A Library for Signing, Verifying and Decoding Authentication Tokens
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

3.9 KiB

Release Log of KISStokens

v0.3.0 - 2021-06-22

Summary

Version 0.3.0 marks a significant release for KISStokens, as it brings a major API redesign, including extensive refactorings and the introduction of a low-level API in addition to the previous high-level API.

With the introduction of a low-level API, KISStokens gives developers more control over their authentication tokens, while at the same time simplifying the overall design.

Modifications

  • Split up KISStokens into a high-level and low-level API
  • Extensive refactorings
  • Rewrite of unit tests
  • Added badges to README
  • Fixed a typo in release log

v0.2.2 - 2021-06-02

Summary

In this release, KISStokens moved from GitHub to Codeberg.

Modifications

  • The module import path has changed from github.com/lhinderberger/KISStokens to codeberg.org/lhinderberger/KISStokens

v0.2.1 - 2021-05-24

Summary

This release provides minor improvements to v0.2.0, mainly the elimination of the custom error type in favor of idiomatically using Go's standard error interface.

Modifications

  • Eliminated custom error type. Use errors.Is to discriminate between error types instead.
  • Renamed error prefixes from "E" to "Err" to match conventions.
  • Fixed an outdated documentation comment

v0.2.0 - 2021-03-26

Summary

This release marks a large-scale API refactoring with the goal to provide more and clearer information to programmers when using KISSTokens. For example, previously KISSTokens did not return the generated IssuedAt and ExpirationTime fields when signing a token. It instead just returned a string containing the encoded and signed token. This has now been changed - the signing as well as the decoding functions now return instances of the same Token struct type.

There were major breaking changes in this release. Please refer to the list below for details.

Modifications

  • Signing functions now only allow overriding the "iat" (Issued At) claim, but not claims that are set via the Limits struct
  • Revised the Token struct to include all information about an encoded / decoded KISStoken and changed its interface to make it less mutable
  • Changed the signing methods to return a Token struct instead of only the encoded token string
  • Dropped the Header struct in favor of the revised Token struct
  • Dropped the OptionalTime struct in favor of time.Time's zero / uninitialized value
  • Claims now retains the original values of "nbf", "iat" and "exp" on decoding
  • Timestamps will be normalized to UTC and truncated to seconds when signing and decoding
  • Dropped the Signer and VerifiedDecoder interfaces as they were adding unnecessary complexity
  • Moved all public declarations to a central file called library.go, non-trivial implementations stay in their individual *.go-files. This way, a birds-eye view of the library can be gained by simply browsing the library.go file, without any special tooling.
  • Updated examples in README

v0.1.1 - 2021-02-08

Summary

This is a patch release that fixes package and type naming issues.

Modifications

  • Changed package name from kisstokens to KISStokens in order for it to be consistent with the module import path github.com/lhinderberger/KISStokens. Although this now breaks package naming convention, it is the lesser evil than either renaming the module, given that the library has already been released and indexed at pkg.go.dev (which has case-sensitive package paths) or leaving it unchanged in its current, confusing and counter-intuitive state of having one spelling for the import path and another for the package name.
  • Renamed the KISStoken struct to Token to avoid name stutter.

v0.1.0 - 2021-02-07

Summary

This is the initial 0.x release of KISStokens. As a Minimum Viable Product, it contains the essential feature set for signing and verifying tokens as well as basic unit tests for all code paths, except for fail-safe error handlers that should be practically impossible to reach.