v1.1.0

Changelog

Other Work

• 6112417: added ErrBadCredentials, to disambiguate the case or parseable vs incorrect credentials (@johnabass)
• bbec630: added HTTP-specific AsValidator (@johnabass)
• fb457ec: added a general purpose unauthorized error (@johnabass)
• 0b6dd02: added examples around authentication and authorization (@johnabass)
• 9f4da81: bump to go1.23 (@johnabass)
• e19d904: capability support (@johnabass)
• 92ae145: custom HTTP capabilities moved to their own subpackage (@johnabass)
• caaa627: custom HTTP capabilities moved to their own subpackage (@johnabass)
• 2307f48: made the API and its implementation easier to reason about; fixed a bug with multiple capabilities (@johnabass)
• 925d08d: refactored the Challenge API to better comply with the RFC; removed support for token68 (@johnabass)
• be4ff5c: updated default error handling to include the new bascule.ErrBadCredentials error (@johnabass)

v1.0.0

Changelog

New Features

• 5c1120a: feat: Error interface carries additional metadata (@johnabass)

Dependency Updates

• 1dc6042: feat(deps): bump github.com/lestrrat-go/jwx/v2 from 2.0.20 to 2.0.21 (#246) (@dependabot[bot])
• 99e6e64: feat(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#244) (@dependabot[bot])

Other Work

• 0ecd852: added BasicAuth function to encoding basic auth strings (@johnabass)
• a4ff780: added access to a token's capabilities via the core package (@johnabass)
• 117ea76: added an Error interface to consistently expose information about failures (@johnabass)
• d75a68c: added stub token parsing support (@johnabass)
• 3546293: allow a generic source type; simplify the credentials parsing (@johnabass)
• b9838df: authenticator workflow (@johnabass)
• 40cbe73: authorizer workflow (@johnabass)
• 81fe05e: avoid embedding jwt.Token; unit tests (@johnabass)
• ede2dbf: basic capabilities support in the API (@johnabass)
• 2c75ebc: defined a listener API for noteworth bascule events (@johnabass)
• d84b604: demonstrate how to access the token from inside a handler (@johnabass)
• 401162f: docs:Update README.md (@schmidtw)
• a287834: ensure Token implements the new AttributesAccessor interface (@johnabass)
• e694ef1: fixed the v1 mod path (@johnabass)
• 93f541a: fully implemented the authorization parsing; fixed middleware example (@johnabass)
• 6ab6dbd: generic authenticator workflow type (@johnabass)
• 02d762f: generic authorization workflow (@johnabass)
• 54f6f82: genericize the source object where tokens are taken from (@johnabass)
• 7d7da18: incorporate the generic source type into validation (@johnabass)
• a5d7a5c: middleware unit tests with conveniences added to the API (@johnabass)
• 4a33b88: pruned event filtering for now (@johnabass)
• 9e6eac1: pruned inaccurate README information (@johnabass)
• 04d0232: refactored challenge API (@johnabass)
• a1d4530: refactored errors to better allow generic error handling (@johnabass)
• 6e7224d: refactored into separate event structs to make genericizing the workflow easier (@johnabass)
• 539a004: refactored the Authorizer API to be consistent with Validator (@johnabass)
• 271ba61: refactored token parsing to remove credentials and simplify the API (@johnabass)
• 7b342c4: refactored validator code to allow access to the source during validation (@johnabass)
• f2b8c69: removed accessor; patched tests; added simple middleware example (@johnabass)
• ecc370c: renamed Attributes for consistency with other parts of the API (@johnabass)
• 4e85cd7: renamed Authorizer to Approver to make room for Authorizer to be our workflow name (@johnabass)
• 8da4fb6: simplified default error marshaler; error unit tests (@johnabass)
• fa87382: simplified token parsing and error handling (@johnabass)
• da69b50: simplified workflow setup for HTTP middleware (@johnabass)
• 4a71b5c: updated middleware to use the genericized workflow from the base package (@johnabass)
• 4bcfc4e: use the new parsing interface (@johnabass)

v0.11.7

Changelog

New Features

• c7f9151: feat: remove arrange (@denopink)

Dependency Updates

• 8418087: feat(deps): bump github.com/go-kit/kit from 0.12.0 to 0.13.0 (#210) (@dependabot[bot])
• 89a5d24: feat(deps): bump github.com/prometheus/client_golang (#213) (@dependabot[bot])
• 26e9e71: feat(deps): bump github.com/spf13/viper from 1.16.0 to 1.17.0 (#214) (@dependabot[bot])
• 500e181: feat(deps): bump github.com/xmidt-org/candlelight from 0.0.18 to 0.0.19 (#218) (@dependabot[bot])
• 32ca751: feat(deps): bump github.com/xmidt-org/touchstone from 0.1.2 to 0.1.3 (#212) (@dependabot[bot])
• 458b995: feat(deps): bump go.uber.org/fx from 1.20.0 to 1.20.1 (#216) (@dependabot[bot])
• beda265: feat(deps): bump go.uber.org/zap from 1.25.0 to 1.26.0 (#211) (@dependabot[bot])
• 03ddb96: feat(deps): bump golang.org/x/net from 0.13.0 to 0.17.0 (#215) (@dependabot[bot])
• 3234afe: feat(deps): bump google.golang.org/grpc from 1.55.0 to 1.56.3 (#217) (@dependabot[bot])
• fb3ab08: feat(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#220) (@dependabot[bot])

