Changelog
v3.0.0 (NEXT)
Breaking changes:
- Require token signature to be verified before accessing payload #648 (@anakinj)
- Drop support for the HS512256 algorithm #650 (@anakinj)
- Remove deprecated claim verification methods #654 (@anakinj)
- Remove dependency to rbnacl #655 (@anakinj)
- Support only stricter base64 decoding (RFC 4648) #658 (@anakinj)
- Custom algorithms are required to include
JWT::JWA::SigningAlgorithm
#660 (@anakinj) - Require RSA keys to be at least 2048 bits #661 (@anakinj)
- Base64 encode and decode the k value for HMAC JWKs #662 (@anakinj)
Take a look at the upgrade guide for more details.
Features:
- JWT::EncodedToken#verify! method that bundles signature and claim validation #647 (@anakinj)
- Do not override the alg header if already given #659 (@anakinj)
- Make
JWK::KeyFinder
compatible withJWT::EncodedToken
#663 (@anakinj) - Your contribution here
Fixes and enhancements:
v2.10.1 (2024-12-26)
Fixes and enhancements:
v2.10.0 (2024-12-25)
Features:
- JWT::Token and JWT::EncodedToken for signing and verifying tokens #621 (@anakinj)
- Detached payload support for JWT::Token and JWT::EncodedToken #630 (@anakinj)
- Skip decoding payload if b64 header is present and false #631 (@anakinj)
- Remove a few custom Rubocop configs #638 (@anakinj)
Fixes and enhancements:
- Deprecation warnings for deprecated methods and classes #629 (@anakinj)
- Improved documentation for public apis #629 (@anakinj)
- Use correct methods when raising error during signing/verification with EdDSA #633
- Fix JWT::EncodedToken behavior with empty string as token #640 (@ragalie)
- Deprecation warnings for rbnacl backed functionality #641 (@anakinj)
v2.9.3 (2024-10-03)
Fixes and enhancements:
- Return truthy value for
::JWT::ClaimsValidator#validate!
and::JWT::Verify.verify_claims
#628 (@anakinj)
v2.9.2 (2024-10-03)
Features:
Fixes and enhancements:
- Updated README to correctly document
OpenSSL::HMAC
documentation #617 (@aedryan) - Verify JWT header format #622 (@304)
- Bring back
::JWT::ClaimsValidator
,::JWT::Verify
and a few other removed interfaces for preserved backwards compatibility #624 (@anakinj)
v2.9.1 (2024-09-23)
Fixes and enhancements:
v2.9.0 (2024-09-15)
Features:
Fixes and enhancements:
- Refactor claim validators into their own classes #605 (@anakinj, @MatteoPierro)
- Allow extending available algorithms #607 (@anakinj)
- Do not include the EdDSA algorithm if rbnacl not available #613 (@anakinj)
v2.8.2 (2024-06-18)
Fixes and enhancements:
- Print deprecation warnings only on when token decoding succeeds #600 (@anakinj)
- Unify code style #602 (@anakinj)
v2.8.1 (2024-02-29)
Features:
Fixes and enhancements:
v2.8.0 (2024-02-17)
Features:
- Updated rubocop to 1.56 #573 (@anakinj)
- Run CI on Ruby 3.3 #577 (@anakinj)
- Deprecation warning added for the HMAC algorithm HS512256 (HMAC-SHA-512 truncated to 256-bits) #575 (@anakinj)
- Stop using RbNaCl for standard HMAC algorithms #575 (@anakinj)
Fixes and enhancements:
- Fix signature has expired error if payload is a string #555 (@GobinathAL)
- Fix key base equality and spaceship operators #569 (@magneland)
- Remove explicit base64 require from x5c_key_finder #580 (@anakinj)
- Performance improvements and cleanup of tests #581 (@anakinj)
- Repair EC x/y coordinates when importing JWK #585 (@julik)
- Explicit dependency to the base64 gem #582 (@anakinj)
- Deprecation warning for decoding content not compliant with RFC 4648 #582 (@anakinj)
- Algorithms moved under the
::JWT::JWA
module (@anakinj)
v2.7.1 (2023-06-09)
Fixes and enhancements:
- Handle invalid algorithm when decoding JWT #559 (@nataliastanko)
- Do not raise error when verifying bad HMAC signature #563 (@hieuk09)
v2.7.0 (2023-02-01)
Features:
- Support OKP (Ed25519) keys for JWKs #540 (@anakinj)
