Skip to content

Releases: bcetienne/tools-go-token

v4.1.0

Choose a tag to compare

@bcetienne bcetienne released this 19 Feb 20:31
  • Add model/auth with User, UserInterface, Claim types (clean naming)
  • Deprecate model/refresh-token aliases (AuthUser, AuthUserInterface, Claim, NewAuthUser)
  • Update service/accessToken.go to use model/auth types directly
  • Update README and CHANGELOG for v4.1.0

v4.0.0 - String-based user IDs with RFC 7519 compliant JWT has been successfully created.

Choose a tag to compare

@bcetienne bcetienne released this 10 Feb 18:07

BREAKING CHANGES:

  • User IDs changed from int to string across all services
  • AuthUser unified with single ID field (supports UUIDs and numeric IDs)
  • JWT structure aligned with RFC 7519 (user ID in Subject claim)
  • All service signatures updated to accept string user IDs

Benefits:

  • Platform flexibility for UUID-based and numeric ID systems
  • Standards compliance with RFC 7519
  • Simplified API with single ID field

v3.2.0: Fix Go module path for v3 semantic versioning

Choose a tag to compare

@bcetienne bcetienne released this 09 Feb 19:28
- Update go.mod to use github.com/bcetienne/tools-go-token/v3
- Update all import paths in README examples to use /v3 suffix
- Fixes pkg.go.dev indexing issue for versions >= 2.0.0

According to Go's semantic import versioning rules, modules with
major version >= 2 must include the version suffix in the module path.

v3.1.0: Documentation and Test Improvements

Choose a tag to compare

@bcetienne bcetienne released this 07 Feb 16:56

Release v3.1.0: Documentation and Test Improvements

This release adds comprehensive godoc documentation and fixes failing tests.

Added

  • Complete godoc documentation for all 36 public API elements
  • Documentation follows godoc standards with examples

Fixed

  • Config tests: missing otpSecret/otpTTL parameters
  • OTP tests: validation error expectations
  • All tests now pass (100% test suite success)

Technical Details

  • Module: github.com/bcetienne/tools-go-token
  • Go version: 1.22+
  • Breaking changes: None
  • Backward compatible: Yes

v3.0.0 - OTP Service

Choose a tag to compare

@bcetienne bcetienne released this 07 Feb 16:55

Release v3.0.0 - OTP Service with performance optimizations

Breaking changes:

  • NewConfig() signature changed: added otpSecret and otpTTL parameters
  • All existing NewConfig calls must be updated

New features:

  • OTP (One-Time Password) service for passwordless authentication
  • 6-digit codes with bcrypt hashing (cost 14)
  • Rate limiting (5 attempts max per OTP)
  • Single-use enforcement (auto-revoked after verification)
  • Single active OTP per user
  • Automatic expiration via Redis TTL (default: 10 minutes)

Improvements:

  • Performance optimizations (hasher and duration caching)
  • Fixed race condition in incrementAttempts
  • Complete godoc documentation
  • 40 new tests (116 total)

See CHANGELOG.md for full details.

Redis migration

Choose a tag to compare

@bcetienne bcetienne released this 07 Feb 16:55

🚀 Version 2.0.0 - Redis Migration

⚠️ Breaking Changes

This is a major version with breaking changes. Migration from v1.x requires:

  • Redis instance instead of PostgreSQL
  • Updated service initialization code
  • New configuration structure

🎯 Major Changes

  • Redis Backend: Complete migration from PostgreSQL to Redis for token storage
  • Automatic Expiration: Leverages Redis TTL for automatic token cleanup
  • Multi-Device Support: RefreshToken service now supports multiple active tokens per user
  • Security Enhancement: Password reset enforces single active token per user
  • Separate TTL Config: Independent expiry settings for refresh and password reset tokens

📦 Migration Guide

Before (v1.x):

// PostgreSQL-based
refreshTokenService := service.NewRefreshTokenService(db, config)

After (v2.0.0):
// Redis-based
refreshTokenService, err := service.NewRefreshTokenService(ctx, redisClient, config)

See README.md for complete documentation.

Version 1.0.0 - First release

Choose a tag to compare

@bcetienne bcetienne released this 12 Sep 15:57

Added

  • JWT Access Token service with secure authentication
  • Refresh Tokens service with PostgreSQL persistence
  • Password Reset service with temporary tokens
  • Password validation (complexity, length, prohibited words)
  • RFC-compliant email validation
  • Secure password hashing with bcrypt
  • Automatic management of PostgreSQL schemas and tables
  • Comprehensive testing with TestContainers
  • Complete documentation

Security

  • Bcrypt with cost factor 14
  • Cryptographically secure tokens
  • Protection against SQL injection
  • Strict validation of user input