All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Enterprise URL Handling: Fixed regression in GitHub Enterprise URL handling (#41)
- Tightened test conditions and added more tests for
WithEnterpriseURL
- Bumped
github.com/golang-jwt/jwt/v5from 5.3.0 to 5.3.1 (#39) - Bumped
golang.org/x/oauth2from 0.32.0 to 0.34.0 (#34, #36) - Bumped
actions/checkoutfrom 5 to 6 (#35) - Bumped
actions/cachefrom 4 to 5 (#37) - Bumped
golangci/golangci-lint-actionfrom 8 to 9 (#33) - Bumped
styfle/cancel-workflow-actionfrom 0.12.1 to 0.13.0 (#38)
Contributors: @luna-veil-8080
Full Changelog: https://github.com/jferrl/go-githubauth/compare/v1.5.0...v1.5.1
This release removes the github.com/google/go-github/v74 dependency and implements a lightweight internal GitHub API client. While most users will experience no breaking changes, some API adjustments have been made:
-
Enterprise Configuration Simplified
- Before:
WithEnterpriseURLs(baseURL, uploadURL string)- required both base and upload URLs - After:
WithEnterpriseURL(baseURL string)- single base URL parameter - Migration: Remove the redundant upload URL parameter
- Before:
-
Type Changes (if you were using these types directly)
github.InstallationTokenOptions→githubauth.InstallationTokenOptionsgithub.InstallationPermissions→githubauth.InstallationPermissionsgithub.InstallationToken→githubauth.InstallationTokengithub.Repository→githubauth.Repository
- Internal GitHub API Client: New
github.gofile with minimal GitHub API implementation- Direct HTTP API calls to GitHub's REST API
InstallationTokenOptionstype for configuring installation token requestsInstallationPermissionstype with comprehensive permission structureInstallationTokenresponse type from GitHub APIRepositorytype for minimal repository representation
- Public Helper Function: Added
Ptr[T]()generic helper for creating pointers to any type (useful for InstallationTokenOptions)
- Removed Dependency: Eliminated
github.com/google/go-github/v74dependency - Removed Dependency: Eliminated
github.com/google/go-querystringindirect dependency - Simplified Enterprise Support: Streamlined from
WithEnterpriseURLs()toWithEnterpriseURL() - Updated Documentation: Package docs now reflect that the library is built only on
golang.org/x/oauth2 - Binary Size Reduction: Smaller binaries without unused go-github code
- Documentation: Fixed GitHub API documentation link for installation token generation
No action required - if you only use the public TokenSource functions, your code will continue to work without changes.
// Before (v1.4.x)
installationTokenSource := githubauth.NewInstallationTokenSource(
installationID,
appTokenSource,
githubauth.WithEnterpriseURLs("https://github.example.com", "https://github.example.com"),
)
// After (v1.5.0)
installationTokenSource := githubauth.NewInstallationTokenSource(
installationID,
appTokenSource,
githubauth.WithEnterpriseURL("https://github.example.com"),
)// Before (v1.4.x)
import "github.com/google/go-github/v74/github"
opts := &github.InstallationTokenOptions{
Repositories: []string{"repo1", "repo2"},
Permissions: &github.InstallationPermissions{
Contents: github.Ptr("read"),
},
}
// After (v1.5.0)
import "github.com/jferrl/go-githubauth"
opts := &githubauth.InstallationTokenOptions{
Repositories: []string{"repo1", "repo2"},
Permissions: &githubauth.InstallationPermissions{
Contents: githubauth.Ptr("read"), // Use the new Ptr() helper
},
}- ✅ Reduced Dependencies: 2 fewer dependencies (from 3 to 2 total)
- ✅ Smaller Binary Size: No unused go-github code included
- ✅ Better Control: Full ownership of GitHub API integration
- ✅ Easier Debugging: Simpler code path for troubleshooting
- ✅ Same Performance: All token caching and performance optimizations maintained
Full Changelog: https://github.com/jferrl/go-githubauth/compare/v1.4.2...v1.5.0
- Replace external GitHub mock with local implementation
- Enhanced Token Reuse: Implemented
ReuseTokenSourceinNewApplicationTokenSourcefor improved token caching efficiency - Dependency Updates: Bumped
golang.org/x/oauth2from 0.30.0 to 0.31.0 - CI/CD Improvements: Updated GitHub Actions dependencies and workflow permissions
- Bumped
actions/setup-gofrom 5 to 6 - Bumped
actions/checkoutfrom 4 to 5
- Bumped
- Library Upgrade: Upgraded
github.com/google/go-githubto v74
- Security: Fixed code scanning alert regarding workflow permissions
- Bumped
golang.org/x/oauth2from 0.30.0 to 0.31.0 (#25) - Bumped
actions/setup-gofrom 5 to 6 (#26) - Bumped
actions/checkoutfrom 4 to 5 (#28) - Upgraded
github.com/google/go-githubto v74 (#29)
Contributors: @jferrl, @krancour (first contribution)
Full Changelog: https://github.com/jferrl/go-githubauth/compare/v1.4.0...v1.4.1
- Personal Access Token Support: New
NewPersonalAccessTokenSourcefunction for classic and fine-grained personal access tokens - Advanced Token Caching: Implemented dual-layer token caching system using
