v2.2.2 (2020-08-18)

Full Changelog

Implemented enhancements:

• JWK does not decode. #332
• Inconsistent use of symbol and string keys in args (exp and alrogithm). #331
• Pin simplecov to < 0.18 #356 (anakinj)
• verifies algorithm before evaluating keyfinder #346 (jb08)
• Update Rails 6 appraisal to use actual release version #336 (smudge)
• Update Travis #326 (berkos)
• Improvement/encode hmac without key #312 (JotaSe)

Fixed bugs:

• v2.2.1 warning: already initialized constant JWT Error #335
• 2.2.1 is no longer raising JWT::DecodeError on nil verification key #328
• Fix algorithm picking from decode options #359 (excpt)
• Raise error when verification key is empty #358 (anakinj)

Closed issues:

• JWT RSA: is it possible to encrypt using the public key? #366
• Example unsigned token that bypasses verification #364
• Verify exp claim/field even if it's not present #363
• Decode any token #360
• [question] example of using a pub/priv keys for signing? #351
• JWT::ExpiredSignature raised for non-JSON payloads #350
• verify_aud only verifies that at least one aud is expected #345
• Sinatra 4.90s TTFB #344
• How to Logout #342
• jwt token decoding even when wrong token is provided for some letters #337
• Need to use symbolize\_keys everywhere! #330
• eval() used in Forwardable limits usage in iOS App Store #324
• HS512256 OpenSSL Exception: First num too large #322
• Can we change the separator character? #321
• Verifying iat without leeway may break with poorly synced clocks #319
• Adding support for 'hd' hosted domain string #314
• There is no "typ" header in version 2.0.0 #233

Merged pull requests:

• Fix 'already initialized constant JWT Error' #357 (excpt)
• Support RSA.import for all Ruby versions. #333 (rabajaj0509)
• Removed forwardable dependency #325 (anakinj)

v2.2.1 (2019-05-24)

Full Changelog

Fixed bugs:

• need to require 'forwardable' to use Forwardable #316
• Add forwardable dependency for JWK RSA KeyFinder #317 (excpt)

v2.2.0 (2019-03-20)

Full Changelog

Implemented enhancements:

• Use iat_leeway option #273
• Use of global state in latest version breaks thread safety of JWT.decode #268
• JSON support #246
• Change the Github homepage URL to https #301 (ekohl)
• Fix Salt length for conformance with PS family specification. #300 (tobypinder)
• Add support for Ruby 2.6 #299 (bustikiller)
• update homepage in gemspec to use HTTPS #298 (evgeni)
• Make sure alg parameter value isn't added twice #297 (korstiaan)
• Claims Validation #295 (jamesstonehill)
• JWT::Encode refactorings, alg and exp related bugfixes #293 (anakinj)
• Proposal of simple JWK support #289 (anakinj)
• Add RSASSA-PSS signature signing support #285 (oliver-hohn)
• Add note about using a hard coded algorithm in README #280 (revodoge)
• Add Appraisal support #278 (olbrich)
• Fix decode threading issue #269 (ab320012)
• Removed leeway from verify_iat #257 (ab320012)

Fixed bugs:

• Inconsistent handling of payload claim data types #282
• Use iat\_leeway option #273
• Issued at validation #247
• Fix bug and simplify segment validation #292 (anakinj)
• Removed leeway from verify\_iat #257 (ab320012)

Closed issues:

• RS256, public and private keys #291
• Allow passing current time to decode #288
• Verify exp claim without verifying jwt #281
• Decoding JWT with ES256 and secp256k1 curve #277
• Audience as an array - how to specify? #276
• signature validation using decode method for JWT #271
• JWT is easily breakable #267
• Ruby JWT Token #265
• ECDSA supported algorithms constant is defined as a string, not an array #264
• NoMethodError: undefined method `group' for <xxxxx> #261
• 'DecodeError'will replace 'ExpiredSignature' #260
• TypeError: no implicit conversion of OpenSSL::PKey::RSA into String #259
• NameError: uninitialized constant JWT::Algos::Eddsa::RbNaCl #258
• Get new token if curren token expired #256
• Infer algorithm from header #254
• Why is the result of decode is an array? #252
• Add support for headless token #251
• Leeway or exp_leeway #215
• Could you describe purpose of cert fixtures and their cryptokey lengths. #185

Merged pull requests:

