authboss v2.0.0-rc2 Release Notes
Release Date: 2018-05-14 // almost 6 years ago-
๐ Mostly rewrote Authboss by changing many of the core interfaces. This release ๐ is instrumental in providing better support for integrating with many web frameworks and setups.
โ Added
โฌ๏ธ v2 Upgrade guide (tov2.md)
๐ API/JSON Support
Because of the new abstractions it's possible to implement body readers, responders, redirectors and renderers that all speak JSON (or anything else for that matter). There are a number of these that exist already in the defaults package.
๐ Changed
The core functionality of authboss is now delivered over a set of interfaces
This change was fairly massive. We've abstracted the HTTP stack completely so that authboss isn't really doing things like issuing template renderings, it's just asking a small interface to do it instead. The reason for doing this was because the previous design was too inflexible and wouldn't integrate nicely with various frameworks etc. The defaults package helps fill in the gaps for typical use cases.
Storage is now done by many small interfaces
It became apparent than the old reflect-based mapping was a horrible solution to passing data back and forth between these structs. So instead we've created a much more verbose (but type safe) set of interfaces to govern which fields we need.
Now we can check that our structs have the correct methods using variable declarations and there's no more confusion about how various types map back and forth inside the mystical
BindandUnbindmethods.The downside to this of course is it's incredibly verbose to create a fully featured model, but I think that the benefits outweigh the downsides (see bugs in the past about different types being broken/not supported/not working correctly).
๐ Support for context.Context is now much better
We had a few pull requests that kind of shoved context.Context support in the sides so that authboss would work in Google App Engine. With this release context is almost everywhere that an external system would be interacted with.
Client State management rewritten
The old method of client state management performed writes too frequently. By using a collection of state change events that are later applied in a single write operation at the end, we make it so we don't get duplicate cookies etc. The bad thing about this is that we have to wrap the ResponseWriter. But there's an UnderlyingResponseWriter interface to deal with this problem.
Validation has been broken into smaller and hopefully nicer interfaces
Validation needs to be handled by the BodyReader's set of returned structs. This punts validation outside of the realm of Authboss for the most part, but there's still helpful tools in the defaults package to help with validation if you're against writing rolling your own.
Logout has been broken out into it's own module to avoid duplication inside login/oauth2 since they perform the same function.
๐ Config is now a nested struct, this helps organize the properties a little better (but I hope you never mouse over the type definition in a code editor).
โ Removed
- Notable removal of AllowInsecureLoginAfterConfirm
๐ Fixed
- ๐ Fix bug where e-mail with only a textbody would send blank e-mails
๐ Deprecated
- ๐ Use of gopkg.in, it's no longer a supported method of consuming authboss. Use manual vendoring, dep or vgo.