- JWK Sets can now be used for tokens with nil kid #543 (@bellebaum)
Fixes and enhancements:
- Fix issue with multiple keys returned by keyfinder and multiple allowed algorithms #545 (@mpospelov)
- Non-string
kid
header values are now rejected #543 (@bellebaum)
v2.6.0 (2022-12-22)
Features:
- Support custom algorithms by passing algorithm objects #512 (@anakinj)
- Support descriptive (not key related) JWK parameters #520 (@bellebaum)
- Support for JSON Web Key Sets #525 (@bellebaum)
- Support HMAC keys over 32 chars when using RbNaCl #521 (@anakinj)
Fixes and enhancements:
v2.5.0 (2022-08-25)
Features:
Fixes and enhancements:
- Bring back the old Base64 (RFC2045) deocode mechanisms #488 (@anakinj)
- Rescue RbNaCl exception for EdDSA wrong key #491 (@n-studio)
- New parameter name for cases when kid is not found using JWK key loader proc #501 (@anakinj)
- Fix NoMethodError when a 2 segment token is missing 'alg' header #502 (@cmrd-senya)
v2.4.1 (2022-06-07)
Fixes and enhancements:
- Raise JWT::DecodeError on invalid signature #484 (@freakyfelt!)
v2.4.0 (2022-06-06)
Features:
- Dropped support for Ruby 2.5 and older #453 - (@anakinj)
- Use Ruby built-in url-safe base64 methods #454 - (@bdewater)
- Updated rubocop to 1.23.0 #457 - (@anakinj)
- Add x5c header key finder #338 - (@bdewater)
- Author driven changelog process #463 - (@anakinj)
- Allow regular expressions and procs to verify issuer #437 (rewritten)
- Add Support to be able to verify from multiple keys #425 (ritikesh)
Fixes and enhancements:
- Readme: Typo fix re MissingRequiredClaim #451 (antonmorant)
- Fix RuboCop TODOs #476 (typhoon2099)
- Make specific algorithms in README linkable #472 (milieu)
- Update note about supported JWK types #475 (dpashkevich)
- Create CODE_OF_CONDUCT.md #449 (loic5)
v2.3.0 (2021-10-03)
Closed issues:
- [SECURITY] Algorithm Confusion Through kid Header #440
- JWT to memory #436
- ArgumentError: wrong number of arguments (given 2, expected 1) #429
- HMAC section of README outdated #421
- NoMethodError: undefined method `zero?' for nil:NilClass if JWT has no 'alg' field #410
- Release new version #409
- NameError: uninitialized constant JWT::JWK #403
Merged pull requests:
- Release 2.3.0 #448 (excpt)
- Fix Style/MultilineIfModifier issues #447 (anakinj)
- feat(EdDSA): Accept EdDSA as algorithm header #446 (Pierre-Michard)
- Pass kid param through JWT::JWK.create_from #445 (shaun-guth-allscripts)
- fix document about passing JWKs as a simple Hash #443 (takayamaki)
- Tests for mixing JWK keys with mismatching algorithms #441 (anakinj)
- verify_claims test shouldnt be within the verify_sub test #431 (andyjdavis)
- Allow decode options to specify required claims #430 (andyjdavis)
- Fix OpenSSL::PKey::EC public_key handing in tests #427 (anakinj)
- Add documentation for find_key #426 (ritikesh)
- Give ruby 3.0 as a string to avoid number formatting issues #424 (anakinj)
- Tests for iat verification behaviour #423 (anakinj)
- Remove HMAC with nil secret from documentation #422 (boardfish)
- Update broken link in README #420 (severin)
- Add metadata for RubyGems #418 (nickhammond)
- Fixed a typo about class name #417 (mai-f)
- Fix references for v2.2.3 on CHANGELOG #416 (vyper)
- Raise IncorrectAlgorithm if token has no alg header #411 (bouk)
v2.2.3 (2021-04-19)
Implemented enhancements:
- Verify algorithm before evaluating keyfinder #343
- Why jwt depends on json < 2.0 ? #179
- Support for JWK in-lieu of rsa_public #158
- Fix rspec
raise_error
warning #413 (excpt) - Add support for JWKs with HMAC key type. #372 (phlegx)
- Improve 'none' algorithm handling #365 (danleyden)
- Handle parsed JSON JWKS input with string keys #348 (martinemde)
- Allow Numeric values during encoding #327 (fanfilmu)
Closed issues:
