Initial QSfera import
This commit is contained in:
+140
@@ -0,0 +1,140 @@
|
||||
# Incompatible Changes from v2 to v3
|
||||
|
||||
These are changes that are incompatible with the v2.x.x version.
|
||||
|
||||
# Detailed list of changes
|
||||
|
||||
## Module
|
||||
|
||||
* This module now requires Go 1.23
|
||||
|
||||
* All `xxx.Get()` methods have been changed from `Get(string) (interface{}, error)` to
|
||||
`Get(string, interface{}) error`, where the second argument should be a pointer
|
||||
to the storage destination of the field.
|
||||
|
||||
* All convenience accessors (e.g. `(jwt.Token).Subject`) now return `(T, bool)` instead of
|
||||
`T`. If you want an accessor that returns a single value, consider using `Get()`
|
||||
|
||||
* Most major errors can now be differentiated using `errors.Is`
|
||||
|
||||
## JWA
|
||||
|
||||
* All string constants have been renamed to equivalent functions that return a struct.
|
||||
You should rewrite `jwa.RS256` as `jwa.RS256()` and so forth.
|
||||
|
||||
* By default, only known algorithm names are accepted. For example, in our JWK tests,
|
||||
there are tests that deal with "ECMR" algorithm, but this will now fail by default.
|
||||
If you want this algorithm to succeed parsing, you need to call `jwa.RegisterXXXX`
|
||||
functions before using them.
|
||||
|
||||
* Previously, unmarshaling unquoted strings used to work (e.g. `var s = "RS256"`),
|
||||
but now they must conform to the JSON standard and be quoted (e.g. `var s = strconv.Quote("RS256")`)
|
||||
|
||||
## JWT
|
||||
|
||||
* All convenience accessors (e.g. `Subject`) now return `(T, bool)` instead of
|
||||
just `T`. If you want a single return value accessor, use `Get(dst) error` instead.
|
||||
|
||||
* Validation used to work for `iat`, `nbf`, `exp` fields where these fields were
|
||||
set to the explicit time.Time{} zero value, but now the _presence_ of these fields matter.
|
||||
|
||||
* Validation of fields related to time used to be truncated to one second accuracy,
|
||||
but no longer does so. To restore old behavior, you can either change the global settings by
|
||||
calling `jwt.Settings(jwt.WithTruncation(time.Second))`, or you can
|
||||
change it by each invocation by using `jwt.Validate(..., jwt.WithTruncation(time.Second))`
|
||||
|
||||
* Error names have been renamed. For example `jwt.ErrInvalidJWT` has been renamed to
|
||||
`jwt.UnknownPayloadTypeError` to better reflect what the error means. For other errors,
|
||||
`func ErrXXXX()` have generally been renamed to `func XXXError()`
|
||||
|
||||
* Validation errors are now wrapped. While `Validate()` returns a `ValidateError()` type,
|
||||
it can also be matched against more specific error types such as `TokenExpierdError()`
|
||||
using `errors.Is`
|
||||
|
||||
* `jwt.ErrMissingRequiredClaim` has been removed
|
||||
|
||||
## JWS
|
||||
|
||||
* Iterators have been completely removed.
|
||||
* As a side effect of removing iterators, some methods such as `Copy()` lost the
|
||||
`context.Context` argument
|
||||
|
||||
* All convenience accessors (e.g. `Algorithm`) now return `(T, bool)` instead of
|
||||
just `T`. If you want a single return value accessor, use `Get(dst) error` instead.
|
||||
|
||||
* Errors from `jws.Sign` and `jws.Verify`, as well as `jws.Parse` (and friends)
|
||||
can now be differentiated by using `errors.Is`. All `jws.IsXXXXError` functions
|
||||
have been removed.
|
||||
|
||||
## JWE
|
||||
|
||||
* Iterators have been completely removed.
|
||||
* As a side effect of removing iterators, some methods such as `Copy()` lost the
|
||||
`context.Context` argument
|
||||
|
||||
* All convenience accessors (e.g. `Algorithm`) now return `(T, bool)` instead of
|
||||
just `T`. If you want a single return value accessor, use `Get(dst) error` instead.
