Skip to content

Latest commit

 

History

History
161 lines (92 loc) · 3.67 KB

CHANGELOG.md

File metadata and controls

161 lines (92 loc) · 3.67 KB
Raw

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased

0.14.0 (2024-01-22)

  • update to axum 0.7
    • tower-http 0.5, header 0.4, http 1.0
  • jsonwebtoken 9.2
  • tonic support removed temporarily (waiting for tonic migration to axum 0.7)

0.13.0 (2023-11-20)

  • added support for custom http client in jwks discovery (fixes #41)
  • algs added to configurable validation options
  • missing alg in JWK no longer defaults to RS256 but to all algs of the same alg familly
  • jsonwebtoken updated (8.3.0 -> 9.1.0)
  • make RegisteredClaims serializable (fixes #38)

0.12.0 (2023-10-14)

  • internal refactoring (no public breaking changes)
  • claim checker allowing closures (#32)
  • jwks from file or text (#37)

0.11.0 (2023-09-06)

  • support for multiple authorizers
    • JwtAuthorizer::layer() deprecated in favor of JwtAuthorizer::build() and IntoLayer::into_layer()
  • better optional claims extraction (commit: 940acb17a1de82788bc72c3657da87609ce741e9)
    • error 401 rather than INTERNAL_SERVER_ERROR, when no claims exist (no authorizer layer)
    • do not log error

0.10.1 (2023-07-11)

Fixed

  • (RegisteredClaims) audience claim, should be a string o an array of strings

Added

  • (NumericDate) optional feature enables time dep as an alternative to chrono

0.10.0 (2023-05-19)

  • tonic services support
  • choices of TLS support (corresponding to underlying reqwest crate features)
  • RegisteredClaims added (representing RFC7519 registered claims), used as default for JwtAuthorizer

0.9.0 (2023-04-14)

Added

  • Other sources for jwt token are configurable (#10)
    • Cookie
    • AuthorizationHeader (default)
  • Raw PEM file content as an input for JwtAuthorizer (#15)

Changed

  • Remove 'static lifetime requirement (#8)

0.8.1 (2023-03-16)

No public API changes, no new features.

Changed

  • KeyStore, KeySource refactor for better performance and security

Fixed

  • Allow non root OIDC issuer (issue #1)

0.8.0 (2023-02-28)

Added

  • validation configuration (exp, nbf, aud, iss, disable_validation)
  • more integration tests added

Fixed

  • JwtAuthorizer.from_ec(), JwtAuthorizer.from_ed() imported PEM as DER resulting in failed validations

0.7.0 (2023-02-14)

Changed

  • Refresh configuration - simplification, minimal_refresh_interval removed (replaced by refresh_interval in KeyNotFound refresh strategy)

Added

  • integration tests, unit tests

0.6.0 (2023-02-05)

Added

  • JwtAuthorizer::from_oidc(issuer_uri) - building from oidc discovery page

Changed

  • JwtAuthorizer::layer() becomes async

Minor Changes

  • demo-server refactoring

0.5.0 - (2023-1-28)

Changed

  • JwtAuthorizer creation simplified:
    • JwtAuthorizer::from_* creates an instance, new() is not necessary anymore
  • with_check() renamed to check()

Added

  • jwks store refresh configuration

Fixed

  • claims extractor (JwtClaims) without authorizer should not panic, should send a 500 error

0.4.0 - (2023-1-21)

Added

  • claims checker (stabilisation, tests, documentation)

Fixed

  • added missing WWW-Authenticate header to errors

0.3.2 - (2023-1-18)

Fixed

  • fix: when jwks store endpoint is unavailable response should be an error 500 (not 403)

0.3.1 - (2023-1-14)

Fixed

  • fix: panicking when a bearer token is missing in protected request (be6bf9fb)

0.3.0 - (2023-1-13)

Added

  • building the authorizer layer from rsa, ec, ed PEM files and from secret phrase (9bd99b2a)

0.2.0 - (2023-1-10)

Initial release