- "Signature verification raised", yet jwt.io says "Signature Verified" #401
- truffleruby-head build is failing #396
- JWT::JWK::EC needs
require 'forwardable'
#392 - How to use a 'signing key' as used by next-auth #389
- undefined method `verify' for nil:NilClass when validate a JWT with JWK #383
- Make specifying "algorithm" optional on decode #380
- ADFS created access tokens can't be validated due to missing 'kid' header #370
- new version? #355
- JWT gitlab OmniAuth provider setup support #354
- Release with support for RSA.import for ruby < 2.4 hasn't been released #347
- cannot load such file -- jwt #339
Merged pull requests:
- Prepare 2.2.3 release #415 (excpt)
- Remove codeclimate code coverage dev dependency #414 (excpt)
- Add forwardable dependency #408 (anakinj)
- Ignore casing of algorithm #405 (johnnyshields)
- Document function and add tests for verify claims method #404 (yasonk)
- documenting calling verify_jti callback with 2 arguments in the readme #402 (HoneyryderChuck)
- Target the master branch on the build status badge #399 (anakinj)
- Improving the local development experience #397 (anakinj)
- Fix sourcelevel broken links #395 (anakinj)
- Don't recommend installing gem with sudo #391 (tjschuck)
- Enable rubocop locally and on ci #390 (anakinj)
- Ci and test cleanup #387 (anakinj)
- Make JWT::JWK::EC compatible with Ruby 2.3 #386 (anakinj)
- Support JWKs for pre 2.3 rubies #382 (anakinj)
- Replace Travis CI with GitHub Actions (also favor openssl/rbnacl combinations over rails compatibility tests) #381 (anakinj)
- Add auth0 sponsor message #379 (excpt)
- Adapt HMAC to JWK RSA code style. #378 (phlegx)
- Disable Rails cops #376 (anakinj)
- Support exporting RSA JWK private keys #375 (anakinj)
- Ebert is SourceLevel nowadays #374 (anakinj)
- Add support for JWKs with EC key type #371 (richardlarocque)
- Add Truffleruby head to CI #368 (gogainda)
- Add more docs about JWK support #341 (take)
v2.2.2 (2020-08-18)
Implemented enhancements:
- JWK does not decode. #332
- Inconsistent use of symbol and string keys in args (exp and alrogithm). #331
- Pin simplecov to < 0.18 #356 (anakinj)
- verifies algorithm before evaluating keyfinder #346 (jb08)
- Update Rails 6 appraisal to use actual release version #336 (smudge)
- Update Travis #326 (berkos)
- Improvement/encode hmac without key #312 (JotaSe)
Fixed bugs:
- v2.2.1 warning: already initialized constant JWT Error #335
- 2.2.1 is no longer raising
JWT::DecodeError
onnil
verification key #328 - Fix algorithm picking from decode options #359 (excpt)
- Raise error when verification key is empty #358 (anakinj)
Closed issues:
- JWT RSA: is it possible to encrypt using the public key? #366
- Example unsigned token that bypasses verification #364
- Verify exp claim/field even if it's not present #363
- Decode any token #360
- [question] example of using a pub/priv keys for signing? #351
- JWT::ExpiredSignature raised for non-JSON payloads #350
- verify_aud only verifies that at least one aud is expected #345
- Sinatra 4.90s TTFB #344
- How to Logout #342
- jwt token decoding even when wrong token is provided for some letters #337
- Need to use
symbolize_keys
everywhere! #330 - eval() used in Forwardable limits usage in iOS App Store #324
- HS512256 OpenSSL Exception: First num too large #322
- Can we change the separator character? #321
- Verifying iat without leeway may break with poorly synced clocks #319
- Adding support for 'hd' hosted domain string #314
- There is no "typ" header in version 2.0.0 #233
Merged pull requests:
- Release v2.2.2 #367 (excpt)
- Fix 'already initialized constant JWT Error' #357 (excpt)
- Support RSA.import for all Ruby versions. #333 (rabajaj0509)
- Removed forwardable dependency #325 (anakinj)
v2.2.1 (2019-05-24)
Fixed bugs:
- need to
require 'forwardable'
