go/httpauth-jwt
2
0
Fork 0
Code Issues Pull Requests Packages Releases 1 Activity
Files
v1.0.0
httpauth-jwt/doc.go

27 lines
1.0 KiB
Go
Raw Permalink Normal View History

fix(httpauth-jwt)!: rename package httpauthjwt, bump httpauth and rbac to v1.0.0 Rename package from jwtauth to httpauthjwt to follow ecosystem convention (repo name = package name, hyphens removed). Bump httpauth dependency from v0.1.0 to v1.0.0 and rbac indirect dependency from v0.9.0 to v1.0.0. BREAKING CHANGE: import path unchanged (code.nochebuena.dev/go/httpauth-jwt) but package identifier changes from jwtauth to httpauthjwt — update all usages accordingly.
2026-05-07 23:51:16 -06:00
// Package httpauthjwt provides self-issued JWT authentication middleware and token
feat(httpauth-jwt): initial release — self-issued JWT auth middleware v1.0.0 Provides AuthMiddleware (calls httpauth.SetTokenData, accepts Verifier or Signer), IssueTokenPair (access + refresh tokens as jwt.MapClaims, custom claims at top level for ClaimsPermissionProvider compatibility), RefreshTokenPair (blacklist check + rotation + re-issue), and Signer/Verifier implementations for HMAC-SHA256 and RSA-SHA256 including PEM loaders and a public-key-only Verifier for read-only microservices.
2026-05-07 22:18:04 -06:00
// management for HTTP services.
//
// It integrates with code.nochebuena.dev/go/httpauth: AuthMiddleware verifies
// Bearer tokens and calls httpauth.SetTokenData, making uid and claims available
// to EnrichmentMiddleware, AuthzMiddleware, and ClaimsPermissionProvider.
//
// Typical flow:
//
// 1. Issue a token pair on login:
//
fix(httpauth-jwt)!: rename package httpauthjwt, bump httpauth and rbac to v1.0.0 Rename package from jwtauth to httpauthjwt to follow ecosystem convention (repo name = package name, hyphens removed). Bump httpauth dependency from v0.1.0 to v1.0.0 and rbac indirect dependency from v0.9.0 to v1.0.0. BREAKING CHANGE: import path unchanged (code.nochebuena.dev/go/httpauth-jwt) but package identifier changes from jwtauth to httpauthjwt — update all usages accordingly.
2026-05-07 23:51:16 -06:00
// signer := httpauthjwt.NewHMACSigner([]byte(os.Getenv("JWT_SECRET")))
// pair, err := httpauthjwt.IssueTokenPair(signer, uid, customClaims, cfg)
feat(httpauth-jwt): initial release — self-issued JWT auth middleware v1.0.0 Provides AuthMiddleware (calls httpauth.SetTokenData, accepts Verifier or Signer), IssueTokenPair (access + refresh tokens as jwt.MapClaims, custom claims at top level for ClaimsPermissionProvider compatibility), RefreshTokenPair (blacklist check + rotation + re-issue), and Signer/Verifier implementations for HMAC-SHA256 and RSA-SHA256 including PEM loaders and a public-key-only Verifier for read-only microservices.
2026-05-07 22:18:04 -06:00
//
// 2. Protect routes:
//
fix(httpauth-jwt)!: rename package httpauthjwt, bump httpauth and rbac to v1.0.0 Rename package from jwtauth to httpauthjwt to follow ecosystem convention (repo name = package name, hyphens removed). Bump httpauth dependency from v0.1.0 to v1.0.0 and rbac indirect dependency from v0.9.0 to v1.0.0. BREAKING CHANGE: import path unchanged (code.nochebuena.dev/go/httpauth-jwt) but package identifier changes from jwtauth to httpauthjwt — update all usages accordingly.
2026-05-07 23:51:16 -06:00
// r.Use(httpauthjwt.AuthMiddleware(signer, publicPaths))
feat(httpauth-jwt): initial release — self-issued JWT auth middleware v1.0.0 Provides AuthMiddleware (calls httpauth.SetTokenData, accepts Verifier or Signer), IssueTokenPair (access + refresh tokens as jwt.MapClaims, custom claims at top level for ClaimsPermissionProvider compatibility), RefreshTokenPair (blacklist check + rotation + re-issue), and Signer/Verifier implementations for HMAC-SHA256 and RSA-SHA256 including PEM loaders and a public-key-only Verifier for read-only microservices.
2026-05-07 22:18:04 -06:00
// r.Use(httpauth.EnrichmentMiddleware(myEnricher))
//
// 3. Rotate tokens on refresh:
//
fix(httpauth-jwt)!: rename package httpauthjwt, bump httpauth and rbac to v1.0.0 Rename package from jwtauth to httpauthjwt to follow ecosystem convention (repo name = package name, hyphens removed). Bump httpauth dependency from v0.1.0 to v1.0.0 and rbac indirect dependency from v0.9.0 to v1.0.0. BREAKING CHANGE: import path unchanged (code.nochebuena.dev/go/httpauth-jwt) but package identifier changes from jwtauth to httpauthjwt — update all usages accordingly.
2026-05-07 23:51:16 -06:00
// newPair, err := httpauthjwt.RefreshTokenPair(ctx, signer, refreshToken, blacklist, cfg, freshClaims)
feat(httpauth-jwt): initial release — self-issued JWT auth middleware v1.0.0 Provides AuthMiddleware (calls httpauth.SetTokenData, accepts Verifier or Signer), IssueTokenPair (access + refresh tokens as jwt.MapClaims, custom claims at top level for ClaimsPermissionProvider compatibility), RefreshTokenPair (blacklist check + rotation + re-issue), and Signer/Verifier implementations for HMAC-SHA256 and RSA-SHA256 including PEM loaders and a public-key-only Verifier for read-only microservices.
2026-05-07 22:18:04 -06:00
//
// For microservices that only verify tokens (not issue them), use NewRSAPublicKeyVerifier
// or NewRSAPublicKeyVerifierFromPEM with the public key only.
fix(httpauth-jwt)!: rename package httpauthjwt, bump httpauth and rbac to v1.0.0 Rename package from jwtauth to httpauthjwt to follow ecosystem convention (repo name = package name, hyphens removed). Bump httpauth dependency from v0.1.0 to v1.0.0 and rbac indirect dependency from v0.9.0 to v1.0.0. BREAKING CHANGE: import path unchanged (code.nochebuena.dev/go/httpauth-jwt) but package identifier changes from jwtauth to httpauthjwt — update all usages accordingly.
2026-05-07 23:51:16 -06:00
package httpauthjwt
Reference in New Issue Copy Permalink