Shorten default error display format by lestrrat · Pull Request #1532 · lestrrat-go/jwx Aiming to display only the top-most and inner-most errors by default. Users can use %+v to display the whole chain Addresses error message length mentioned in #1487 (comment)

I have a set of changes (coded using AI) that shortens the default error message into it's outer-most and inner-most messages instead of my usual "cram every piece of evidence in the error" approach. Let me know if you have an opinion one way or the other #golang #jwx

github.com/lestrrat-go/...

Do you care if github.com/lestrrat-go/jwx's error messages become short (or not)? #golang #jwx

Release v3.0.6 · lestrrat-go/jwx What's Changed Use shared constants for better legibility/greppability by @lestrrat in #1398 Rework pool objects by @lestrrat in #1399 Bump github.com/cloudflare/circl from 1.6.0 to 1.6.1 in /exam...

This time, it's really getting 70%~ performance gains for the most common use case `jwt.Sign(token, jwt.WithKey(...))`

github.com/lestrrat-go/...

#golang #jwt #jwx #jwk #jws

Release v3.0.2 · lestrrat-go/jwx What's Changed Bump golangci/golangci-lint-action from 7.0.0 to 8.0.0 by @dependabot in #1369 Bump golang.org/x/crypto from 0.37.0 to 0.38.0 by @dependabot in #1372 Bump actions/setup-go from 5.4....

github.com/lestrrat-go/jwx v3.0.2 has been released. It adds some experimental QoL upgrades in the transform package, as well as some internal updates that improves interoperability of jwk.Export with third-party jwk.Key objects.

github.com/lestrrat-go/...

#golang #jwx #jwt #jwk #jws #jwe

GitHub - lestrrat-go/jwx: Implementation of various JWx (Javascript Object Signing and Encryption/JOSE) technologies Implementation of various JWx (Javascript Object Signing and Encryption/JOSE) technologies - lestrrat-go/jwx

github.com/lestrrat-go/jwx should now work with go1.24 for both v2 and v3 (alpha) lines #golang #jwt #jwx

github.com/lestrrat-go/...
github.com/lestrrat-go/...

so in v3, you will be able to tell that `jws.Verify` failed, that it's not a verification error (e.g. wrong key or signature), and that it's a parse error #golang #jwt #jwx

Go Dependencies for JWX are not frequently updated · Issue #1146 · lestrrat-go/jwx Following dependencies as needing to be updated frequently raises concerns around using JWX maintainability and security updates. It makes strong case for using https://github.com/golang-jwt/jwt ov...

So, honestly. Do you consider a library _LESS SECURE_ because its underlying libraries have not received updates in the last two years? #golang #foss #jwt #jwx

github.com/lestrrat-go/...

Release v2.1.0 · lestrrat-go/jwx v2.1.0 18 Jun 2024 [New Features] * [jwt] Added `jwt.ParseCookie()` function * [jwt] `jwt.ParseRequest()` can now accept a new option, jwt.WithCookieKey() to specify a cookie name to extrac...

Released github.com/lestrrat-go/...

Because there's a minor breaking change in jwt.ParseRequest(), the new release of github.com/lestrrat-go/jwx is bumping its minor version from v2.0.21 to v2.1.0 #golang #jwt #jwx

定期的に聞かれるので、「なんでlestrrat-go/jwxのオプションはコールバックじゃなくてオブジェクトなの？」をFAQに追加しました #jwt #golang #jwx

github.com/lestrrat-go/...

GitHub - lestrrat-go/jwx: Implementation of various JWx (Javascript Object Signing and Encryption/JOSE) technologies Implementation of various JWx (Javascript Object Signing and Encryption/JOSE) technologies - lestrrat-go/jwx

Released github.com/lestrrat-go/jwx v2.0.21 and v1.2.29, with the new cap set to the buffer size available to decompress compressed JWE payloads. #jwx #jwt #jwe #golang