to useForwardable
#316 - Add forwardable dependency for JWK RSA KeyFinder #317 (excpt)
Merged pull requests:
v2.2.0 (2019-05-23)
Closed issues:
- misspelled es512 curve name #310
- With Base64 decode i can read the hashed content #306
- hide post-it's for graphviz views #303
Merged pull requests:
v2.2.0.pre.beta.0 (2019-03-20)
Implemented enhancements:
- Use iat_leeway option #273
- Use of global state in latest version breaks thread safety of JWT.decode #268
- JSON support #246
- Change the Github homepage URL to https #301 (ekohl)
- Fix Salt length for conformance with PS family specification. #300 (tobypinder)
- Add support for Ruby 2.6 #299 (bustikiller)
- update homepage in gemspec to use HTTPS #298 (evgeni)
- Make sure alg parameter value isn't added twice #297 (korstiaan)
- Claims Validation #295 (jamesstonehill)
- JWT::Encode refactorings, alg and exp related bugfixes #293 (anakinj)
- Proposal of simple JWK support #289 (anakinj)
- Add RSASSA-PSS signature signing support #285 (oliver-hohn)
- Add note about using a hard coded algorithm in README #280 (revodoge)
- Add Appraisal support #278 (olbrich)
- Fix decode threading issue #269 (ab320012)
- Removed leeway from verify_iat #257 (ab320012)
Fixed bugs:
- Inconsistent handling of payload claim data types #282
- Issued at validation #247
- Fix bug and simplify segment validation #292 (anakinj)
Security fixes:
- Decoding JWT with ES256 and secp256k1 curve #277
Closed issues:
- RS256, public and private keys #291
- Allow passing current time to
decode
#288 - Verify exp claim without verifying jwt #281
- Audience as an array - how to specify? #276
- signature validation using decode method for JWT #271
- JWT is easily breakable #267
- Ruby JWT Token #265
- ECDSA supported algorithms constant is defined as a string, not an array #264
- NoMethodError: undefined method `group' for <xxxxx> #261
- 'DecodeError'will replace 'ExpiredSignature' #260
- TypeError: no implicit conversion of OpenSSL::PKey::RSA into String #259
- NameError: uninitialized constant JWT::Algos::Eddsa::RbNaCl #258
- Get new token if curren token expired #256
- Infer algorithm from header #254
- Why is the result of decode is an array? #252
- Add support for headless token #251
- Leeway or exp_leeway #215
- Could you describe purpose of cert fixtures and their cryptokey lengths. #185
Merged pull requests:
- Release v2.2.0-beta.0 #302 (excpt)
- Misc config improvements #296 (jamesstonehill)
- Fix JSON conflict between #293 and #292 #294 (anakinj)
- Drop Ruby 2.2 from test matrix #290 (anakinj)
- Remove broken reek config #283 (excpt)
- Add missing test, Update common files #275 (excpt)
- Remove iat_leeway option #274 (wohlgejm)
- improving code quality of jwt module #266 (ab320012)
- fixed ECDSA supported versions const #263 (starbeast)
- Added my name to contributor list #262 (ab320012)
- Use
Class#new
Shorthand For Error Subclasses #255 (akabiru) - [CI] Test against Ruby 2.5 #253 (nicolasleger)
- Fix README #250 (rono23)
- Fix link format #248 (y-yagi)
v2.1.0 (2017-10-06)
Implemented enhancements:
- Ed25519 support planned? #217
- Verify JTI Proc #207
- Allow a list of algorithms for decode #241 (lautis)
- verify takes 2 params, second being payload closes: #207 #238 (ab320012)
- simplified logic for keyfinder #237 (ab320012)
- Show backtrace if rbnacl-libsodium not loaded #231 (buzztaiki)
- Support for ED25519 #229 (ab320012)
Fixed bugs:
- JWT.encode failing on encode for string #235
- The README says it uses an algorithm by default #226
- Fix string payload issue #236 (excpt)
Security fixes:
- Add HS256 algorithm to decode default options #228 (marcoadkins)
Closed issues:
- Change from 1.5.6 to 2.0.0 and appears a "Completed 401 Unauthorized" #240
- Why doesn't the decode function use a default algorithm? #227
