jwt-2.9.0

Full Changelog

Features:

• Build and push gem using a GH action #612 (@anakinj)

Fixes and enhancements:

• Refactor claim validators into their own classes #605 (@anakinj, @MatteoPierro)
• Allow extending available algorithms #607 (@anakinj)
• Do not include the EdDSA algorithm if rbnacl not available #613 (@anakinj)

jwt-2.8.2

Full Changelog

Fixes and enhancements:

• Print deprecation warnings only on when token decoding succeeds #600 (@anakinj)
• Unify code style #602 (@anakinj)

jwt-2.8.1

Full Changelog

Features:

• Configurable base64 decode behaviour #589 (@anakinj)

Fixes and enhancements:

• Output deprecation warnings once #589 (@anakinj)

jwt-2.8.0

Full Changelog

Features:

• Updated rubocop to 1.56 #573 (@anakinj)
• Run CI on Ruby 3.3 #577 (@anakinj)
• Deprecation warning added for the HMAC algorithm HS512256 (HMAC-SHA-512 truncated to 256-bits) #575 (@anakinj)
• Stop using RbNaCl for standard HMAC algorithms #575 (@anakinj)

Fixes and enhancements:

• Fix signature has expired error if payload is a string #555 (@GobinathAL)
• Fix key base equality and spaceship operators #569 (@magneland)
• Remove explicit base64 require from x5c_key_finder #580 (@anakinj)
• Performance improvements and cleanup of tests #581 (@anakinj)
• Repair EC x/y coordinates when importing JWK #585 (@julik)
• Explicit dependency to the base64 gem #582 (@anakinj)
• Deprecation warning for decoding content not compliant with RFC 4648 #582 (@anakinj)
• Algorithms moved under the ::JWT::JWA module (@anakinj)

jwt-2.7.1

Full Changelog

Fixes and enhancements:

• Handle invalid algorithm when decoding JWT #559 - @nataliastanko
• Do not raise error when verifying bad HMAC signature #563 - @hieuk09

jwt-2.7.0

Full Changelog

Features:

• Support OKP (Ed25519) keys for JWKs #540 (@anakinj)
• JWK Sets can now be used for tokens with nil kid #543 (@bellebaum)

Fixes and enhancements:

• Fix issue with multiple keys returned by keyfinder and multiple allowed algorithms #545 (@mpospelov)
• Non-string kid header values are now rejected #543 (@bellebaum)

jwt-2.6.0

v2.6.0 (2022-12-22)

Full Changelog

Features:

• Support custom algorithms by passing algorithm objects#512 (@anakinj).
• Support descriptive (not key related) JWK parameters#520 (@bellebaum).
• Support for JSON Web Key Sets#525 (@bellebaum).
• Support HMAC keys over 32 chars when using RbNaCl#521 (@anakinj).

Fixes and enhancements:

• Raise descriptive error on empty hmac_secret and OpenSSL 3.0/openssl gem <3.0.1 #530 (@jonmchan).

jwt-2.5.0

Full Changelog

Features:

• Support JWK thumbprints as key ids #481 (@anakinj).

Fixes and enhancements:

• Bring back the old Base64 (RFC2045) deocode mechanisms #488 (@anakinj).
• Rescue RbNaCl exception for EdDSA wrong key #491 (@n-studio).
• New parameter name for cases when kid is not found using JWK key loader proc #501 (@anakinj).
• Fix NoMethodError when a 2 segment token is missing 'alg' header #502 (@cmrd-senya).
• Support OpenSSL >= 3.0 #496 (@anakinj).

jwt-2.4.1

v2.4.1 (2022-06-07)

Fixes and enhancements:

• Raise JWT::DecodeError on invalid signature #484 (@freakyfelt!).

Full Changelog

jwt-2.4.0

v2.4.0 (2022-06-06)

Full Changelog

Features:

• Dropped support for Ruby 2.5 and older #453 - @anakinj.
• Use Ruby built-in url-safe base64 methods #454 - @bdewater.
• Updated rubocop to 1.23.0 #457 - @anakinj.
• Add x5c header key finder #338 - @bdewater.
• Author driven changelog process #463 - @anakinj.
• Allow regular expressions and procs to verify issuer #437 (rewritten).
• Add Support to be able to verify from multiple keys #425 (ritikesh).

Fixes and enhancements:

• Readme: Typo fix re MissingRequiredClaim #451 (antonmorant).
• Fix RuboCop TODOs #476 (typhoon2099).
• Make specific algorithms in README linkable #472 (milieu).
• Update note about supported JWK types #475 (dpashkevich).
• Create CODE_OF_CONDUCT.md #449 (loic5).