Skip to content

2.0.0
Compare
Choose a tag to compare
@JoshMcCullough JoshMcCullough released this 25 Apr 18:59
· 45 commits to master since this release
2.0.0
b2ec2bb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

This release applies a number of feature adjustments, some of which may require small adjustments to your NGINX config. The goals of this release were cleanup and to remove places where we hard-coded a few things, allowing for greater flexibility.

  • Breaking Change: Renamed directive auth_jwt_extract_sub to auth_jwt_validate_sub and it no longer extracts the sub, it only validates that it is non-empty (as the name suggests). Note that this is off by default.
  • Breaking Change: Removed directive auth_jwt_validate_email -- use auth_jwt_extract_*_claims instead (see below).
  • Breaking Change: Renamed directive auth_jwt_validation_type to auth_jwt_location for clarity (see below).
  • New Feature: Added auth_jwt_extract_request_claims and auth_jwt_extract_response_claims which can be used to extract one or more claims from the JWT and place them on request or response cookies, and also access them by variable. See the README for more information.
  • New Feature: You may now specify a custom header which contains the JWT. Use the auth_jwt_location directive to do so, e.g. auth_jwt_location: HEADER=Auth-Token. You may optionally prefix the JWT with "Bearer ". (#72)
  • Fix: #82 -- Compatibility with nginx 1.23.0+
  • Cleanup: Some of the build process has been cleaned up and refactored, as well as the actual C code for the module.
  • Cleanup: The README has been cleaned up and reorganized.
Assets 6
Loading