Merged pull requests:
- Release 2.1.0 preparations #243 (excpt)
- Update README.md #242 (excpt)
- Update ebert configuration #232 (excpt)
- added algos/strategy classes + structs for inputs #230 (ab320012)
v2.0.0 (2017-09-03)
Fixed bugs:
- Support versions outside 2.1 #209
- Verifying expiration without leeway throws exception #206
- Ruby interpreter warning #200
- TypeError: no implicit conversion of String into Integer #188
- Fix JWT.encode(nil) #203 (tmm1)
Closed issues:
Merged pull requests:
- Release 2.0.0 preparations :) #225 (excpt)
- Skip 'exp' claim validation for array payloads #224 (excpt)
- Use a default leeway of 0 #223 (travisofthenorth)
- Fix reported codesmells #221 (excpt)
- Add fancy gem version badge #220 (excpt)
- Add missing dist option to .travis.yml #219 (excpt)
- Fix ruby version requirements in gemspec file #218 (excpt)
- Fix a little typo in the readme #214 (RyanBrushett)
- Update README.md #212 (zuzannast)
- Fix typo in HS512256 algorithm description #211 (ojab)
- Allow configuration of multiple acceptable issuers #210 (ojab)
- Enforce
exp
to be anInteger
#205 (lucasmazza) - ruby 1.9.3 support message upd #204 (maokomioko)
v2.0.0.beta1 (2017-02-27)
Implemented enhancements:
- Error with method sign for String #171
- Refactor the encondig code #121
- Refactor #196 (EmilioCristalli)
- Move signature logic to its own module #195 (EmilioCristalli)
- Add options for claim-specific leeway #187 (EmilioCristalli)
- Add user friendly encode error if private key is a String, #171 #176 (ogonki-vetochki)
- Return empty string if signature less than byte_size #155 #175 (ogonki-vetochki)
- Remove 'typ' optional parameter #174 (ogonki-vetochki)
- Pass payload to keyfinder #172 (CodeMonkeySteve)
- Use RbNaCl for HMAC if available with fallback to OpenSSL #149 (mwpastore)
Fixed bugs:
- ruby-jwt::raw_to_asn1: Fails for signatures less than byte_size #155
- The leeway parameter is applies to all time based verifications #129
- Make algorithm option required to verify signature #184 (EmilioCristalli)
- Validate audience when payload is a scalar and options is an array #183 (steti)
Closed issues:
- Different encoded value between servers with same password #197
- Signature is different at each run #190
- Include custom headers with password #189
- can't create token - 'NotImplementedError: Unsupported signing method' #186
- Cannot verify JWT at all?? #177
- verify_iss: true is raising JWT::DecodeError instead of JWT::InvalidIssuerError #170
Merged pull requests:
- Version bump 2.0.0.beta1 #199 (excpt)
- Update CHANGELOG.md and minor fixes #198 (excpt)
- Add Codacy coverage reporter #194 (excpt)
- Add minimum required ruby version to gemspec #193 (excpt)
- Code smell fixes #192 (excpt)
- Version bump to 2.0.0.dev #191 (excpt)
- Basic encode module refactoring #121 #182 (ogonki-vetochki)
- Fix travis ci build configuration #181 (excpt)
- Fix travis ci build configuration #180 (excpt)
- Fix typo in README #178 (tomeduarte)
- Fix code style #173 (excpt)
- Fixed a typo in a spec name #169 (mingan)
v1.5.6 (2016-09-19)
Fixed bugs:
Merged pull requests:
v1.5.5 (2016-09-16)
Implemented enhancements:
- JWT.decode always raises JWT::ExpiredSignature for tokens created with Time objects passed as the
exp
parameter #148
Fixed bugs:
- expiration check does not give "Signature has expired" error for the exact time of expiration #157
- JTI claim broken? #152
- Audience Claim broken? #151
- 1.5.3 breaks compatibility with 1.5.2 #133
- Version 1.5.3 breaks 1.9.3 compatibility, but not documented as such #132
- Fix: exp claim check #161 (excpt)
Security fixes:
- [security] Signature verified after expiration/sub/iss checks #153
- Signature validation before claim verification #160 (excpt)
Closed issues:
