v2.0.7 - 15 Nov 2022
[New features]
* [jwt] Each `jwt.Token` now has an `Options()` method
* [jwt] `jwt.Settings(jwt.WithFlattenedAudience(true))` has a slightly
different semantic than before. Instead of changing a global variable,
it now specifies that the default value of each per-token option for
`jwt.FlattenAudience` is true.
Therefore, this is what happens:
// No global settings
tok := jwt.New()
tok.Options.IsEnabled(jwt.FlattenAudience) // false
// With global settings
jwt.Settings(jwt.WithFlattenedAudience(true))
tok := jwt.New()
tok.Options.IsEnabled(jwt.FlattenAudience) // true
// But you can still turn FlattenAudience off for this
// token alone
tok.Options.Disable(jwt.FlattenAudience)
Note that while unlikely to happen for users relying on the old behavior,
this change DOES introduce timing issues: whereas old versions switched the
JSON marshaling for ALL tokens immediately after calling `jwt.Settings`,
the new behavior does NOT affect tokens that have been created before the
call to `jwt.Settings` (but marshaled afterwards).
So the following may happen:
// < v2.0.7
tok := jwt.New()
jwt.Settings(jwt.WithFlattenedAudience(true))
json.Marshal(tok) // flatten = on
// >= v2.0.7
tok := jwt.New() // flatten = off
jwt.Settings(jwt.WithFlattenedAudience(true))
json.Marshal(tok) // flatten = on
// >= v2.0.7
tok := jwt.New() // flatten = off
jwt.Settings(jwt.WithFlattenedAudience(true))
json.Marshal(tok) // flatten is still off
It is recommended that you only set the global setting once at the
very beginning of your program to avoid problems.
Also note that `Clone()` copies the settings as well.
lestrrat-go/jwx
v2.0.7
on GitHub
2 years ago