v3.0.0
[3.0.0] - 2023-03-09
Added
- BREAKING: Encapsulate key management #76
- BREAKING: Add webauth package for web apps #83
- Claims can access resource function #85
Full Changelog: https://github.com/rokwire/core-auth-library-go/blob/main/CHANGELOG.md
Migration steps
Follow the steps below to upgrade to the associated version of this library. Note that the steps for each version are cumulative, so if you are attempting to upgrade by several versions, be sure to make the changes described for each version between your current version and the latest.
3.0.0
Breaking changes
authservice
ServiceRegManager.ValidateServiceRegistrationKey
now takes a*keys.PrivKey
as an argument instead of*rsa.PrivateKey
.PubKey
has been moved into the newkeys
package.
authutils
GetKeyFingerprint
has been removed and now exists asSetKeyFingerprint
as a function onkeys.PubKey
.GetPubKeyPem
has been removed and now exists asEncode
as a function onkeys.PubKey
.
sigauth
SignatureAuth.CheckSignature
now takes a*keys.PubKey
as an argument instead of*rsa.PublicKey
.SignatureAuth.CheckRequestSignature
now takes a*keys.PubKey
as an argument instead of*rsa.PublicKey
.GetRequestDigest
now takes analg string
argument to specify which hash algorithm to use to compute the digest- The
SignatureAuthHeader
algorithm check has been removed fromCheckRequest
, which has also been renamed toParseRequestSignature
. This better reflects that the function should be used to parse HTTP requests. The algorithm check has been moved toCheckParsedRequestSignature
.
tokenauth
TokenAuth.ValidateCsrfTokenClaims
has been removed, as the tokenauth package is no longer used to handle CSRF tokens, and these tokens are now opaque.TokenAuth.GetRequestTokens
has been renamed toTokenAuth.GetAccessToken
and now only returns an access token found in theAuthorization
header of a request.TokenAuth.CheckRequestTokens
has been renamed toTokenAuth.CheckRequestToken
because now only the access token is checked.