v4.4.0

What's Changed

• fix: expired token error message by @ydylla in #165
• feat: port clockskew support by @ksegun in #139

New Contributors

• @ydylla made their first contribution in #165
• @ksegun made their first contribution in #139

Full Changelog: v4.3.0...v4.4.0

v4.3.0

What's Changed

• Support errors.Is for token extractors by @stefantds in #141
• Implementing Is(err) bool to support Go 1.13 style error checking by @oxisto in #136
• remove unnecessary for loop in token signing string for readability by @hyeonjae in #34
• updated README.md to contain more extensions by @matelang in #155
• Add JWT logo attribution by @mfridman in #161
• fix: fixed typo detect by cSpell by @giautm in #164
• Set json encoding precision by @mfridman in #162

New Contributors

• @stefantds made their first contribution in #141
• @hyeonjae made their first contribution in #34
• @matelang made their first contribution in #155
• @giautm made their first contribution in #164

Full Changelog: v4.2.0...v4.3.0

v4.2.0

• Fix the comment of VerifyExpiresAt (#109) @shogo82148
• Introducing functional-style options for the Parser type (#108) @oxisto
• Improve code comments, including security consideration (#107) @sebastien-rosset
• Fix int64 overflow in newNumericDateFromSeconds (#112) @PiotrKozimor
• Fixes jwt command to support EdDSA algorithm (#118) @AlexanderYastrebov
• Revert Encoding/Decoding changes for better compatibility (#117) @ajermaky
• Allow none algorithm in jwt command (#121) @AlexanderYastrebov
• Unwrap for ValidationError (#125) @kdeberk
• cmd: list supported algorithms (-alg flag) (#123) @AlexanderYastrebov
• Added VerifyIssuer method to RegisteredClaims (#130) @tfonfara

v4.1.0

• Adds support for go1.17 (#89).
• Adds RFC7519-compliant RegisteredClaims struct (#15). Use this instead of StandardClaims (deprecated but not removed).
• Adds generic crypto.Signer for ed25519.PublicKey (#95).
• Adds regular code scanning (#101).
• Corrects "exp" logic to conform to https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.4 (#86).
• Adds additional parsing tests (#106).
• Changed error string (#97).
• Various Code fixes and cleanup (#53, #83, #102, #103).

v4.0.0

• Adds Go module support (#41). You can import this package using the following import path:

github.com/golang-jwt/jwt/v4

This release, and any future /v4 work is intended to be backwards-compatible with existing v3.x.y tags.

See the migration guide for more details.

v3.2.2

• Starting from this release, we are adopting the policy to support the most 2 recent versions of Go currently available. By the time of this release, this is Go 1.15 and 1.16 (#28).
• Fixed a potential issue that could occur when the presence of exp, iat or nbf was not required for verification and contained invalid contents, i.e. non-numeric/date. Thanks for @thaJeztah for making us aware of that and @giorgos-f3 for originally reporting it to the formtech fork (#40).
• Added support for EdDSA / ED25519 (#36).
• Optimized allocations (#33).

v3.2.1

• Import Path Change: See MIGRATION_GUIDE.md for tips on updating your code
  • Changed the import path from github.com/dgrijalva/jwt-go to github.com/golang-jwt/jwt
• Fixed type confusion issue between string and []string in VerifyAudience (#12). This fixes CVE-2020-26160