v2.3.22

JWTMiddleware now supports a configurable audience parameter to validate the aud claim. This ensures tokens are intended for your services, reducing the risk of token replay or misrouting and strengthening your zero-trust posture.

Details

• Enforce audience verification without changing existing token flows
• Compatible with major identity providers and standard JWT libraries
• Non-breaking change; enable when ready by configuring your expected audience

Who this is for: Security-conscious teams and enterprises running production workloads with strict auth requirements.