Recent Releases of https://github.com/jwt/ruby-jwt
https://github.com/jwt/ruby-jwt - jwt-2.10.2
v2.10.2 (2025-06-29)
Fixes and enhancements:
- Avoid using the same digest across calls in JWT::JWA::Ecdsa and JWT::JWA::Rsa #697
- Ruby
Published by anakinj 8 months ago
https://github.com/jwt/ruby-jwt - jwt-3.1.1
v3.1.1 (2025-06-24)
Fixes and enhancements:
- Ruby
Published by anakinj 8 months ago
https://github.com/jwt/ruby-jwt - jwt-3.1.0
v3.1.0 (2025-06-23)
Features:
- Add support for x5t header parameter for X.509 certificate thumbprint verification #669 (@hieuk09)
- Raise an error if the ECDSA signing or verification key is not an instance of
OpenSSL::PKey::EC#688 (@anakinj) - Allow
OpenSSL::PKey::EC::Pointto be used as the verification key in ECDSA #689 (@anakinj) - Require claims to have been verified before accessing the
JWT::EncodedToken#payload#690 (@anakinj) - Support signing and verifying tokens using a JWK #692 (@anakinj)
- Ruby
Published by anakinj 8 months ago
https://github.com/jwt/ruby-jwt - jwt-3.0.0
v3.0.0 (2025-06-14)
Breaking changes:
- Require token signature to be verified before accessing payload #648 (@anakinj)
- Drop support for the HS512256 algorithm #650 (@anakinj)
- Remove deprecated claim verification methods #654 (@anakinj)
- Remove dependency to rbnacl #655 (@anakinj)
- Support only stricter base64 decoding (RFC 4648) #658 (@anakinj)
- Custom algorithms are required to include
JWT::JWA::SigningAlgorithm#660 (@anakinj) - Require RSA keys to be at least 2048 bits #661 (@anakinj)
- Base64 encode and decode the k value for HMAC JWKs #662 (@anakinj)
Take a look at the upgrade guide for more details.
Features:
- JWT::EncodedToken#verify! method that bundles signature and claim validation #647 (@anakinj)
- Do not override the alg header if already given #659 (@anakinj)
- Make
JWK::KeyFindercompatible withJWT::EncodedToken#663 (@anakinj)
Fixes and enhancements:
- Ruby
Published by anakinj 9 months ago
https://github.com/jwt/ruby-jwt - jwt-3.0.0.beta1
v3.0.0-beta1 (2025-01-25)
Breaking changes:
- Require token signature to be verified before accessing payload #648 (@anakinj)
- Drop support for the HS512256 algorithm #650 (@anakinj)
- Remove deprecated claim verification methods #654 (@anakinj)
- Remove dependency to rbnacl #655 (@anakinj)
- Support only stricter base64 decoding (RFC 4648) #658 (@anakinj)
- Custom algorithms are required to include
JWT::JWA::SigningAlgorithm#660 (@anakinj) - Require RSA keys to be at least 2048 bits #661 (@anakinj)
- Base64 encode and decode the k value for HMAC JWKs #662 (@anakinj)
Take a look at the upgrade guide for more details.
