v2.4.1

What's Changed

• [FEAT] allow callout service configuration to allow generation of users for any account by @aricart in #197

Full Changelog: v2.4.0...v2.4.1

v2.4.0

What's Changed

• [FEAT] added support for external authorization for accounts. by @derekcollison in #179, #180, #185, #186,
• [FIX] added validation requiring auth user when auth accounts are listed by @aricart in #181
• [UPDATE] Some Updates by @derekcollison in #183
• [FEAT] Xkeys support by @derekcollison in #182
• [CHORE] migrate ci to gha by @aricart in #191
• [FIX] added additional scrutiny to DidSign in the case of signing keys by @aricart in #190
• [FIX] overhaul jwt v2 and v1 inter-tangling by @philpennock in #195
• [FIX] Simplify AuthorizationResponse by @aricart in #189
• [BUMP] version for imminent release: 2.4.0 by @philpennock in #196

Full Changelog: v2.3.0...v2.4.0

Release v2.3.0

Changelog

The repository master branch has been renamed to main. If you have a fork or a local copy of the repository, you would have to perform the following git operations:

git checkout master
git branch -m master main
git fetch origin
git remote set-head origin -a

Added

• IssueUserJWT() takes an account scoped signing key, account id, and use public key (and optionally a user's name, an expiration duration and tags) and returns a valid signed JWT. See the following ADR for more information (#163)
• JetStreamLimits.MaxBytesRequired: a boolean to indicate that max_bytes is required for all streams created under an account (#164)
• AccountClaims.Limits.JetStreamTieredLimits: which is a map of JetStreamLimits where the key is the tier, for example "R1", "R3", etc.. (#169)
• JetStreamLimits.MemoryMaxstreamBytes and JetStreamLimits.DiskMaxstreamBytes: to limit the maximum value for max bytes for memory and disk (#172)
• JetStreamLimits.MaxAckPending: to limit the number of MaxAckPending on a consumer (#174)
• AccountLimits.DisallowBearer: to reject connections from user JWTs that have the bearer token boolean set to true (#177)

Fixed

• Activation's validation error text: was reporting invalid export type instead of invalid import type (#176)

Complete Changes

v2.2.0...v2.3.0

Release v2.2.0

Changelog

Added

• Two new connection types, LEAFNODE_WS and MQTT_WS (not yet supported in the NATS Server, but will be in the near future). If the administrator wants to restrict a configured user to a leaf node connection (websocket or not) but not as a standard user (a client application), the previous existing connection types would not allow it. Having only LEAFNODE would not deny LeafNode connection over websocket, and adding WEBSOCKET would then allow client applications to connect to the client websocket port (#161)

Fixed

• Decoding of signing keys would return a nil map instead of the actual signing keys (#160)

Complete Changes

v2.1.0...v2.2.0

Release v2.1.0

Changelog

Changed

• Separate test dependencies from v2 module

Complete Changes

v2.0.3...v2.1.0

Release v2.0.3

Changelog

Fixed

• Wildcard counting issue on import validation (#154)

Complete Changes

v2.0.2...v2.0.3

Release v2.0.2

Changelog

Fixed

• Regular expression to accept EOF/newline at the end of the decoration (#151)

Complete Changes

v2.0.1...v2.0.2

Release v2.0.1

Changelog

Fixed

• Import validation to return error when token are in the wrong context (#149)

Complete Changes

v2.0.0...v2.0.1

Release v2.0.0

Changelog

Added

• Information link and description to account and export (#122)
• Ability to specify headers for latency tracking (#125)
• Ability to have wildcards export/imports (#131)
• Roles for signing keys (#129)
• Generic claims can now have custom types (#132)
• Keys() function to SigningKeys which returns all signing keys in the account (#134)
• New field LocalSubject to rename the remote subject (#137)
• Accessor to read To without deprecation warning (#138)
• Flag enforcing subordinate objects to be signed with signing keys (#140)
• Advertise flag to exports and extending maximum description length (#143)
• Support for account mappings (#145)

Deprecated

• The To subject in imports (#137)

Removed

• JWT activation token as URL and corresponding download (#144)

Fixed

• Import token validation (#124)
• Removed unnecessary warning for imports without token (#130)
• Ensure that generic claims type is a string (#133)
• Missing validation for permissions (#139)
• Fixed default value for JetStream to be 0 (disabled) (#141)
• op.DidSign(op) when strict signing key usage was enforced (#142)

Updated

• Dependencies to nkeys v0.3.0 (#147)

Complete Changes

v1.2.2...v2.0.0

Release v1.2.2

Changelog

Fixed

• Make the error more meaningful when parsing a newer JWT (#119)

Complete Changes

v1.2.0...v1.2.2