- Rendering Json Results in JWT::DecodeError #162
- PHP Libraries #154
- Is ruby-jwt thread-safe? #150
- JWT 1.5.3 #143
- gem install v 1.5.3 returns error #141
- Adding a CHANGELOG #140
Merged pull requests:
- Bump version #165 (excpt)
- Improve error message for exp claim in payload #164 (excpt)
- Fix #151 and code refactoring #163 (excpt)
- Create specs for README.md examples #159 (excpt)
- Tiny Readme Improvement #156 (b264)
- Added test execution to Rakefile #147 (jabbrwcky)
- Bump version #145 (excpt)
- Add a changelog file #142 (excpt)
- Return decoded_segments #139 (akostrikov)
v1.5.4 (2016-03-24)
Closed issues:
Merged pull requests:
- Update README.md #138 (excpt)
- Fix base64url_decode #136 (excpt)
- Fix ruby 1.9.3 compatibility #135 (excpt)
- iat can be a float value #134 (llimllib)
v1.5.3 (2016-02-24)
Implemented enhancements:
- Refactor obsolete code for ruby 1.8 support #120
- Fix "Rubocop/Metrics/CyclomaticComplexity" issue in lib/jwt.rb #106
- Fix "Rubocop/Metrics/CyclomaticComplexity" issue in lib/jwt.rb #105
- Allow a proc to be passed for JTI verification #126 (yahooguntu)
- Relax restrictions on "jti" claim verification #113 (lwe)
Closed issues:
- Verifications not functioning in latest release #128
- Base64 is generating invalid length base64 strings - cross language interop #127
- Digest::Digest is deprecated; use Digest #119
- verify_rsa no method 'verify' for class String #115
- Add a changelog #111
Merged pull requests:
- Drop ruby 1.9.3 support #131 (excpt)
- Allow string hash keys in validation configurations #130 (tpickett66)
- Add ruby 2.3.0 for travis ci testing #123 (excpt)
- Remove obsolete json code #122 (excpt)
- Add fancy badges to README.md #118 (excpt)
- Refactor decode and verify functionality #117 (excpt)
- Drop echoe dependency for gem releases #116 (excpt)
- Updated readme for iss/aud options #114 (ryanmcilmoyl)
- Fix error misspelling #112 (kat3kasper)
jwt-1.5.2 (2015-10-27)
Implemented enhancements:
- Must we specify algorithm when calling decode to avoid vulnerabilities? #107
- Code review: Rspec test refactoring #85 (excpt)
Fixed bugs:
- aud verifies if aud is passed in, :sub does not #102
- iat check does not use leeway so nbf could pass, but iat fail #83
Closed issues:
- Test ticket from Code Climate #104
- Test ticket from Code Climate #100
- Is it possible to decode the payload without validating the signature? #97
- What is audience? #96
- Options hash uses both symbols and strings as keys. #95
Merged pull requests:
- Fix incorrect
iat
examples #109 (kjwierenga) - Update docs to include instructions for the algorithm parameter. #108 (aarongray)
- make sure :sub check behaves like :aud check #103 (skippy)
- Change hash syntax #101 (excpt)
- Include LICENSE and README.md in gem #99 (bkeepers)
- Remove unused variable in the sample code. #98 (hypermkt)
- Fix iat claim example #94 (larrylv)
- Fix wrong description in README.md #93 (larrylv)
- JWT and JWA are now RFC. #92 (aj-michael)
- Update README.md #91 (nsarno)
- Fix missing verify parameter in docs #90 (ernie)
- Iat check uses leeway. #89 (aj-michael)
- nbf check allows exact time matches. #88 (aj-michael)
jwt-1.5.1 (2015-06-22)
Implemented enhancements:
Fixed bugs:
- ECDSA signature verification fails for valid tokens #84
- Shouldn't verification of additional claims, like iss, aud etc. be enforced when in options? #81
- decode fails with 'none' algorithm and verify #75
Closed issues:
- Doc mismatch: uninitialized constant JWT::ExpiredSignature #79
- TypeError when specifying a wrong algorithm #77
- jti verification doesn't prevent replays #73
Merged pull requests:
- Correctly sign ECDSA JWTs #87 (jurriaan)
- fixed results of decoded tokens in readme #86 (piscolomo)
- Force verification of "iss" and "aud" claims #82 (lwe)