Features:
- JWT::EncodedToken#verify! method that bundles signature and claim validation #647 (@anakinj)
- Do not override the alg header if already given #659 (@anakinj)
- Make
JWK::KeyFindercompatible withJWT::EncodedToken#663 (@anakinj)
Fixes and enhancements:
- Ruby
Published by anakinj about 1 year ago
https://github.com/jwt/ruby-jwt - jwt-2.10.1
v2.10.1 (2024-12-26)
Fixes and enhancements:
- Ruby
Published by anakinj about 1 year ago
https://github.com/jwt/ruby-jwt - jwt-2.10.0
v2.10.0 (2024-12-25)
Features:
- JWT::Token and JWT::EncodedToken for signing and verifying tokens #621 (@anakinj)
- Detached payload support for JWT::Token and JWT::EncodedToken #630 (@anakinj)
- Skip decoding payload if b64 header is present and false #631 (@anakinj)
- Remove a few custom Rubocop configs #638 (@anakinj)
Fixes and enhancements:
- Deprecation warnings for deprecated methods and classes #629 (@anakinj)
- Improved documentation for public apis #629 (@anakinj)
- Use correct methods when raising error during signing/verification with EdDSA #633
- Fix JWT::EncodedToken behavior with empty string as token #640 (@ragalie)
- Deprecation warnings for rbnacl backed functionality #641 (@anakinj)
- Ruby
Published by anakinj about 1 year ago
https://github.com/jwt/ruby-jwt - jwt-2.9.3
v2.9.3 (2024-10-03)
Fixes and enhancements:
- Return truthy value for
::JWT::ClaimsValidator#validate!and::JWT::Verify.verify_claims#628 (@anakinj)
- Ruby
Published by anakinj over 1 year ago
https://github.com/jwt/ruby-jwt - jwt-2.9.2
v2.9.2 (2024-10-03)
Features:
Fixes and enhancements:
- Updated README to correctly document
OpenSSL::HMACdocumentation #617 (@aedryan) - Verify JWT header format #622 (@304)
- Bring back
::JWT::ClaimsValidator,::JWT::Verifyand a few other removed interfaces for preserved backwards compatibility #624 (@anakinj)
- Ruby
Published by anakinj over 1 year ago
https://github.com/jwt/ruby-jwt - jwt-2.9.1
Fixes and enhancements:
- Ruby
Published by anakinj over 1 year ago
https://github.com/jwt/ruby-jwt - jwt-2.9.0
Features:
Fixes and enhancements:
- Refactor claim validators into their own classes #605 (@anakinj, @MatteoPierro)
- Allow extending available algorithms #607 (@anakinj)
- Do not include the EdDSA algorithm if rbnacl not available #613 (@anakinj)
- Ruby
Published by anakinj over 1 year ago
https://github.com/jwt/ruby-jwt - jwt-2.8.2
Fixes and enhancements:
- Print deprecation warnings only on when token decoding succeeds https://github.com/jwt/ruby-jwt/pull/600 (@anakinj)
- Unify code style https://github.com/jwt/ruby-jwt/pull/602 (@anakinj)
- Ruby
Published by anakinj over 1 year ago
https://github.com/jwt/ruby-jwt - jwt-2.8.1
Features:
Fixes and enhancements:
- Ruby
Published by anakinj about 2 years ago
https://github.com/jwt/ruby-jwt - jwt-2.8.0
Features:
- Updated rubocop to 1.56 #573 (@anakinj)
- Run CI on Ruby 3.3 #577 (@anakinj)
- Deprecation warning added for the HMAC algorithm HS512256 (HMAC-SHA-512 truncated to 256-bits) #575 (@anakinj)
- Stop using RbNaCl for standard HMAC algorithms #575 (@anakinj)
Fixes and enhancements:
- Fix signature has expired error if payload is a string #555 (@GobinathAL)
- Fix key base equality and spaceship operators #569 (@magneland)
- Remove explicit base64 require from x5c_key_finder #580 (@anakinj)
- Performance improvements and cleanup of tests #581 (@anakinj)
- Repair EC x/y coordinates when importing JWK #585 (@julik)
- Explicit dependency to the base64 gem #582 (@anakinj)
- Deprecation warning for decoding content not compliant with RFC 4648 #582 (@anakinj)
- Algorithms moved under the
::JWT::JWAmodule (@anakinj)
- Ruby
Published by anakinj about 2 years ago
https://github.com/jwt/ruby-jwt - jwt-2.7.1
Fixes and enhancements:
- Handle invalid algorithm when decoding JWT #559 - @nataliastanko
- Do not raise error when verifying bad HMAC signature #563 - @hieuk09
- Ruby
Published by anakinj over 2 years ago
https://github.com/jwt/ruby-jwt - jwt-2.7.0
Features:
- Support OKP (Ed25519) keys for JWKs #540 (@anakinj)
- JWK Sets can now be used for tokens with nil kid #543 (@bellebaum)
Fixes and enhancements:
- Fix issue with multiple keys returned by keyfinder and multiple allowed algorithms #545 (@mpospelov)
- Non-string
kidheader values are now rejected #543 (@bellebaum)
- Ruby
Published by anakinj about 3 years ago
https://github.com/jwt/ruby-jwt - jwt-2.6.0
v2.6.0 (2022-12-22)
Features:
- Support custom algorithms by passing algorithm objects#512 (@anakinj).
