The API is now stabilized and I intend on avoiding a /v2 release. (But one might be required if there is another major github.com/golang-jwt/jwt release.)
Here are a list of changes since v0.10.0:
- Breaking change by renaming
keyfunc.JWKstokeyfunc.JWKS. Renamed other instances of JWKs to JWKS. - Breaking change that makes
keyfunc.Optionsa required, non-variadic, argument. (An empty struct is still valid.) - Only recomputing the JWKS when the remote resources changes.
EdDSAwith aned25519curve is now supported. (ed448is not).- JWTs are marked compatible by
ktyheader value, notalg. - Remote
octkey types, including HMAC, are not supported. (Still supported through given keys.) - When a JWKS is read, all keys are precomputed or ignored.
- A
map[string]interface{}can be returned. The map key is a key ID,kid, to cryptographic keys from the JWKS. It is intended to be read-only.
An important note is that key parsing now depends on the kty header value. This header value is required by the RFC whereas the previous alg value is optional in a JWK Set.