jwt/VERSION_HISTORY.md

## `jwt-go` Version History

#### 3.0.0

* Dropped support for `[]byte` keys when using RSA signing methods.  This convenience feature could contribute to security vulnerabilities involving mismatched key types with signing methods.
* Added `Claims` interface type to allow users to decode the claims into a custom type
* The `Claims` property on `Token` is now type `Claims` instead of `map[string]interface{}`.  The default value is type `MapClaims`, which is an alias to `map[string]interface{}`.  This makes it possible to use a custom type when decoding claims.
* Added `ParseWithClaims`, which takes a third argument of type `Claims`.  Use this function instead of `Parse` if you have a custom type you'd like to decode into.

#### 2.5.0

This will likely be the last backwards compatible release before 3.0.0.

* Added support for signing method none.  You shouldn't use this.  The API tries to make this clear.
* Updated/fixed some documentation
* Added more helpful error message when trying to parse tokens that begin with `BEARER `

#### 2.4.0

* Added new type, Parser, to allow for configuration of various parsing parameters
	* You can now specify a list of valid signing methods.  Anything outside this set will be rejected.
	* You can now opt to use the `json.Number` type instead of `float64` when parsing token JSON
* Added support for [Travis CI](https://travis-ci.org/dgrijalva/jwt-go)
* Fixed some bugs with ECDSA parsing

#### 2.3.0

* Added support for ECDSA signing methods
* Added support for RSA PSS signing methods (requires go v1.4)

#### 2.2.0

* Gracefully handle a `nil` `Keyfunc` being passed to `Parse`.  Result will now be the parsed token and an error, instead of a panic.

#### 2.1.0

Backwards compatible API change that was missed in 2.0.0.

* The `SignedString` method on `Token` now takes `interface{}` instead of `[]byte`

#### 2.0.0

There were two major reasons for breaking backwards compatibility with this update.  The first was a refactor required to expand the width of the RSA and HMAC-SHA signing implementations.  There will likely be no required code changes to support this change.

The second update, while unfortunately requiring a small change in integration, is required to open up this library to other signing methods.  Not all keys used for all signing methods have a single standard on-disk representation.  Requiring `[]byte` as the type for all keys proved too limiting.  Additionally, this implementation allows for pre-parsed tokens to be reused, which might matter in an application that parses a high volume of tokens with a small set of keys.  Backwards compatibilty has been maintained for passing `[]byte` to the RSA signing methods, but they will also accept `*rsa.PublicKey` and `*rsa.PrivateKey`.

It is likely the only integration change required here will be to change `func(t *jwt.Token) ([]byte, error)` to `func(t *jwt.Token) (interface{}, error)` when calling `Parse`.

* **Compatibility Breaking Changes**
	* `SigningMethodHS256` is now `*SigningMethodHMAC` instead of `type struct`
	* `SigningMethodRS256` is now `*SigningMethodRSA` instead of `type struct`
	* `KeyFunc` now returns `interface{}` instead of `[]byte`
	* `SigningMethod.Sign` now takes `interface{}` instead of `[]byte` for the key
	* `SigningMethod.Verify` now takes `interface{}` instead of `[]byte` for the key
* Renamed type `SigningMethodHS256` to `SigningMethodHMAC`.  Specific sizes are now just instances of this type.
    * Added public package global `SigningMethodHS256`
    * Added public package global `SigningMethodHS384`
    * Added public package global `SigningMethodHS512`
* Renamed type `SigningMethodRS256` to `SigningMethodRSA`.  Specific sizes are now just instances of this type.
    * Added public package global `SigningMethodRS256`
    * Added public package global `SigningMethodRS384`
    * Added public package global `SigningMethodRS512`
* Moved sample private key for HMAC tests from an inline value to a file on disk.  Value is unchanged.
* Refactored the RSA implementation to be easier to read
* Exposed helper methods `ParseRSAPrivateKeyFromPEM` and `ParseRSAPublicKeyFromPEM`

#### 1.0.2

* Fixed bug in parsing public keys from certificates
* Added more tests around the parsing of keys for RS256
* Code refactoring in RS256 implementation.  No functional changes

#### 1.0.1

* Fixed panic if RS256 signing method was passed an invalid key

#### 1.0.0

* First versioned release
* API stabilized
* Supports creating, signing, parsing, and validating JWT tokens
* Supports RS256 and HS256 signing methods
updated documentation for 1.0.0 2014-05-28 01:23:32 +04:00			## `jwt-go` Version History

added rsa change to version history 2015-07-20 20:25:27 +03:00			`#### 3.0.0`

			* Dropped support for `[]byte` keys when using RSA signing methods. This convenience feature could contribute to security vulnerabilities involving mismatched key types with signing methods.
documentation update 2015-08-18 19:52:44 +03:00			* Added `Claims` interface type to allow users to decode the claims into a custom type
			* The `Claims` property on `Token` is now type `Claims` instead of `map[string]interface{}`. The default value is type `MapClaims`, which is an alias to `map[string]interface{}`. This makes it possible to use a custom type when decoding claims.
			* Added `ParseWithClaims`, which takes a third argument of type `Claims`. Use this function instead of `Parse` if you have a custom type you'd like to decode into.
added rsa change to version history 2015-07-20 20:25:27 +03:00
version history update 2016-03-31 21:13:52 +03:00			`#### 2.5.0`