- Support descriptive (not key related) JWK parameters#520 (@bellebaum).
- Support for JSON Web Key Sets#525 (@bellebaum).
- Support HMAC keys over 32 chars when using RbNaCl#521 (@anakinj).
Fixes and enhancements:
- Ruby
Published by anakinj about 3 years ago
https://github.com/jwt/ruby-jwt - jwt-2.5.0
Features:
Fixes and enhancements:
- Bring back the old Base64 (RFC2045) deocode mechanisms #488 (@anakinj).
- Rescue RbNaCl exception for EdDSA wrong key #491 (@n-studio).
- New parameter name for cases when kid is not found using JWK key loader proc #501 (@anakinj).
- Fix NoMethodError when a 2 segment token is missing 'alg' header #502 (@cmrd-senya).
- Support OpenSSL >= 3.0 #496 (@anakinj).
- Ruby
Published by excpt over 3 years ago
https://github.com/jwt/ruby-jwt - jwt-2.4.1
v2.4.1 (2022-06-07)
Fixes and enhancements:
- Raise JWT::DecodeError on invalid signature #484 (@freakyfelt!).
- Ruby
Published by excpt over 3 years ago
https://github.com/jwt/ruby-jwt - jwt-2.4.0
v2.4.0 (2022-06-06)
Features:
- Dropped support for Ruby 2.5 and older #453 - @anakinj.
- Use Ruby built-in url-safe base64 methods #454 - @bdewater.
- Updated rubocop to 1.23.0 #457 - @anakinj.
- Add x5c header key finder #338 - @bdewater.
- Author driven changelog process #463 - @anakinj.
- Allow regular expressions and procs to verify issuer #437 (rewritten).
- Add Support to be able to verify from multiple keys #425 (ritikesh).
Fixes and enhancements:
- Readme: Typo fix re MissingRequiredClaim #451 (antonmorant).
- Fix RuboCop TODOs #476 (typhoon2099).
- Make specific algorithms in README linkable #472 (milieu).
- Update note about supported JWK types #475 (dpashkevich).
- Create CODE_OF_CONDUCT.md #449 (loic5).
- Ruby
Published by excpt over 3 years ago
https://github.com/jwt/ruby-jwt - jwt-2.4.0.beta1
v2.4.0 (2022-05-03)
Implemented enhancements:
- Ensure presence of claims #244
- Support verifying signature signed using x5c header #59
- Add x5c header key finder #338 (bdewater)
Security fixes:
- Importing JWK then exporting results in different
kid#313
Closed issues:
- Is there a way to decode a ES256 encoded JWT with a root certificate but without a public key or a private key? #471
- Encode output with extra quote #469
- Please release new gem version #444
- HS512 signature verification fails for valid tokens #438
- ArgumentError: invalid base64 while calling JWT::JWK.import(hash) #361
- NoMethodError (undefined method `encode' for JsonWebToken:Module) #329
Merged pull requests:
- Fix RuboCop TODOs #476 (typhoon2099)
- Update note about supported JWK types #475 (dpashkevich)
- Make specific algorithms in README linkable #472 (milieu)
- Add tests for keyfinder logic to ensure the argument count does not matter #467 (anakinj)
- More tests for none token #466 (anakinj)
- Improve non algorithm tests #465 (anakinj)
- Bring back Ruby 2.5 support and CodeClimate coverage reports #464 (anakinj)
- Fix a little RuboCop issue #462 (anakinj)
- Fixes with latest RuboCop #459 (anakinj)
- Removed bundler-audit from codeclimate config #458 (anakinj)
- Updated rubocop to 1.23.0 #457 (anakinj)
- Add Ruby 3.1 to test matrix #456 (anakinj)
- Use Ruby built-in url-safe base64 methods #454 (bdewater)
- Stop running tests on EOL rubies. #453 (anakinj)
- Fix openssl gem version check to support versons greater than 3 #452 (anakinj)
