v3.0.0

[3.0.0] - 2023-03-09

Added

• BREAKING: Encapsulate key management #76
• BREAKING: Add webauth package for web apps #83
• Claims can access resource function #85

Full Changelog: https://github.com/rokwire/core-auth-library-go/blob/main/CHANGELOG.md

Migration steps

Follow the steps below to upgrade to the associated version of this library. Note that the steps for each version are cumulative, so if you are attempting to upgrade by several versions, be sure to make the changes described for each version between your current version and the latest.

3.0.0

Breaking changes

authservice

• ServiceRegManager.ValidateServiceRegistrationKey now takes a *keys.PrivKey as an argument instead of *rsa.PrivateKey.
• PubKey has been moved into the new keys package.

authutils

• GetKeyFingerprint has been removed and now exists as SetKeyFingerprint as a function on keys.PubKey.
• GetPubKeyPem has been removed and now exists as Encode as a function on keys.PubKey.

sigauth

• SignatureAuth.CheckSignature now takes a *keys.PubKey as an argument instead of *rsa.PublicKey.
• SignatureAuth.CheckRequestSignature now takes a *keys.PubKey as an argument instead of *rsa.PublicKey.
• GetRequestDigest now takes an alg string argument to specify which hash algorithm to use to compute the digest
• The SignatureAuthHeader algorithm check has been removed from CheckRequest, which has also been renamed to ParseRequestSignature. This better reflects that the function should be used to parse HTTP requests. The algorithm check has been moved to CheckParsedRequestSignature.

tokenauth

• TokenAuth.ValidateCsrfTokenClaims has been removed, as the tokenauth package is no longer used to handle CSRF tokens, and these tokens are now opaque.
• TokenAuth.GetRequestTokens has been renamed to TokenAuth.GetAccessToken and now only returns an access token found in the Authorization header of a request.
• TokenAuth.CheckRequestTokens has been renamed to TokenAuth.CheckRequestToken because now only the access token is checked.