v3.2.0

[3.2.0] - 2024-02-29

Changed

• Expose invalid claims #94

Full Changelog: https://github.com/rokwire/core-auth-library-go/blob/main/CHANGELOG.md

v3.1.0

[3.1.0] - 2023-08-30

Added

• Add username field to token claims #91

Full Changelog: https://github.com/rokwire/core-auth-library-go/blob/main/CHANGELOG.md

v3.0.1

[3.0.1] - 2023-03-16

Fixed

• Mismatching token signing algorithms do not trigger service reg refresh #88

Full Changelog: https://github.com/rokwire/core-auth-library-go/blob/main/CHANGELOG.md

Migration steps

Follow the steps below to upgrade to the associated version of this library. Note that the steps for each version are cumulative, so if you are attempting to upgrade by several versions, be sure to make the changes described for each version between your current version and the latest.

3.0.1

Breaking changes

handlers

• All tokenauth.Handler types are now expected to be pointers.

authservice

• NewServiceRegManager now takes a validate bool argument that determines whether or not the service registration for the caller should be automatically validated.

v3.0.0

[3.0.0] - 2023-03-09

Added

• BREAKING: Encapsulate key management #76
• BREAKING: Add webauth package for web apps #83
• Claims can access resource function #85

Full Changelog: https://github.com/rokwire/core-auth-library-go/blob/main/CHANGELOG.md

Migration steps

Follow the steps below to upgrade to the associated version of this library. Note that the steps for each version are cumulative, so if you are attempting to upgrade by several versions, be sure to make the changes described for each version between your current version and the latest.

3.0.0

Breaking changes

authservice

• ServiceRegManager.ValidateServiceRegistrationKey now takes a *keys.PrivKey as an argument instead of *rsa.PrivateKey.
• PubKey has been moved into the new keys package.

authutils

• GetKeyFingerprint has been removed and now exists as SetKeyFingerprint as a function on keys.PubKey.
• GetPubKeyPem has been removed and now exists as Encode as a function on keys.PubKey.

sigauth

• SignatureAuth.CheckSignature now takes a *keys.PubKey as an argument instead of *rsa.PublicKey.
• SignatureAuth.CheckRequestSignature now takes a *keys.PubKey as an argument instead of *rsa.PublicKey.
• GetRequestDigest now takes an alg string argument to specify which hash algorithm to use to compute the digest
• The SignatureAuthHeader algorithm check has been removed from CheckRequest, which has also been renamed to ParseRequestSignature. This better reflects that the function should be used to parse HTTP requests. The algorithm check has been moved to CheckParsedRequestSignature.

tokenauth

• TokenAuth.ValidateCsrfTokenClaims has been removed, as the tokenauth package is no longer used to handle CSRF tokens, and these tokens are now opaque.
• TokenAuth.GetRequestTokens has been renamed to TokenAuth.GetAccessToken and now only returns an access token found in the Authorization header of a request.
• TokenAuth.CheckRequestTokens has been renamed to TokenAuth.CheckRequestToken because now only the access token is checked.

v2.2.0

[2.2.0] - 2022-11-23

Added

• Function param on base token auth handlers #79

Fixed

• Empty request body on refresh service token in makeRequest #77

Full Changelog: https://github.com/rokwire/core-auth-library-go/blob/main/CHANGELOG.md

v2.1.0

[2.1.0] - 2022-11-16

Added

• Define TokenAuthHandlers #73

Full Changelog: https://github.com/rokwire/core-auth-library-go/blob/main/CHANGELOG.md

v2.0.3

Added

• Scope utility functions #70

Full Changelog: https://github.com/rokwire/core-auth-library-go/blob/main/CHANGELOG.md

v2.0.2

[2.0.2] - 2022-08-18

Added

• Automate tests #4

Changed

• Expose Request parsing functions #65

Full Changelog: https://github.com/rokwire/core-auth-library-go/blob/main/CHANGELOG.md

v2.0.1

BREAKING

This release includes breaking changes. Please see the "Migration steps' below for instructions on upgrading to this version.

[2.0.1] - 2022-06-15

Changed

• Update documentation #62
• BREAKING: Service ID used as key ID in signatures #49
• BREAKING: Handle service account access tokens #35
• BREAKING: Add description to permission authorization policy model #57
• Update documentation to reflect process for breaking changes and deprecations #54
• BREAKING: Split AuthDataLoader interface #36

Added

• Add service account unit tests #59

Migration steps

Follow the steps below to upgrade to the associated version of this library. Note that the steps for each version are cumulative, so if you are attempting to upgrade by several versions, be sure to make the changes described for each version between your current version and the latest.

v2.0.0

Breaking changes

authservice

• The AuthDataLoader interface has been removed and the AuthService type has been refactored to contain basic configuration data needed to communicate with the ROKWIRE Auth Service.
• The ServiceRegManager type has been added. To create a ServiceRegManager, a ServiceRegLoader must be created. The ServiceRegLoader is used to load service registration records retrieved from the ROKWIRE Auth Service, which are managed by the ServiceRegManager.
• The ServiceAccountManager and ServiceAccountLoader types have been added. To create a ServiceAccountManager, a ServiceAccountLoader must be created. The ServiceAccountLoader is used to load access tokens from the ROKWIRE Auth Service, where the implementing service must hold an account. These access tokens are managed by the ServiceAccountManager.
• The Kid field in PubKey is now called KeyID.

See above for an example of how to create instances of these types to interact with a remote ROKWIRE Auth Service.

coreservice

• The coreservice package has been added. It declares the CoreService type, which is used to interface with services on the Core Building Block.
• All deleted account-related functionality previously used by the AuthDataLoader interface has been moved to the coreservice package.

sigauth

• The KeyId field in SignatureAuthHeader is now called KeyID, and it contains the SHA256 fingerprint of the signing service's public key instead of the signing service ID.
• Signed requests reflect this change, and checking signed requests requires the KeyID matches the public key fingerprint of a provided list of service registrations.

String Casbin Authorization Policy Model

A "description" (descr) parameter has been added to the Casbin string authorization policy model. This allows a description of each permission to be provided inline within the authorization policies. This change means that all Casbin string authorization policies (eg. permission policies) must be updated to include an additional column for this description.

See example/token/permissions_authorization_policy.csv for an example of the new policy format.

Note: While this new column must exist, it will not impact the actual authorization policy and may be left empty if appropriate.

Full Changelog: https://github.com/rokwire/core-auth-library-go/blob/main/CHANGELOG.md

v1.0.9

Fixed

• Service token is required to create RemoteAuthDataLoaderImpl #50

Full Changelog: https://github.com/rokwire/core-auth-library-go/blob/main/CHANGELOG.md