oauth2.ReuseTokenSource- JWT tokens cached until expiration (up to 10 minutes)
- Installation tokens cached until expiration (up to 1 hour)
- High-Performance HTTP Client: Custom
cleanHTTPClientimplementation with connection pooling- Based on HashiCorp's go-cleanhttp patterns for production reliability
- HTTP/2 support with persistent connections
- No shared global state to prevent race conditions
- Significant Performance Improvements: Up to 99% reduction in unnecessary token generation and GitHub API calls
- Enhanced Documentation: Added comprehensive examples for personal access token usage
- Optimized Memory Usage: Reduced object allocation through intelligent token reuse
- GitHub App JWTs: Cached and reused until expiration instead of regenerating on every API call
- Installation Tokens: Cached until expiration, dramatically reducing GitHub API rate limit consumption
- Connection Pooling: HTTP connections reused across requests for faster GitHub API interactions
- Production Ready: Optimized for high-throughput applications and CI/CD systems
Full Changelog: https://github.com/jferrl/go-githubauth/compare/v1.3.0...v1.4.0
- Go Generics Support: Introduced generic constraint
Identifierinterface supporting bothint64App IDs andstringClient IDs in a singleNewApplicationTokenSourcefunction - Type-Safe Authentication: Automatic type inference eliminates the need for separate functions while maintaining type safety
- Enhanced Documentation: Official GitHub API references and JWT technical details while maintaining godoc compliance
- Unified
NewApplicationTokenSourcefunction now uses Go generics to support both int64 App IDs and string Client IDs - Go version requirement bumped to 1.21+ (required for generics support)
- Updated Go version to 1.25 in CI workflows and documentation
- Improved CI workflow configurations with updated GitHub Actions
- Eliminated code duplication between App ID and Client ID authentication flows
- Fixed go version usage from go.mod in GitHub Actions build (#12)
- Added Dependabot configuration to keep dependencies up to date (#13)
- Bumped
styfle/cancel-workflow-actionfrom 0.10.0 to 0.12.1 (#15) - Bumped
actions/checkoutfrom 4 to 5 (#18) - Bumped
codecov/codecov-actionfrom 4 to 5 (#19)
Contributors: @jferrl, @grinish21
Full Changelog: https://github.com/jferrl/go-githubauth/compare/v1.2.1...v1.3.0
- Security: Fixed JWT vulnerability GO-2025-3553 by upgrading jwt dependency to v5.3.0 (#9)
Contributors: @grinish21
Full Changelog: https://github.com/jferrl/go-githubauth/compare/v1.2.0...v1.2.1
- Bumped dependencies to latest versions (#8)
Contributors: @candiepih (first contribution)
Full Changelog: https://github.com/jferrl/go-githubauth/compare/v1.1.1...v1.2.0
- Fixed 404 links in README documentation (#3)
- Bumped dependencies to latest versions (#6)
- Upgraded Go version to 1.23 (#7)
Contributors: @grinish21 (first contribution), @jferrl
Full Changelog: https://github.com/jferrl/go-githubauth/compare/v1.1.0...v1.1.1
- GitHub Enterprise Server compatibility
Full Changelog: https://github.com/jferrl/go-githubauth/compare/v1.0.2...v1.1.0
- Minor improvements and bug fixes
Full Changelog: https://github.com/jferrl/go-githubauth/compare/v1.0.1...v1.0.2
- Minor improvements and bug fixes
Full Changelog: https://github.com/jferrl/go-githubauth/compare/v1.0.0...v1.0.1
- Initial Release: GitHub authentication utilities for Go applications
- JWT Generation: Generate JSON Web Tokens (JWT) for GitHub Apps using
NewApplicationTokenSource - Installation Tokens: Obtain GitHub App installation tokens using
NewInstallationTokenSource - Security Compliance:
- JWT expiration time limited to 10 minutes maximum
- Clock drift protection with 60-second buffer
- Configuration Options:
WithApplicationTokenExpiration: Customize JWT token expirationWithHTTPClient: Set custom HTTP clientWithInstallationTokenOptions: Configure installation token options
- OAuth2 Integration: Full compatibility with
golang.org/x/oauth2.TokenSourceinterface
- Comprehensive README with usage examples
- Integration examples with
go-githublibrary
Full Changelog: https://github.com/jferrl/go-githubauth/commits/v1.0.0
go-githubauth is a Go package that provides utilities for GitHub authentication, including generating and using GitHub App tokens, installation tokens, and personal access tokens. It implements the TokenSource interface from the golang.org/x/oauth2 package for seamless integration with existing OAuth2 workflows.
- Generate GitHub Application JWT tokens
- Obtain GitHub App installation tokens
- Personal Access Token support (classic and fine-grained)
- Advanced token caching with automatic refresh
- High-performance HTTP clients with connection pooling
- RS256-signed JWTs with proper clock drift protection
- Full OAuth2 compatibility
- GitHub Enterprise Server support
- Production-ready performance optimizations
For more information, see the README.