-
Notifications
You must be signed in to change notification settings - Fork 206
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v2 features #86
Comments
Any timeline for the V2 version? This version doesnt support list of audiences and custom claims. Hope V2 supports that. |
Hey @achandak123! We don't have an official timeline, but I'm hoping for June/July of this year (hopefully sooner). I have a somewhat messy PR open into the v2 branch that, among other things, adds support for a list of audiences and custom claims. I'm hoping to clean that PR up by next weekend. Feel free to take a look if you'd like, but again, it's kind of messy and lacks some good examples: #84 |
Hey @achandak123 we are getting close to releasing |
The best way to test is to use Then you should be able to follow the migration guide for info on what has changed: https://github.com/auth0/go-jwt-middleware/tree/v2#migration-guide |
We are close to releasing v2. The plan right now is to test throughout the month of August and then release it in early September. |
Can't wait for the new version! |
i wrote a gin middleware using this v2. the way this works with the error handler makes the code feel kind of funky, but it does work though. i will create another issue to show the code and ask input about what i noticed. thanks for the hard work! |
Hi there, I've just tested the new v2 and it seems to work great, I really like the changes especially the support for jwks out of the box. One little thing I stumbled across is the new |
is there an estimated release date for version 2? |
@avelino due to some internal changes at Auth0 we're pushing the release back a bit. We'll get you an estimated date when we know more. |
@grounded042 If you need me to help you maintain |
@grounded042 Are there any updates on this? I would love to use the new version 🚀 |
Hey @brumhard - I left Auth0 a month ago and am no longer working on this, however I did hand it off before I left. My hope is that they can pick this up and merge it in soon. |
@grounded042 alright thanks for the info and good luck for your new work 🙂 |
Hello everyone, really appreciate the patience around the v2 release! We'll be taking over the work on this within the next couple of weeks. So stay tuned 📺 |
Hey @sergiughf, the migration guide references how to use v2 at very high level, but then link to v1 and godocs state v1.0.1 is the latest. Is there any guidance on viewing v2 docs to help with migration? |
Hey @truescotian, really appreciate you taking a look at that guide! We merged the v2 branch into master but we did not officially release v2 yet as we are running a couple of last mile checks to ensure we did not miss anything. Once all last pieces fall into place we'll do the official release. We really appreciate everyone's patience! V2 release is extremely close, just 🐻 with us a tiny bit longer. However if you want to already check the v2 docs you can do the following right now:
And then you can view the docs at |
Hello everyone, I'd like to give you all a quick update from our side on what's happening right now with v2. We're in the process of performing a couple of internal checks we have for every major release. The soft deadline we set internally for releasing the next major version is the week starting November 15th. The release will be a beta one and tagged with v2.0.0-beta. So we can give everyone a lengthier time to test the new major and rule out any potential issues. This means that by default when using Meanwhile we're also discussing @brumhard 's request over here #86 (comment) and see how we can introduce that into the beta release. We really appreciate everyone's patience around this! We will be trying to post more regular status updates on everything that's happening under the scenes. |
@sergiughf
|
Hey @avelino, apologies for the confusion. I should have been more clear in explaining that only once our internal checks are finished we can release the |
@sergiughf, do you have news about the new version? I am not just charging but showing interest in contributing if you need help We use |
Hey @avelino, first of all I really appreciate the availability to support this project. I'll be having additional info regarding the new version on Thursday (2nd Dec) after I'll sync with the team responsible for the internal checks. Unfortunately this is taking longer than expected due to the internal company holiday we had for the week of thanksgiving. Rest assured however that we're still pushing through as fast as we can. I've been merging a couple of updates the past dates but I'm just waiting to cut the release after the internal approval. |
Congrats @sergiughf and teams 🎉 |
@sergiughf you could generate a |