|
||||
|
||||
* Errors from `jwe.Decrypt` and `jwe.Encrypt`, as well as `jwe.Parse` (and friends)
|
||||
can now be differentiated by using `errors.Is`. All `jwe.IsXXXXrror` functions
|
||||
have been removed.
|
||||
|
||||
## JWK
|
||||
|
||||
* All convenience accessors (e.g. `Algorithm`, `Crv`) now return `(T, bool)` instead
|
||||
of just `T`, except `KeyType`, which _always_ returns a valid value. If you want a
|
||||
single return value accessor, use `Get(dst) error` instead.
|
||||
|
||||
* `jwk.KeyUsageType` can now be configured so that it's possible to assign values
|
||||
other than "sig" and "enc" via `jwk.RegisterKeyUsage()`. Furthermore, strict
|
||||
checks can be turned on/off against these registered values
|
||||
|
||||
* `jwk.Cache` has been completely re-worked based on github.com/lestrrat-go/httprc/v3.
|
||||
In particular, the default whitelist mode has changed from "block everything" to
|
||||
"allow everything".
|
||||
|
||||
* Experimental secp256k1 encoding/decoding for PEM encoded ASN.1 DER Format
|
||||
has been removed. Instead, `jwk.PEMDecoder` and `jwk.PEMEncoder` have been
|
||||
added to support those who want to perform non-standard PEM encoding/decoding
|
||||
|
||||
* Iterators have been completely removed.
|
||||
|
||||
* `jwk/x25519` has been removed. To use X25519 keys, use `(crypto/ecdh).PrivateKey` and
|
||||
`(crypto/ecdh).PublicKey`. Similarly, internals have been reworked to use `crypto/ecdh`
|
||||
|
||||
* Parsing has completely been reworked. It is now possible to add your own `jwk.KeyParser`
|
||||
to generate a custom `jwk.Key` that this library may not natively support. Also see
|
||||
`jwk.RegisterKeyParser()`
|
||||
|
||||
* `jwk.KeyProbe` has been added to aid probing the JSON message. This is used to
|
||||
guess the type of key described in the JSON message before deciding which concrete
|
||||
type to instantiate, and aids implementing your own `jwk.KeyParser`. Also see
|
||||
`jwk.RegisterKeyProbe()`
|
||||
|
||||
* Conversion between raw keys and `jwk.Key` can be customized using `jwk.KeyImporter` and `jwk.KeyExporter`.
|
||||
Also see `jwk.RegisterKeyImporter()` and `jwk.RegisterKeyExporter()`
|
||||
|
||||
* Added `jwk/ecdsa` to keep track of which curves are available for ECDSA keys.
|
||||
|
||||
* `(jwk.Key).Raw()` has been deprecated. Use `jwk.Export()` instead to convert `jwk.Key`
|
||||
objects into their "raw" versions (e.g. `*rsa.PrivateKey`, `*ecdsa.PrivateKey`, etc).
|
||||
This is to allow third parties to register custom key types that this library does not
|
||||
natively support: Whereas a method must be bound to an object, and thus does not necessarily
|
||||
have a way to hook into a global settings (i.e. custom exporter/importer) for arbitrary
|
||||
key types, if the entrypoint is a function it's much easier and cleaner to for third-parties
|
||||
to take advantage and hook into the mechanisms.
|
||||
|
||||
* `jwk.FromRaw()` has been derepcated. Use `jwk.Import()` instead to convert "raw"
|
||||
keys (e.g. `*rsa.PrivateKEy`, `*Ecdsa.PrivateKey`, etc) int `jwk.Key`s.
|
||||
|
||||
* `(jwk.Key).FromRaw()` has been deprecated. The method `(jwk.Key).Import()` still exist for
|
||||
built-in types, but it is no longer part of any public API (`interface{}`).
|
||||
|
||||
* `jwk.Fetch` is marked as a simple wrapper around `net/http` and `jwk.Parse`.
|
||||
|
||||
* `jwk.SetGlobalFetcher` has been deprecated.
|
||||
|
||||
* `jwk.Fetcher` has been clearly marked as something that has limited
|
||||
usage for `jws.WithVerifyAuto`
|
||||
|
||||
* `jwk.Key` with P256/P386/P521 curves can be exporrted to `ecdh.PrivateKey`/`ecdh.PublicKey`
|
||||
Reference in New Issue
Block a user