Release v2.0.0

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Auth0 Community
+    url: https://community.auth0.com/c/sdks/5
+    about: Discuss this SDK in the Auth0 Community forums
+  - name: SDK API Documentation
+    url: https://pkg.go.dev/github.com/auth0/go-jwt-middleware
+    about: Read the API documentation for this SDK

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,35 @@
+**Please do not report security vulnerabilities here**. 
+The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.
+
+**Thank you in advance for helping us to improve this library!** 
+Your attention to detail here is greatly appreciated and will help us respond as quickly as possible. 
+For general support or usage questions, use the [Auth0 Community](https://community.auth0.com/) or
+[Auth0 Support](https://support.auth0.com/). 
+Finally, to avoid duplicates, please search existing Issues before submitting one here.
+
+By submitting an Issue to this repository, you agree to the terms within the 
+[Auth0 Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md).
+
+### Describe the problem you'd like to have solved
+
+<!---
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+-->
+
+### Describe the ideal solution
+
+<!---
+A clear and concise description of what you want to happen.
+--->
+
+## Alternatives and current workarounds
+
+<!---
+A clear and concise description of any alternatives you've considered or any work-arounds that are currently in place.
+-->
+
+### Additional context
+
+<!---
+Add any other context or screenshots about the feature request here.
+-->

.github/ISSUE_TEMPLATE/report_a_bug.md

@@ -0,0 +1,55 @@
+**Please do not report security vulnerabilities here**.
+The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues.
+
+**Thank you in advance for helping us to improve this library!**
+Your attention to detail here is greatly appreciated and will help us respond as quickly as possible.
+For general support or usage questions, use the [Auth0 Community](https://community.auth0.com/) or
+[Auth0 Support](https://support.auth0.com/).
+Finally, to avoid duplicates, please search existing Issues before submitting one here.
+
+By submitting an Issue to this repository, you agree to the terms within the
+[Auth0 Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md).
+
+### Describe the problem
+
+<!---
+Provide a clear and concise description of the issue.
+-->
+
+### What was the expected behavior?
+
+<!---
+Tell us about the behavior you expected to see.
+-->
+
+### Reproduction
+
+<!---
+Detail the steps taken to reproduce this error, and whether this issue can be reproduced consistently or if it is 
+intermittent.
+**Note**: If clear, reproducible steps or the smallest sample app demonstrating misbehavior cannot be provided, we may
+not be able to follow up on this bug report.
+
+
+1. ...
+2. ...
+3. ...
+
+If so, provide steps:
+
+Where applicable, please include:
+
+- The smallest possible sample app that reproduces the undesirable behavior
+- Log files (redact/remove sensitive information)
+- Application settings (redact/remove sensitive information)
+- Screenshots
+-->
+
+### Environment
+
+<!---
+Please provide the following:
+
+- **Version of `go-jwt-middleware` used:**
+- **Other modules/plugins/libraries that might be involved:**
+-->

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,53 @@
+## Description
+
+<!--- 
+Describe the purpose of this PR along with any background information and the impacts of the proposed change. 
+For the benefit of the community, please do not assume prior context.
+
+Provide details that support your chosen implementation, including: 
+- breaking changes
+- alternatives considered
+- changes to the API
+- demos (screenshots, videos) if you find that useful
+- etc.
+-->
+
+
+## References
+
+<!--- 
+Include any links supporting this change such as a:
+
+- GitHub Issue/PR number addressed or fixed
+- Auth0 Community post
+- StackOverflow post
+- Support forum thread
+- Related pull requests/issues from other repos
+
+If there are no references, simply delete this section.
+-->
+
+
+## Testing
+
+<!--- 
+Describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. 
+If this library has unit and/or integration testing, tests should be added for new functionality and 
+existing tests should complete without errors.
+-->
+
+- [ ] This change adds test coverage for new/changed/fixed functionality
+
+
+## Checklist
+
+<!---
+Tick with "x" the boxes that apply. You can also fill these out after creating the PR.
+-->
+
+- [x] I have read and agreed to the terms within the [Auth0 Code of Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md).
+- [x] I have read the [Auth0 General Contribution Guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md).
+- [ ] I have reviewed my own code beforehand.
+- [ ] I have added documentation for new/changed functionality in this PR.
+- [ ] All active GitHub checks for tests, formatting, and security are passing.
+- [ ] The correct base branch is being used, if not `master`.

.github/workflows/lint.yaml

@@ -13,15 +13,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: install go
-        uses: actions/setup-go@v1
+        uses: actions/setup-go@v2
         with:
-          go-version: 1.14
+          go-version: 1.17
       - name: checkout code
         uses: actions/checkout@v2
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v2
         with:
-          args: -v --timeout=5m --exclude SA1029
+          args: -v --timeout=5m
           skip-build-cache: true
           skip-go-installation: true
           skip-pkg-cache: true

.github/workflows/test.yaml

@@ -15,9 +15,9 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: install go
-        uses: actions/setup-go@v1
+        uses: actions/setup-go@v2
         with:
-          go-version: 1.14
+          go-version: 1.17
       - name: checkout code
         uses: actions/checkout@v2
       - name: test