Hey @avelino, appreciate the link! The |
This is awesome! So glad this is getting released. |
Hello folks, We just released the v2.0.0-beta 🥳 ! You can start testing it by running In case of issues fetching the v2 you might want to try I'll be closing this issue soon as we'll focus on issues raised from the beta phase. We really appreciate everyones patience around this and all the contributions, and also all the hard work @grounded042 put into the v2 as well! It wouldn't have been able to get to this point without your contribution! 🙇🏻 |
There doesn't seem to be a way to get the User out of the Context. The previous methods with Claims don't work. Basically |
Hey @jamra, thanks for reporting this. Could you kindly open a bug issue so we can target support on this and provide us with further information like:
Usually if your code ends up executing inside the handler it's safe to assume the validation has passed successfully and the token has been assigned as a value to the request context over here: https://github.com/auth0/go-jwt-middleware/blob/master/middleware.go#L89 as an instance of
For examples, following our BETA Quickstart from https://auth0.com/docs/quickstart/backend/golang-beta, if we don't execute this line here within the sample https://github.com/auth0-samples/auth0-golang-api-samples/blob/57e3d31f9d4f12946870cb02c230c77e1f5fde4f/01-Authorization-RS256-BETA/middleware/jwt.go#L75 the request that the gin Handler will have access to, won't have the Hope this helps, but if not please open a separate issue to discuss this further:) |
@sergiughf Create a issue label to mark the issues that is from v2 or v1, so we can identify it easier |
For anyone who comes across this while searching, the issue was in porting the gin code over to my code. var authMiddleware = func(h Handler) Handler {
issuerURL, err := url.Parse("https://" + os.Getenv("AUTH0_DOMAIN") + "/")
if err != nil {
log.Fatalf("Failed to parse the issuer url: %v", err)
}
provider := jwks.NewCachingProvider(issuerURL, 5*time.Minute)
jwtValidator, err := validator.New(
provider.KeyFunc,
validator.RS256,
issuerURL.String(),
[]string{os.Getenv("AUTH0_AUDIENCE")},
validator.WithCustomClaims(&CustomClaims{}),
validator.WithAllowedClockSkew(time.Minute),
)
if err != nil {
log.Fatalf("Failed to set up the jwt validator")
}
errorHandler := func(w http.ResponseWriter, r *http.Request, err error) {
fmt.Println("error:", err)
log.Printf("Encountered error while validating JWT: %v", err)
}
middleware := jwtmiddleware.New(
jwtValidator.ValidateToken,
jwtmiddleware.WithErrorHandler(errorHandler),
)
return func(w http.ResponseWriter, r *http.Request) error {
var encounteredError = true
var handler http.HandlerFunc = func(w http.ResponseWriter, r *http.Request) {
encounteredError = false
// user := r.Context().Value(jwtmiddleware.ContextKey{})
// fmt.Println("user:", user)
h(w, r)
}
middleware.CheckJWT(handler).ServeHTTP(w, r)
if encounteredError {
return errors.New("encountered error")
// ctx.AbortWithStatusJSON(
// http.StatusUnauthorized,
// map[string]string{"message": "Failed to validate JWT."},
// )
}
// return h(w, r)
return nil
}
} Here I created my own middleware and used my own Handler that returns an error so I can log my errors in one place. You can just use http.Handler and not return from this function. My previous mistake was calling the handler from the function I'm returning instead of the one that sets |
@jamra That's amazing 🥳 ! Thank you so much for going the extra mile and providing this visibility for everyone! It really means a lot! Also apologies for derailing this a bit, but perhaps you all would prefer if we showcase the middleware within our quickstarts just using a regular net/http mux compatible router instead of gin? We opted for gin as it's one of the most popular web frameworks for go right now but if this increases confusion we can keep being compatible with the stdlib instead. Would appreciate if you just react to my message with a 👍🏻 if you agree. |
Another thing I would like to see is the validation of ID tokens. There are methods deeper inside the middleware that just use jwt and jose to do so, but it would require a similar setup with the keyFunc and whatnot. I'm trying to use the ID token to get basic info about the user to be stored for future user communication. |
This issue is here to list out all of the features we're working towards in v2. We have the milestone and I wanted to create an issue to explicitly call out everything we are working towards. Things can be checked off once they are merged into the
v2
branch.core features
validation features
before launch
examples for popular http frameworksThe text was updated successfully, but these errors were encountered: