
• Split jwtmiddleware into multiple files

Breaking

• Simplify JWT library functionality into an interface (#77)
• Rename Claims to RegisteredClaims in validator pkg
• Refactor main middleware (#90, #51, #51)
• Write back error messages on DefaultErrorHandler

Fixed

• Fix code smells and code style

This release isolates example-only dependencies so you have to import less things. Thanks to @liggitt for the work on this.