v2.0.1
BREAKING
This release includes breaking changes. Please see the "Migration steps' below for instructions on upgrading to this version.
[2.0.1] - 2022-06-15
Changed
- Update documentation #62
- BREAKING: Service ID used as key ID in signatures #49
- BREAKING: Handle service account access tokens #35
- BREAKING: Add description to permission authorization policy model #57
- Update documentation to reflect process for breaking changes and deprecations #54
- BREAKING: Split AuthDataLoader interface #36
Added
- Add service account unit tests #59
Migration steps
Follow the steps below to upgrade to the associated version of this library. Note that the steps for each version are cumulative, so if you are attempting to upgrade by several versions, be sure to make the changes described for each version between your current version and the latest.
v2.0.0
Breaking changes
authservice
- The
AuthDataLoader
interface has been removed and theAuthService
type has been refactored to contain basic configuration data needed to communicate with the ROKWIRE Auth Service. - The
ServiceRegManager
type has been added. To create aServiceRegManager
, aServiceRegLoader
must be created. TheServiceRegLoader
is used to load service registration records retrieved from the ROKWIRE Auth Service, which are managed by theServiceRegManager
. - The
ServiceAccountManager
andServiceAccountLoader
types have been added. To create aServiceAccountManager
, aServiceAccountLoader
must be created. TheServiceAccountLoader
is used to load access tokens from the ROKWIRE Auth Service, where the implementing service must hold an account. These access tokens are managed by theServiceAccountManager
. - The
Kid
field inPubKey
is now calledKeyID
.
See above for an example of how to create instances of these types to interact with a remote ROKWIRE Auth Service.
coreservice
- The
coreservice
package has been added. It declares theCoreService
type, which is used to interface with services on the Core Building Block. - All deleted account-related functionality previously used by the
AuthDataLoader
interface has been moved to thecoreservice
package.
sigauth
- The
KeyId
field inSignatureAuthHeader
is now calledKeyID
, and it contains the SHA256 fingerprint of the signing service's public key instead of the signing service ID. - Signed requests reflect this change, and checking signed requests requires the
KeyID
matches the public key fingerprint of a provided list of service registrations.
String Casbin Authorization Policy Model
A "description" (descr
) parameter has been added to the Casbin string authorization policy model. This allows a description of each permission to be provided inline within the authorization policies. This change means that all Casbin string authorization policies (eg. permission policies) must be updated to include an additional column for this description.
See example/token/permissions_authorization_policy.csv for an example of the new policy format.
Note: While this new column must exist, it will not impact the actual authorization policy and may be left empty if appropriate.
Full Changelog: https://github.com/rokwire/core-auth-library-go/blob/main/CHANGELOG.md