v0.7.1

Nothing but docs update.

v0.7.0

Fixes #14

New Features

• Support asymmetric signing algorithms.

Breaking Changes

The default name of user claim will be sub instead of username. Which means if the configuration item user_claims were not provided, caddy-jwt will check sub field in the token as the user identifier, rather than username.

Thanks

@winkywooster

v0.6.0

Changes

#2 Support query nested when populating caddy metadata placholders {http.auth.user.*}.

Usage:

If you want to populate http.auth.user.is_paypal_enabled in caddy with the value of settings.payout.paypal.enabled from the following JWT payload:

{
  "jti": "...",
  "aud": "...",
  "settings": {
    "payout": {
      "paypal": {
        "enabled": true
      }
    }
  }
}

you could define an item as "settings.payout.paypal.enabled -> is_paypal_enabled" in jwtauth.meta_claims.

Sample Caddyfile

api.example.com {
	route * {
		jwtauth {
			sign_key TkZMNSowQmMjOVU2RUB0bm1DJkU3U1VONkd3SGZMbVk=
			from_query access_token token
			from_header X-Api-Token
			from_cookies user_session
			user_claims uid user_id username login
			issuer_whitelist https://api.example.com
			audience_whitelist https://api.example.io https://learn.example.com
			meta_claims "IsAdmin->is_admin" gender "settings.payout.paypal.enabled -> is_paypal_enabled"
		}
		reverse_proxy http://172.16.0.14:8080
	}
}

Thanks

@bandirsen

v0.5.0

Changes

1. Use "username" instead of "aud" as the default value of user_claims option. It was a misuse of aud claim as the "ID of the user". Read more about aud at https://curity.io/resources/learn/jwt-best-practices/
2. Add new option audience_whitelist to enable "aud verification".
3. Add new options issuser_whitelist to enable "iss verification".

Sample Caddyfile

api.example.com {
	route * {
		jwtauth {
			sign_key TkZMNSowQmMjOVU2RUB0bm1DJkU3U1VONkd3SGZMbVk=
			from_query access_token token
			from_header X-Api-Token
			from_cookies user_session
			user_claims uid user_id username login
			issuer_whitelist https://api.example.com
			audience_whitelist https://api.example.io https://learn.example.com
			meta_claims "IsAdmin->is_admin" gender
		}
		reverse_proxy http://172.16.0.14:8080
	}
}

v0.4.0

Changes

1. Populate metadata placeholders {http.auth.user.*} by config meta_claims.

Sample Caddyfile

api.example.com {
	route * {
		jwtauth {
			sign_key TkZMNSowQmMjOVU2RUB0bm1DJkU3U1VONkd3SGZMbVk=
			from_query access_token token
			from_header X-Api-Token
			from_cookies user_session
			user_claims aud uid user_id username login
			meta_claims "IsAdmin->is_admin" gender
		}
		reverse_proxy http://172.16.0.14:8080
	}
}

v0.3.0

Changes

Use base64 encoded key for the sign_key in the configurations, both JSON and Caddyfile.

Sample Caddyfile

api.example.com {
	route * {
		jwtauth {
			sign_key TkZMNSowQmMjOVU2RUB0bm1DJkU3U1VONkd3SGZMbVk=
			from_query access_token token
			from_header X-Api-Token
			from_cookies user_session
			user_claims aud uid user_id username login
		}
		reverse_proxy http://172.16.0.14:8080
	}
}

v0.2.0

Changes

1. Added from_cookies config, used to getting tokens from the HTTP cookies.
2. Deprecated header_first config, and defaults the priority of from_xxx configs to from_query > from_header > from_cookies.

Sample Caddyfile

api.example.com {
	route * {
		jwtauth {
			sign_key NFL5*0Bc#9U6E@tnmC&E7SUN6GwHfLmY
			from_query access_token token
			from_header X-Api-Token
			from_cookies user_session
			user_claims aud uid user_id username login
		}
		reverse_proxy http://172.16.0.14:8080
	}
}

v0.1.0

It's the very first release.

Sample Caddyfile

api.example.com {
	route * {
		jwtauth {
			sign_key NFL5*0Bc#9U6E@tnmC&E7SUN6GwHfLmY
			from_query access_token token
			from_header X-Api-Token
			header_first true
			user_claims aud uid user_id username login
		}
		reverse_proxy http://172.16.0.14:8080
	}
}