			`This will likely be the last backwards compatible release before 3.0.0.`

			`* Added support for signing method none. You shouldn't use this. The API tries to make this clear.`
			`* Updated/fixed some documentation`
			* Added more helpful error message when trying to parse tokens that begin with `BEARER `

version history 2015-11-17 00:12:11 +03:00			`#### 2.4.0`

			`* Added new type, Parser, to allow for configuration of various parsing parameters`
			`* You can now specify a list of valid signing methods. Anything outside this set will be rejected.`
			* You can now opt to use the `json.Number` type instead of `float64` when parsing token JSON
			`* Added support for [Travis CI](https://travis-ci.org/dgrijalva/jwt-go)`
			`* Fixed some bugs with ECDSA parsing`

version notes for 1.3.0 2015-07-17 00:10:27 +03:00			`#### 2.3.0`

			`* Added support for ECDSA signing methods`
			`* Added support for RSA PSS signing methods (requires go v1.4)`

version notes for 2.2.0 2014-10-12 00:58:31 +04:00			`#### 2.2.0`

			* Gracefully handle a `nil` `Keyfunc` being passed to `Parse`. Result will now be the parsed token and an error, instead of a panic.

version 2.1.0 2014-09-30 23:21:30 +04:00			`#### 2.1.0`

			`Backwards compatible API change that was missed in 2.0.0.`

			* The `SignedString` method on `Token` now takes `interface{}` instead of `[]byte`

version changes from PR #28 2014-08-27 00:58:07 +04:00			`#### 2.0.0`

documentation 2014-08-27 01:41:32 +04:00			`There were two major reasons for breaking backwards compatibility with this update. The first was a refactor required to expand the width of the RSA and HMAC-SHA signing implementations. There will likely be no required code changes to support this change.`

			The second update, while unfortunately requiring a small change in integration, is required to open up this library to other signing methods. Not all keys used for all signing methods have a single standard on-disk representation. Requiring `[]byte` as the type for all keys proved too limiting. Additionally, this implementation allows for pre-parsed tokens to be reused, which might matter in an application that parses a high volume of tokens with a small set of keys. Backwards compatibilty has been maintained for passing `[]byte` to the RSA signing methods, but they will also accept `rsa.PublicKey` and `rsa.PrivateKey`.

			It is likely the only integration change required here will be to change `func(t jwt.Token) ([]byte, error)` to `func(t jwt.Token) (interface{}, error)` when calling `Parse`.

working on version history 2014-08-27 01:12:21 +04:00			`* Compatibility Breaking Changes`
			* `SigningMethodHS256` is now `*SigningMethodHMAC` instead of `type struct`
			* `SigningMethodRS256` is now `*SigningMethodRSA` instead of `type struct`
cleanup and documentation updates 2014-08-27 01:18:59 +04:00			* `KeyFunc` now returns `interface{}` instead of `[]byte`
			* `SigningMethod.Sign` now takes `interface{}` instead of `[]byte` for the key
			* `SigningMethod.Verify` now takes `interface{}` instead of `[]byte` for the key
version changes from PR #28 2014-08-27 00:58:07 +04:00			* Renamed type `SigningMethodHS256` to `SigningMethodHMAC`. Specific sizes are now just instances of this type.
			* Added public package global `SigningMethodHS256`
			* Added public package global `SigningMethodHS384`
			* Added public package global `SigningMethodHS512`
			* Renamed type `SigningMethodRS256` to `SigningMethodRSA`. Specific sizes are now just instances of this type.
			* Added public package global `SigningMethodRS256`
			* Added public package global `SigningMethodRS384`
			* Added public package global `SigningMethodRS512`
			`* Moved sample private key for HMAC tests from an inline value to a file on disk. Value is unchanged.`
working on version history 2014-08-27 01:12:21 +04:00			`* Refactored the RSA implementation to be easier to read`
make helper methods more specific 2014-08-27 01:24:20 +04:00			* Exposed helper methods `ParseRSAPrivateKeyFromPEM` and `ParseRSAPublicKeyFromPEM`
version changes from PR #28 2014-08-27 00:58:07 +04:00
v1.0.2 2014-08-27 00:51:41 +04:00			`#### 1.0.2`

			`* Fixed bug in parsing public keys from certificates`
			`* Added more tests around the parsing of keys for RS256`
			`* Code refactoring in RS256 implementation. No functional changes`

version history 2014-07-06 00:05:22 +04:00			`#### 1.0.1`

			`* Fixed panic if RS256 signing method was passed an invalid key`

updated documentation for 1.0.0 2014-05-28 01:23:32 +04:00			`#### 1.0.0`

			`* First versioned release`
			`* API stabilized`
			`* Supports creating, signing, parsing, and validating JWT tokens`
			`* Supports RS256 and HS256 signing methods`