From 3a6a31b418ebb12cf5cc0c74a2b69fb9a36cabed Mon Sep 17 00:00:00 2001 From: cduvray Date: Wed, 1 Feb 2023 22:10:18 +0100 Subject: [PATCH] chore: release 0.6.0 --- CHANGELOG.md | 20 +++++++++++++++++--- Cargo.lock | 2 +- jwt-authorizer/Cargo.toml | 4 ++-- jwt-authorizer/docs/README.md | 13 +++++++------ 4 files changed, 27 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e5bc39a..e5039ce 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased +## 0.6.0 (2023-02-05) + +### Added + +- JwtAuthorizer::from_oidc(issuer_uri) - building from oidc discovery page + +### Chnaged + +- JwtAuthorizer::layer() becomes async + +### Minor Changes + +- demo-server refactoring + ## 0.5.0 - (2023-1-28) ### Changed @@ -47,10 +61,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## 0.3.0 - (2023-1-13) -### Added +### Added -- building the authorizer layer from rsa, ec, ed PEM files and from secret phrase (9bd99b2a) +- building the authorizer layer from rsa, ec, ed PEM files and from secret phrase (9bd99b2a) ## 0.2.0 - (2023-1-10) -Initial release \ No newline at end of file +Initial release diff --git a/Cargo.lock b/Cargo.lock index d990bf4..6dd07eb 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -717,7 +717,7 @@ dependencies = [ [[package]] name = "jwt-authorizer" -version = "0.5.0" +version = "0.6.0" dependencies = [ "axum", "futures-core", diff --git a/jwt-authorizer/Cargo.toml b/jwt-authorizer/Cargo.toml index 959d3e8..0512bf6 100644 --- a/jwt-authorizer/Cargo.toml +++ b/jwt-authorizer/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "jwt-authorizer" description = "jwt authorizer middleware for axum" -version = "0.5.0" +version = "0.6.0" edition = "2021" authors = ["cduvray "] license = "MIT" @@ -31,4 +31,4 @@ tracing-subscriber = { version = "0.3", features = ["env-filter"] } [dev-dependencies] hyper = { version = "0.14", features = ["full"] } tower = { version = "0.4", features = ["util"] } -wiremock = "0.5" \ No newline at end of file +wiremock = "0.5" diff --git a/jwt-authorizer/docs/README.md b/jwt-authorizer/docs/README.md index 0b2d6ed..8a5b250 100644 --- a/jwt-authorizer/docs/README.md +++ b/jwt-authorizer/docs/README.md @@ -8,6 +8,7 @@ JWT authoriser Layer for Axum. - Algoritms: ECDSA, RSA, EdDSA, HS - JWKS endpoint support - Configurable refresh + - OpenId Connect Discovery - Claims extraction - Claims checker @@ -28,14 +29,14 @@ JWT authoriser Layer for Axum. } // let's create an authorizer builder from a JWKS Endpoint - let jwt_auth: JwtAuthorizer = + let jwt_auth: JwtAuthorizer = JwtAuthorizer::from_jwks_url("http://localhost:3000/oidc/jwks"); // adding the authorization layer let app = Router::new().route("/protected", get(protected)) - .layer(jwt_auth.layer().await.unwrap()); + .layer(jwt_auth.layer().await.unwrap()); - // proteced handler with user injection (mapping some jwt claims) + // proteced handler with user injection (mapping some jwt claims) async fn protected(JwtClaims(user): JwtClaims) -> Result { // Send the protected data to the user Ok(format!("Welcome: {}", user.sub)) @@ -48,7 +49,7 @@ JWT authoriser Layer for Axum. ## ClaimsChecker -A check function (mapping deserialized claims to boolean) can be added to the authorizer. +A check function (mapping deserialized claims to boolean) can be added to the authorizer. A check failure results in a 403 (WWW-Authenticate: Bearer error="insufficient_scope") error. @@ -73,7 +74,7 @@ Example: ## JWKS Refresh -By default the jwks keys are reloaded when a request token is signed with a key (`kid` jwt header) that is not present in the store (a minimal intervale between 2 reloads is 10s by default, can be configured). +By default the jwks keys are reloaded when a request token is signed with a key (`kid` jwt header) that is not present in the store (a minimal intervale between 2 reloads is 10s by default, can be configured). - `JwtAuthorizer::no_refresh()` configures one and unique reload of jwks keys -- `JwtAuthorizer::refresh(refresh_configuration)` allows to define a finer configuration for jwks refreshing, for more details see the documentation of `Refresh` struct. \ No newline at end of file +- `JwtAuthorizer::refresh(refresh_configuration)` allows to define a finer configuration for jwks refreshing, for more details see the documentation of `Refresh` struct.