Other Work

• ea8edf8: Update dependabot to manage all dependencies. (@schmidtw)

v0.11.6

Changelog

Other Work

• 79a5ca9: Bump github.com/lestrrat-go/jwx/v2 from 2.0.8 to 2.0.11 (#196) (@dependabot[bot])
• 2f54e64: Bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 (#198) (@dependabot[bot])
• 8885e0a: Bump github.com/spf13/cast from 1.5.0 to 1.5.1 (#189) (@dependabot[bot])
• ed8c9ed: Bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#193) (@dependabot[bot])
• bfa942a: Bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#191) (@dependabot[bot])
• 3b3f285: Bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#192) (@dependabot[bot])
• 4409931: Bump github.com/xmidt-org/candlelight from 0.0.16 to 0.0.17 (#197) (@dependabot[bot])
• 5dcfac3: Bump github.com/xmidt-org/candlelight from 0.0.17 to 0.0.18 (#199) (@dependabot[bot])
• 302e34a: Bump github.com/xmidt-org/webpa-common/v2 from 2.1.0 to 2.1.2 (#190) (@dependabot[bot])
• 9d96d15: Bump github.com/xmidt-org/webpa-common/v2 from 2.1.2 to 2.2.0 (#194) (@dependabot[bot])
• eda4258: Bump github.com/xmidt-org/webpa-common/v2 from 2.2.0 to 2.2.1 (#200) (@dependabot[bot])
• 4e8a980: Bump github.com/xmidt-org/webpa-common/v2 from 2.2.1 to 2.2.2 (#205) (@dependabot[bot])
• 0b1cab3: Bump go.uber.org/fx from 1.19.3 to 1.20.0 (#195) (@dependabot[bot])
• 33e8d34: Bump go.uber.org/zap from 1.24.0 to 1.25.0 (#202) (@dependabot[bot])
• c792080: Fix the style and checking. (@schmidtw)
• 9f3a47a: Updating to SPDX licenses. (@schmidtw)
• fc53c6c: patch: add missing log field satClientID (@denopink)

v0.11.5

Changelog

Other Work

• 4c9970c: Bump github.com/prometheus/client_golang from 1.14.0 to 1.15.0 (#184) (@dependabot[bot])
• 07f6d46: Bump github.com/prometheus/client_golang from 1.15.0 to 1.15.1 (#186) (@dependabot[bot])
• 69946c7: Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (#179) (@dependabot[bot])
• 68ca252: Bump github.com/xmidt-org/arrange from 0.3.0 to 0.4.0 (#178) (@dependabot[bot])
• 8aff557: Bump github.com/xmidt-org/candlelight from 0.0.13 to 0.0.14 (#176) (@dependabot[bot])
• aa05571: Bump github.com/xmidt-org/candlelight from 0.0.14 to 0.0.15 (#180) (@dependabot[bot])
• e868dd6: Bump github.com/xmidt-org/candlelight from 0.0.15 to 0.0.16 (#183) (@dependabot[bot])
• 97c3bbc: Bump github.com/xmidt-org/sallust from 0.2.1 to 0.2.2 (#182) (@dependabot[bot])
• f770d1e: Bump go.uber.org/fx from 1.19.1 to 1.19.2 (#175) (@dependabot[bot])
• 851a030: Bump go.uber.org/fx from 1.19.2 to 1.19.3 (#187) (@dependabot[bot])
• 6729b86: Disable go generate. (@schmidtw)
• 7ee0805: Install stringer instead of disabling go-generate. (@schmidtw)
• 5699248: Use the new shared workflow. (@schmidtw)
• dfe4645: added helper package to be used by scytale, talaria, and caduceus (@maurafortino)

v0.11.4 2023-01-20

• Bug: Normalize both url path and capability substring for endpoint authorization #170

v0.11.3 2023-01-11

• Remove deprecated sallust code #167

v0.11.2 2022-11-30

• SetLogger Bug: Shared logger among requests creates repeating logging context #159
• Enable & Fix Linter #149
• Remove go-kit/kit/log & go-kit/log #148
• Move to zap logger #103
• Security patch, remove debug logged token

v0.11.1 2022-11-11

• SetLogger Bug: Shared logger among requests creates repeating logging context #159
• CVE-2022-32149 (High) detected in golang.org/x/text-v0.3.7 #153

v0.11.0 2022-08-17

• Refactored basculehttp to use Clortho instead of key package. 135
• Update dependencies. 131
  • github.com/gorilla/sessions v1.2.1 cwe-613 no patch available
• Update dependencies. 130
• Update CI system. 129
• Add new middleware for specifying the logger. 126
• Added fields to SetLoggerLogger func and bumped cast, viper, arrange, and zap packages. 122
• Removed "github.com/pkg/errors" dependency for "errors". #116