`v5` Pre-Release (golang-jwt#234)

Co-authored-by: Micah Parks <[email protected]>
Co-authored-by: Michael Fridman <[email protected]>

Allow strict base64 decoding (golang-jwt#259)

By default base64 decoder works in non-strict mode which
allows tweaking signatures having padding without failing validation.

This creates a potential problem if application treats token value as an identifier.

For example ES256 signature has length of 64 bytes and two padding symbols (stripped by default).
Therefore its base64-encoded value can only end with A, Q, g and w.
In non-strict mode last symbol could be tweaked resulting in 16 distinct
token values having the same signature and passing validation.

This change adds backward-compatible global config variable DecodeStrict
(similar to existing DecodePaddingAllowed) that enables strict base64 decoder mode.

See also golang/go#15656.

Signed-off-by: Alexander Yastrebov <[email protected]>

No pointer embedding in the example (golang-jwt#255)

Fixes golang-jwt#223

chore: remove unused claims in RSA table driven test (golang-jwt#212)

Revert "feat: port clockskew support (golang-jwt#139)" (golang-jwt#184)

This reverts commit d489c99.

feat: port clockskew support (golang-jwt#139)

Co-authored-by: Kolawole Segun <[email protected]>
Co-authored-by: Christian Banse <[email protected]>

Set json encoding precision (golang-jwt#162)

golang-jwt#129: Added VerifyIssuer method to RegisteredClaims (golang…

…-jwt#130)

Adjusted `parser_test.go` to include RSA and ECDSA tokens (golang-jwt…

…#106)

Adds go module support /v4 (golang-jwt#41)

Additionally, added `staticcheck` for basic static code analysis (golang-jwt#44)

Co-authored-by: Christian Banse <[email protected]>