Version 0.8.0

• Add support of custom oauth2 server (#29)
• Add support of third-party oauth2 providers in addition to the predefined list (#29)
• Add support of twitter auth (#31)
• Promote aud to User object (6dfd65f)
• Allow custom prefixes for auth routes (#28)

Version 0.7.0

Adds email sender

Version 0.6.0

• Support verified provider #24

Version 0.5.0

• Add support of identicon icons #15
• Add example of anonymous access with a direct provider #17

Version 0.4.0

• Refactor with logger interface, compatible with go-pkgz/lgr
• Optional cache (interface) for refresh optimization
• Ensure logout on valid (logged in) users only
• Rejects expired tokens for non-cookie auth
• Add auth with token query param

Version 0.3.0

• Changed SecretReader, no ID param needed
• Added AudienceReader injected to both middleware and token services
• Ensure aud matching if AudienceReader defined
• Added token validation for everything excluding expiration
• Removed potentially dangerous pre-parse step to get aud from the token
• Optional randomizer to prevent multiple refreshes #10
• Added dev server cancelation

Version 0.2.0

• Admin middleware enforcing auth
• Add direct provider
• Add support of IssuedAt
• More tests for failed branches

Version 0.1.0

• Transfer code from remark42
• Changed to be more generic, without any application-specific properties and checks
• User struct simplified and extended with attributes
• Added claim updater to customize token on the caller side
• Added verification interface to implemented custom filtering of tokens
• Secret management moved to its own interface
• Added top-level auth service wiring all parts together
• Logging changed. By default prints nothing and accept a simple logger interface