jwt-2.1.0

2.1.0 (2017-10-06)

Full Changelog

Implemented enhancements:

• Ed25519 support planned? #217
• Verify JTI Proc #207
• Allow a list of algorithms for decode #241 (lautis)
• verify takes 2 params, second being payload closes: #207 #238 (ab320012)
• simplified logic for keyfinder #237 (ab320012)
• Show backtrace if rbnacl-libsodium not loaded #231 (buzztaiki)
• Support for ED25519 #229 (ab320012)

Fixed bugs:

• JWT.encode failing on encode for string #235
• The README says it uses an algorithm by default #226
• Fix string payload issue #236 (excpt)

Closed issues:

• Change from 1.5.6 to 2.0.0 and appears a "Completed 401 Unauthorized" #240
• Why doesn't the decode function use a default algorithm? #227

Merged pull requests:

• Update README.md #242 (excpt)
• Update ebert configuration #232 (excpt)
• added algos/strategy classes + structs for inputs #230 (ab320012)
• Add HS256 algorithm to decode default options #228 (madkin10)

jwt-2.0.0

Change Log

v2.0.0 (2017-09-03)

Full Changelog

Fixed bugs:

• Support versions outside 2.1 #209
• Verifying expiration without leeway throws exception #206
• Ruby interpreter warning #200
• TypeError: no implicit conversion of String into Integer #188
• Fix JWT.encode(nil) #203 (tmm1)

Closed issues:

• Possibility to disable claim verifications #222
• Proper way to verify Firebase id tokens #216

Merged pull requests:

• Skip 'exp' claim validation for array payloads #224 (excpt)
• Use a default leeway of 0 #223 (travisofthenorth)
• Fix reported codesmells #221 (excpt)
• Add fancy gem version badge #220 (excpt)
• Add missing dist option to .travis.yml #219 (excpt)
• Fix ruby version requirements in gemspec file #218 (excpt)
• Fix a little typo in the readme #214 (RyanBrushett)
• Update README.md #212 (zuzannast)
• Fix typo in HS512256 algorithm description #211 (ojab)
• Allow configuration of multiple acceptable issuers #210 (ojab)
• Enforce exp to be an Integer #205 (lucasmazza)
• ruby 1.9.3 support message upd #204 (maokomioko)
• Guard against partially loaded RbNaCl when failing to load libsodium #202 (Dorian)

jwt-2.0.0.beta1

Changelog

v2.0.0.beta1 (2017-02-27)

Full Changelog

Implemented enhancements:

• Error with method sign for String #171
• Refactor the encondig code #121
• Refactor #196 (EmilioCristalli)
• Move signature logic to its own module #195 (EmilioCristalli)
• Add options for claim-specific leeway #187 (EmilioCristalli)
• Add user friendly encode error if private key is a String, #171 #176 (xamenrax)
• Return empty string if signature less than byte_size #155 #175 (xamenrax)
• Remove 'typ' optional parameter #174 (xamenrax)
• Pass payload to keyfinder #172 (CodeMonkeySteve)
• Use RbNaCl for HMAC if available with fallback to OpenSSL #149 (mwpastore)

Fixed bugs:

• ruby-jwt::raw_to_asn1: Fails for signatures less than byte_size #155
• The leeway parameter is applies to all time based verifications #129
• Add options for claim-specific leeway #187 (EmilioCristalli)
• Make algorithm option required to verify signature #184 (EmilioCristalli)
• Validate audience when payload is a scalar and options is an array #183 (steti)

Closed issues:

• Different encoded value between servers with same password #197
• Signature is different at each run #190
• Include custom headers with password #189
• can't create token - 'NotImplementedError: Unsupported signing method' #186
• Why jwt depends on json < 2.0 ? #179
• Cannot verify JWT at all?? #177
• verify_iss: true is raising JWT::DecodeError instead of JWT::InvalidIssuerError #170

Merged pull requests:

• Version bump 2.0.0.beta1 #199 (excpt)
• Update CHANGELOG.md and minor fixes #198 (excpt)
• Add Codacy coverage reporter #194 (excpt)
• Add minimum required ruby version to gemspec #193 (excpt)
• Code smell fixes #192 (excpt)
• Version bump to 2.0.0.dev #191 (excpt)
• Basic encode module refactoring #121 #182 (xamenrax)
• Fix travis ci build configuration #181 (excpt)
• Fix travis ci build configuration #180 (excpt)
• Fix typo in README #178 (tomeduarte)
• Fix code style #173 (excpt)
• Fixed a typo in a spec name #169 (Mingan)

jwt-1.5.6

Full Changelog

Fixed bugs:

• Fix missing symbol handling in aud verify code #166 (excpt)

Merged pull requests:

• Fix rubocop code smells #167 (excpt)

jwt-1.5.5

Full Changelog

Implemented enhancements:

• JWT.decode always raises JWT::ExpiredSignature for tokens created with Time objects passed as the exp parameter #148

Fixed bugs:

• expiration check does not give "Signature has expired" error for the exact time of expiration #157
• JTI claim broken? #152
• Audience Claim broken? #151
• 1.5.3 breaks compatibility with 1.5.2 #133
• Version 1.5.3 breaks 1.9.3 compatibility, but not documented as such #132
• Fix: exp claim check #161 (excpt)

Closed issues:

• Rendering Json Results in JWT::DecodeError #162
• PHP Libraries #154
• [security] Signature verified after expiration/sub/iss checks #153
• Is ruby-jwt thread-safe? #150
• JWT 1.5.3 #143
• gem install v 1.5.3 returns error #141
• Adding a CHANGELOG #140

Merged pull requests:

• Bump version #165 (excpt)
• Improve error message for exp claim in payload #164 (excpt)
• Fix #151 and code refactoring #163 (excpt)
• Signature validation before claim verification #160 (excpt)
• Create specs for README.md examples #159 (excpt)
• Tiny Readme Improvement #156 (b264)
• Added test execution to Rakefile #147 (jabbrwcky)
• Add more bling bling to the site #146 (excpt)
• Bump version #145 (excpt)
• Add first content and basic layout #144 (excpt)
• Add a changelog file #142 (excpt)
• Return decoded_segments #139 (akostrikov)

jwt-1.5.4

Full Changelog

Closed issues:

• 404 at https://rubygems.global.ssl.fastly.net/gems/jwt-1.5.3.gem #137

Merged pull requests:

• Update README.md #138 (excpt)
• Fix base64url_decode #136 (excpt)
• Fix ruby 1.9.3 compatibility #135 (excpt)
• iat can be a float value #134 (llimllib)

[YANKED] jwt-1.5.3

Changelog

• Dropped ruby 1.9.3 support #131
• Update README.md - improve documentation and fix typos
• Removed echoe dependency
• Fix hash/string key issue in options #130
• Allow a proc to be passed for JTI verification #126
• Code refactoring and code smell fixes

Commits

4a0b939 Merge pull request #131 from jwt/drop-ruby-1.9.3-support
cfc8362 Update .travis.yml
04120f6 Merge pull request #130 from tpickett66/hash-keys
a4d0473 Bump version
a6d1a33 Allow verification option keys to be strings or symbols
b47ab94 Make Verify an instantiatable class
6a9b5cc Adjust aud checking to use a string key against the payload
7b80ec9 Move Verify specs to a separate file.
2c7837f update testing and install sections of readme
d4fca40 Merge pull request #126 from yahooguntu/master
0100ad6 Allow a proc to be passed for JTI verification
b85b30e Merge pull request #122 from excpt/refactor-json-dependency
1499b16 Merge pull request #123 from excpt/ci-settings
2d5bc86 Remove obsolete json code
a03fbaf Add ruby 2.3.0 for travis ci testing
91b4220 Update README.md
86f470b Merge pull request #118 from excpt/master
a6672da Add fancy badges to README.md
0a2fa6c Merge pull request #117 from excpt/master
707376a Fix merge options bug
f889e49 Fix some code smells
a0815ee Fix some more code smells
e556eb9 Fix some code smells in JWT::Verify class
7a7ac9a Refactor decode and verify functionality
59dd2e0 Merge pull request #116 from excpt/master
79cdce8 Fix code smell reported by rubocop
451d950 Fix code smells reported by rubocop
4d440dc Fix travis test command
279df0e Remove echoe dependency
4f45b66 Add version class, remove utf8 encoding comment
559a23b Update codeclimate settings
cabde34 Merge pull request #114 from FXFusion/master
e5a94db Updated readme for iss/aud options
6c84213 Merge pull request #113 from lwe/lwe-jti-validation-fix
320306b relax restrictions on "jti" claim verification
27c7412 Merge pull request #112 from kat3kasper/fix/misspelling
02cbbd6 Fix error misspelling

jwt-1.5.2

• drop active ruby 1.8.x and <= 1.9.2 support
• allow nbf to have exact time matches
• iat now recognizes leeway
• ensure that the sub claim check behaves like the aud claim check
• test suite refactored
• documentation updates