jwt-1.5.0 (2015-05-09)
Implemented enhancements:
- Needs to support asymmetric key signatures over shared secrets #46
- Implement Elliptic Curve Crypto Signatures #74 (jtdowney)
- Add an option to verify the signature on decode #71 (javawizard)
Closed issues:
- Check JWT vulnerability #76
Merged pull requests:
jwt-1.4.1 (2015-03-12)
Fixed bugs:
Merged pull requests:
jwt-1.4.0 (2015-03-10)
Closed issues:
- The behavior using 'json' differs from 'multi_json' #41
Merged pull requests:
- Release 1.4.0 #64 (excpt)
- Update README.md and remove dead code #63 (excpt)
- Add 'iat/ aud/ sub/ jti' support for ruby-jwt #62 (ZhangHanDong)
- Add 'iss' support for ruby-jwt #61 (ZhangHanDong)
- Clarify .encode API in README #60 (jbodah)
jwt-1.3.0 (2015-02-24)
Closed issues:
- Signature Verification to Return Verification Error rather than decode error #57
- Incorrect readme for leeway #55
- What is the reason behind stripping the = in base64 encoding? #54
- Preperations for version 2.x #50
- Release a new version #47
- Catch up for ActiveWhatever 4.1.1 series #40
Merged pull requests:
- raise verification error for signiture verification #58 (punkle)
- Added support for not before claim verification #56 (punkle)
jwt-1.2.1 (2015-01-22)
Closed issues:
Merged pull requests:
jwt-1.2.0 (2014-11-24)
Closed issues:
- set token to expire #42
Merged pull requests:
jwt-0.1.13 (2014-05-08)
Closed issues:
- yanking of version 0.1.12 causes issues #39
- Semantic versioning #37
- Update gem to get latest changes #36
jwt-1.0.0 (2014-05-07)
Closed issues:
- API request - JWT::decoded_header() #26
Merged pull requests:
- return header along with playload after decoding #35 (sawyerzhang)
- Raise JWT::DecodeError on nil token #34 (tjmw)
- Make MultiJson optional for Ruby 1.9+ #33 (petergoldstein)
- Allow access to header and payload without signature verification #32 (petergoldstein)
- Update specs to use RSpec 3.0.x syntax #31 (petergoldstein)
- Travis - Add Ruby 2.0.0, 2.1.0, Rubinius #30 (petergoldstein)
jwt-0.1.11 (2014-01-17)
Closed issues:
Merged pull requests:
jwt-0.1.10 (2014-01-10)
Closed issues:
- change to signature of JWT.decode method #14
Merged pull requests:
- Fix warning: assigned but unused variable - e #25 (sferik)
- Echoe doesn't define a license= method #24 (sferik)
- Use OpenSSL::Digest instead of deprecated OpenSSL::Digest::Digest #23 (JuanitoFatas)
- Handle some invalid JWTs #22 (steved)
- Add MIT license to gemspec #21 (nycvotes-dev)
- Tweaks and improvements #20 (threedaymonk)
- Don't leave errors in OpenSSL.errors when there is a decoding error. #19 (lowellk)
jwt-0.1.8 (2013-03-14)
Merged pull requests:
- Contrib and update #18 (threedaymonk)
- Verify if verify is truthy (not just true) #17 (threedaymonk)
jwt-0.1.7 (2013-03-07)
Merged pull requests:
jwt-0.1.6 (2013-03-05)
Merged pull requests:
- Fixes a theoretical timing attack #15 (mgates)
- Use StandardError as parent for DecodeError #13 (Oscil8)
jwt-0.1.5 (2012-07-20)
Closed issues:
- Unable to specify signature header fields #7
Merged pull requests:
- MultiJson dependency uses ~> but should be >= #12 (sporkmonger)
- Oops. :-) #11 (sporkmonger)
- Fix issue with signature verification in JRuby #10 (sporkmonger)
- Depend on MultiJson #9 (lautis)
- Allow for custom headers on encode and decode #8 (dgrijalva)
- Missing development dependency for echoe gem. #6 (sporkmonger)
jwt-0.1.4 (2011-11-11)
Merged pull requests:
- Fix for RSA verification #5 (jordan-brough)
jwt-0.1.3 (2011-06-30)
Closed issues:
- signatures calculated incorrectly (hexdigest instead of digest) #1
Merged pull requests:
- Bumped a version and added a .gemspec using rake build_gemspec #3 (zhitomirskiyi)
- Added RSA support #2 (zhitomirskiyi)
* This Changelog was automatically generated by github_changelog_generator