• Misc config improvements #296 (jamesstonehill)
• Fix JSON conflict between #293 and #292 #294 (anakinj)
• Drop Ruby 2.2 from test matrix #290 (anakinj)
• Remove broken reek config #283 (excpt)
• Add missing test, Update common files #275 (excpt)
• Remove iat_leeway option #274 (wohlgejm)
• improving code quality of jwt module #266 (ab320012)
• fixed ECDSA supported versions const #263 (starbeast)
• Added my name to contributor list #262 (ab320012)
• Use Class\#new Shorthand For Error Subclasses #255 (akabiru)
• [CI] Test against Ruby 2.5 #253 (nicolasleger)
• Fix README #250 (rono23)
• Fix link format #248 (y-yagi)

2.1.0 (2017-10-06)

Full Changelog

Implemented enhancements:

• Ed25519 support planned? #217
• Verify JTI Proc #207
• Allow a list of algorithms for decode #241 (lautis)
• verify takes 2 params, second being payload closes: #207 #238 (ab320012)
• simplified logic for keyfinder #237 (ab320012)
• Show backtrace if rbnacl-libsodium not loaded #231 (buzztaiki)
• Support for ED25519 #229 (ab320012)

Fixed bugs:

• JWT.encode failing on encode for string #235
• The README says it uses an algorithm by default #226
• Fix string payload issue #236 (excpt)

Closed issues:

• Change from 1.5.6 to 2.0.0 and appears a "Completed 401 Unauthorized" #240
• Why doesn't the decode function use a default algorithm? #227

Merged pull requests:

• Update README.md #242 (excpt)
• Update ebert configuration #232 (excpt)
• added algos/strategy classes + structs for inputs #230 (ab320012)
• Add HS256 algorithm to decode default options #228 (madkin10)

Change Log

v2.0.0 (2017-09-03)

Full Changelog

Fixed bugs:

• Support versions outside 2.1 #209
• Verifying expiration without leeway throws exception #206
• Ruby interpreter warning #200
• TypeError: no implicit conversion of String into Integer #188
• Fix JWT.encode(nil) #203 (tmm1)

Closed issues:

• Possibility to disable claim verifications #222
• Proper way to verify Firebase id tokens #216

Merged pull requests:

• Skip 'exp' claim validation for array payloads #224 (excpt)
• Use a default leeway of 0 #223 (travisofthenorth)
• Fix reported codesmells #221 (excpt)
• Add fancy gem version badge #220 (excpt)
• Add missing dist option to .travis.yml #219 (excpt)
• Fix ruby version requirements in gemspec file #218 (excpt)
• Fix a little typo in the readme #214 (RyanBrushett)
• Update README.md #212 (zuzannast)
• Fix typo in HS512256 algorithm description #211 (ojab)
• Allow configuration of multiple acceptable issuers #210 (ojab)
• Enforce exp to be an Integer #205 (lucasmazza)
• ruby 1.9.3 support message upd #204 (maokomioko)
• Guard against partially loaded RbNaCl when failing to load libsodium #202 (Dorian)

Full Changelog

Fixed bugs:

• Fix missing symbol handling in aud verify code #166 (excpt)

Merged pull requests:

• Fix rubocop code smells #167 (excpt)

Full Changelog

Implemented enhancements:

• JWT.decode always raises JWT::ExpiredSignature for tokens created with Time objects passed as the exp parameter #148

Fixed bugs:

• expiration check does not give "Signature has expired" error for the exact time of expiration #157
• JTI claim broken? #152
• Audience Claim broken? #151
• 1.5.3 breaks compatibility with 1.5.2 #133
• Version 1.5.3 breaks 1.9.3 compatibility, but not documented as such #132
• Fix: exp claim check #161 (excpt)

Closed issues:

• Rendering Json Results in JWT::DecodeError #162
• PHP Libraries #154
• [security] Signature verified after expiration/sub/iss checks #153
• Is ruby-jwt thread-safe? #150
• JWT 1.5.3 #143
• gem install v 1.5.3 returns error #141
• Adding a CHANGELOG #140

Merged pull requests:

• Bump version #165 (excpt)
• Improve error message for exp claim in payload #164 (excpt)
• Fix #151 and code refactoring #163 (excpt)
• Signature validation before claim verification #160 (excpt)
• Create specs for README.md examples #159 (excpt)
• Tiny Readme Improvement #156 (b264)
• Added test execution to Rakefile #147 (jabbrwcky)
• Add more bling bling to the site #146 (excpt)
• Bump version #145 (excpt)
• Add first content and basic layout #144 (excpt)
• Add a changelog file #142 (excpt)
• Return decoded_segments #139 (akostrikov)