MIGRATION_GUIDE.md

@@ -0,0 +1,112 @@
+# Migration Guide
+
+This guide covers the migration from [v1](https://github.com/auth0/go-jwt-middleware/tree/v1.0.1).
+
+### `jwtmiddleware.Options`
+
+Now handled by individual [jwtmiddleware.Option](https://pkg.go.dev/github.com/auth0/go-jwt-middleware#Option) items. 
+They can be passed to [jwtmiddleware.New](https://pkg.go.dev/github.com/auth0/go-jwt-middleware#New) after the 
+[jwtmiddleware.ValidateToken](https://pkg.go.dev/github.com/auth0/go-jwt-middleware#ValidateToken) input:
+
+```golang
+jwtmiddleware.New(validator, WithCredentialsOptional(true), ...)
+```
+
+#### `ValidationKeyGetter`
+
+Token validation is now handled via a token provider which can be learned about in the section on 
+[jwtmiddleware.New](https://pkg.go.dev/github.com/auth0/go-jwt-middleware#New).
+
+#### `UserProperty`
+
+This is now handled in the validation provider.
+
+#### `ErrorHandler`
+
+We now provide a public [jwtmiddleware.ErrorHandler](https://pkg.go.dev/github.com/auth0/go-jwt-middleware#ErrorHandler)
+type:
+
+```golang
+type ErrorHandler func(w http.ResponseWriter, r *http.Request, err error)
+```
+
+A [default](https://pkg.go.dev/github.com/auth0/go-jwt-middleware#DefaultErrorHandler) is provided which translates
+errors into appropriate HTTP status codes.
+
+You might want to wrap the default, so you can hook things into, like logging:
+
+```golang
+myErrHandler := func(w http.ResponseWriter, r *http.Request, err error) {
+	fmt.Printf("error in token validation: %+v\n", err)
+
+	jwtmiddleware.DefaultErrorHandler(w, r, err)
+}
+
+jwtMiddleware := jwtmiddleware.New(validator.ValidateToken, jwtmiddleware.WithErrorHandler(myErrHandler))
+```
+
+#### `CredentialsOptional`
+
+Use the option function 
+[jwtmiddleware.WithCredentialsOptional(true|false)](https://pkg.go.dev/github.com/auth0/go-jwt-middleware#WithCredentialsOptional).
+Default is false.
+
+#### `Extractor`
+
+Use the option function [jwtmiddleware.WithTokenExtractor](https://pkg.go.dev/github.com/auth0/go-jwt-middleware#WithTokenExtractor).
+Default is to extract tokens from the auth header.
+
+We provide 3 different token extractors:
+- [jwtmiddleware.AuthHeaderTokenExtractor](https://pkg.go.dev/github.com/auth0/go-jwt-middleware#AuthHeaderTokenExtractor) renamed from `jwtmiddleware.FromAuthHeader`.
+- [jwtmiddleware.CookieTokenExtractor](https://pkg.go.dev/github.com/auth0/go-jwt-middleware#CookieTokenExtractor) a new extractor.
+- [jwtmiddleware.ParameterTokenExtractor](https://pkg.go.dev/github.com/auth0/go-jwt-middleware#ParameterTokenExtractor) renamed from `jwtmiddleware.FromParameter`.
+
+And also an extractor which can combine multiple different extractors together: 
+[jwtmiddleware.MultiTokenExtractor](https://pkg.go.dev/github.com/auth0/go-jwt-middleware#MultiTokenExtractor) renamed from `jwtmiddleware.FromFirst`.
+
+#### `Debug`
+
+Removed. Please review individual exception messages for error details.
+
+#### `EnableAuthOnOptions`
+
+Use the option function [jwtmiddleware.WithValidateOnOptions(true|false)](https://pkg.go.dev/github.com/auth0/go-jwt-middleware#WithValidateOnOptions). Default is true.
+
+#### `SigningMethod`
+
+This is now handled in the validation provider.
+
+### `jwtmiddleware.New`
+
+A token provider is set up in the middleware by passing a 
+[jwtmiddleware.ValidateToken](https://pkg.go.dev/github.com/auth0/go-jwt-middleware#ValidateToken)
+function:
+
+```golang
+func(context.Context, string) (interface{}, error)
+```
+
+to [jwtmiddleware.New](https://pkg.go.dev/github.com/auth0/go-jwt-middleware#New).
+
+In the example above you can see 
+[github.com/auth0/go-jwt-middleware/validate/josev2](https://pkg.go.dev/github.com/auth0/[email protected]/validate/josev2)
+being used.
+
+This change was made to allow the JWT validation provider to be easily switched out.
+
+Options are passed into `jwtmiddleware.New` after validation provider and use the `jwtmiddleware.With...` functions to 
+set options.
+
+### `jwtmiddleware.Handler*`
+
+Both `jwtmiddleware.HandlerWithNext` and `jwtmiddleware.Handler` have been dropped.
+You can use [jwtmiddleware.CheckJWT](https://pkg.go.dev/github.com/auth0/go-jwt-middleware#JWTMiddleware.CheckJWT) 
+instead which takes in an `http.Handler` and returns an `http.Handler`.
+
+### `jwtmiddleware.CheckJWT`
+
+This function has been reworked to be the main middleware handler piece, and so we've dropped the functionality of it 
+returning and error.
+
+If you need to handle any errors please use the
+[jwtmiddleware.WithErrorHandler](https://pkg.go.dev/github.com/auth0/go-jwt-middleware#WithErrorHandler) function.

Makefile

@@ -6,7 +6,7 @@ test: ## Run tests.
 
 .PHONY: lint
 lint: ## Run golangci-lint.
-	golangci-lint run -v --timeout=5m --exclude SA1029
+	golangci-lint run -v --timeout=5m
 
 .PHONY: help
 help: