You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: MIGRATION_GUIDE.md
+5-5Lines changed: 5 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -9,17 +9,17 @@ Starting from [v5.0.0](https://github.com/golang-jwt/jwt/releases/tag/v5.0.0), t
9
9
"github.com/golang-jwt/jwt/v5"
10
10
11
11
For most users, changing the import path *should* suffice. However, since we intentionally changed and cleaned some of
12
-
the public API, existing programs might need to be adopted. The following paragraphs go through the individual changes
13
-
and make suggestions how to change existing programs.
12
+
the public API, existing programs might need to be updated. The following sections describe significant changes
13
+
and corresponding updates for existing programs.
14
14
15
15
## Parsing and Validation Options
16
16
17
17
Under the hood, a new `validator` struct takes care of validating the claims. A long awaited feature has been the option
18
18
to fine-tune the validation of tokens. This is now possible with several `ParserOption` functions that can be appended
19
19
to most `Parse` functions, such as `ParseWithClaims`. The most important options and changes are:
20
-
*`WithLeeway`, which can be used to specific leeway that is taken into account when validating time-based claims, such as `exp` or `nbf`.
21
-
*The new default behavior now disables checking the `iat` claim by default. Usage of this claim is OPTIONAL according to the JWT RFC. The claim itself is also purely informational according to the RFC, so a strict validation failure is not recommended. If you want to check for sensible values in these claims, please use the `WithIssuedAt` parser option.
22
-
*New options have also been added to check for expected `aud`, `sub` and `iss`, namely `WithAudience`, `WithSubject` and `WithIssuer`.
20
+
*Added `WithLeeway` to support specifying the leeway that is allowed when validating time-based claims, such as `exp` or `nbf`.
21
+
*Changed default behavior to not check the `iat` claim. Usage of this claim is OPTIONAL according to the JWT RFC. The claim itself is also purely informational according to the RFC, so a strict validation failure is not recommended. If you want to check for sensible values in these claims, please use the `WithIssuedAt` parser option.
22
+
*Added `WithAudience`, `WithSubject` and `WithIssuer`to support checking for expected `aud`, `sub` and `iss`.
0 commit comments