JWT v2.2.3 Release Notes

Release Date: 2021-04-19 // 6 months ago
  • ๐Ÿ’Ž Full Changelog

    Implemented enhancements:

    • ๐Ÿ‘Œ Verify algorithm before evaluating keyfinder #343
    • ๐Ÿ’Ž Why jwt depends on json < 2.0 ? #179
    • ๐Ÿ‘Œ Support for JWK in-lieu of rsa_public #158
    • ๐Ÿ›  Fix rspec raise_error warning #413 (excpt)
    • โž• Add support for JWKs with HMAC key type. #372 (phlegx)
    • ๐Ÿ‘Œ Improve 'none' algorithm handling #365 (danleyden)
    • ๐Ÿ“œ Handle parsed JSON JWKS input with string keys #348 (martinemde)
    • ๐Ÿ‘ Allow Numeric values during encoding #327 (fanfilmu)

    Closed issues:

    • ๐Ÿ’Ž "Signature verification raised", yet jwt.io says "Signature Verified" #401
    • ๐Ÿ— truffleruby-head build is failing #396
    • ๐Ÿ’Ž JWT::JWK::EC needs require 'forwardable' #392
    • ๐Ÿ’Ž How to use a 'signing key' as used by next-auth #389
    • ๐Ÿ’Ž undefined method `verify' for nil:NilClass when validate a JWT with JWK #383
    • ๐Ÿ’Ž Make specifying "algorithm" optional on decode #380
    • ๐Ÿ’Ž ADFS created access tokens can't be validated due to missing 'kid' header #370
    • ๐Ÿ†• new version? #355
    • ๐Ÿ’Ž JWT gitlab OmniAuth provider setup support #354
    • ๐Ÿš€ Release with support for RSA.import for ruby < 2.4 hasn't been released #347
    • ๐Ÿ’Ž cannot load such file -- jwt #339

    ๐Ÿ”€ Merged pull requests:

    • โœ‚ Remove codeclimate code coverage dev dependency #414 (excpt)
    • โž• Add forwardable dependency #408 (anakinj)
    • ๐Ÿ’Ž Ignore casing of algorithm #405 (johnnyshields)
    • โœ… Document function and add tests for verify claims method #404 (yasonk)
    • ๐Ÿ’Ž documenting calling verify_jti callback with 2 arguments in the readme #402 (HoneyryderChuck)
    • ๐Ÿ— Target the master branch on the build status badge #399 (anakinj)
    • ๐Ÿ’Ž Improving the local development experience #397 (anakinj)
    • ๐Ÿ›  Fix sourcelevel broken links #395 (anakinj)
    • ๐Ÿ’Ž Don't recommend installing gem with sudo #391 (tjschuck)
    • ๐Ÿ’Ž Enable rubocop locally and on ci #390 (anakinj)
    • โœ… Ci and test cleanup #387 (anakinj)
    • ๐Ÿ’Ž Make JWT::JWK::EC compatible with Ruby 2.3 #386 (anakinj)
    • ๐Ÿ‘Œ Support JWKs for pre 2.3 rubies #382 (anakinj)
    • ๐Ÿ‘ท Replace Travis CI with GitHub Actions (also favor openssl/rbnacl combinations over rails compatibility tests) #381 (anakinj)
    • โž• Add auth0 sponsor message #379 (excpt)
    • ๐Ÿ’… Adapt HMAC to JWK RSA code style. #378 (phlegx)
    • ๐Ÿ’Ž Disable Rails cops #376 (anakinj)
    • ๐Ÿ‘Œ Support exporting RSA JWK private keys #375 (anakinj)
    • ๐Ÿ’Ž Ebert is SourceLevel nowadays #374 (anakinj)
    • โž• Add support for JWKs with EC key type #371 (richardlarocque)
    • โž• Add Truffleruby head to CI #368 (gogainda)
    • โž• Add more docs about JWK support #341 (take)

Previous changes from v2.2.2

  • ๐Ÿ’Ž Full Changelog

    Implemented enhancements:

    • ๐Ÿ’Ž JWK does not decode. #332
    • ๐Ÿ’Ž Inconsistent use of symbol and string keys in args (exp and alrogithm). #331
    • ๐Ÿ“Œ Pin simplecov to < 0.18 #356 (anakinj)
    • ๐Ÿ’Ž verifies algorithm before evaluating keyfinder #346 (jb08)
    • ๐Ÿš€ Update Rails 6 appraisal to use actual release version #336 (smudge)
    • โšก๏ธ Update Travis #326 (berkos)
    • ๐Ÿ‘Œ Improvement/encode hmac without key #312 (JotaSe)

    ๐Ÿ›  Fixed bugs:

    • โš  v2.2.1 warning: already initialized constant JWT Error #335
    • ๐Ÿ’Ž 2.2.1 is no longer raising JWT::DecodeError on nil verification key #328
    • ๐Ÿ›  Fix algorithm picking from decode options #359 (excpt)
    • ๐Ÿšฉ Raise error when verification key is empty #358 (anakinj)

    Closed issues:

    • ๐Ÿ’Ž JWT RSA: is it possible to encrypt using the public key? #366
    • ๐Ÿ’Ž Example unsigned token that bypasses verification #364
    • ๐Ÿ‘Œ Verify exp claim/field even if it's not present #363
    • ๐Ÿ’Ž Decode any token #360
    • ๐Ÿ’Ž [question] example of using a pub/priv keys for signing? #351
    • ๐Ÿ›ฐ JWT::ExpiredSignature raised for non-JSON payloads #350
    • ๐Ÿ‘Œ verify_aud only verifies that at least one aud is expected #345
    • ๐Ÿ’Ž Sinatra 4.90s TTFB #344
    • ๐Ÿ’Ž How to Logout #342
    • ๐Ÿ’Ž jwt token decoding even when wrong token is provided for some letters #337
    • ๐Ÿ’Ž Need to use symbolize_keys everywhere! #330
    • ๐Ÿ’Ž eval() used in Forwardable limits usage in iOS App Store #324
    • ๐Ÿ’Ž HS512256 OpenSSL Exception: First num too large #322
    • ๐Ÿ’Ž Can we change the separator character? #321
    • ๐Ÿ‘Œ Verifying iat without leeway may break with poorly synced clocks #319
    • โž• Adding support for 'hd' hosted domain string #314
    • ๐Ÿ’Ž There is no "typ" header in version 2.0.0 #233

    ๐Ÿ”€ Merged pull requests:

    • ๐Ÿš€ Release v2.2.2 #367 (excpt)
    • ๐Ÿ›  Fix 'already initialized constant JWT Error' #357 (excpt)
    • ๐Ÿ‘Œ Support RSA.import for all Ruby versions. #333 (rabajaj0509)
    • โœ‚ Removed forwardable dependency #325 (anakinj)