- Readme: Typo fix re MissingRequiredClaim #451 (antonmorant)
- Fix for exception after mergeing #385 #450 (anakinj)
- Create CODE_OF_CONDUCT.md #449 (loic5)
- Allow regular expressions and procs to verify issuer #437 (rewritten)
- Add Support to be able to verify from multiple keys #425 (ritikesh)
- Define the secp256r1 curve #385 (anakinj)
- Ruby
Published by excpt almost 4 years ago
https://github.com/jwt/ruby-jwt - jwt-2.3.0
v2.3.0 (2021-10-03)
Closed issues:
- [SECURITY] Algorithm Confusion Through kid Header #440
- JWT to memory #436
- ArgumentError: wrong number of arguments (given 2, expected 1) #429
- HMAC section of README outdated #421
- NoMethodError: undefined method `zero?' for nil:NilClass if JWT has no 'alg' field #410
- Release new version #409
- NameError: uninitialized constant JWT::JWK #403
Merged pull requests:
- Fix Style/MultilineIfModifier issues #447 (anakinj)
- feat(EdDSA): Accept EdDSA as algorithm header #446 (Pierre-Michard)
- Pass kid param through JWT::JWK.create_from #445 (shaun-guth-allscripts)
- fix document about passing JWKs as a simple Hash #443 (takayamaki)
- Tests for mixing JWK keys with mismatching algorithms #441 (anakinj)
- verify_claims test shouldnt be within the verify_sub test #431 (andyjdavis)
- Allow decode options to specify required claims #430 (andyjdavis)
- Fix OpenSSL::PKey::EC public_key handing in tests #427 (anakinj)
- Add documentation for find_key #426 (ritikesh)
- Give ruby 3.0 as a string to avoid number formatting issues #424 (anakinj)
- Tests for iat verification behaviour #423 (anakinj)
- Remove HMAC with nil secret from documentation #422 (boardfish)
- Update broken link in README #420 (severin)
- Add metadata for RubyGems #418 (nickhammond)
- Fixed a typo about class name #417 (mai-f)
- Fix references for v2.2.3 on CHANGELOG #416 (vyper)
- Raise IncorrectAlgorithm if token has no alg header #411 (bouk)
- Ruby
Published by excpt over 4 years ago
https://github.com/jwt/ruby-jwt - jwt-2.2.3
v2.2.3 (2021-04-19)
Implemented enhancements:
- Verify algorithm before evaluating keyfinder #343
- Why jwt depends on json < 2.0 ? #179
- Support for JWK in-lieu of rsa_public #158
- Fix rspec
raise_errorwarning #413 (excpt) - Add support for JWKs with HMAC key type. #372 (phlegx)
- Improve 'none' algorithm handling #365 (danleyden)
- Handle parsed JSON JWKS input with string keys #348 (martinemde)
- Allow Numeric values during encoding #327 (fanfilmu)
Closed issues:
- "Signature verification raised", yet jwt.io says "Signature Verified" #401
- truffleruby-head build is failing #396
- JWT::JWK::EC needs
require 'forwardable'#392 - How to use a 'signing key' as used by next-auth #389
- undefined method `verify' for nil:NilClass when validate a JWT with JWK #383
- Make specifying "algorithm" optional on decode #380
- ADFS created access tokens can't be validated due to missing 'kid' header #370
- new version? #355
- JWT gitlab OmniAuth provider setup support #354
- Release with support for RSA.import for ruby < 2.4 hasn't been released #347
- cannot load such file -- jwt #339
Merged pull requests:
- Remove codeclimate code coverage dev dependency #414 (excpt)
- Add forwardable dependency #408 (anakinj)
- Ignore casing of algorithm #405 (johnnyshields)
- Document function and add tests for verify claims method #404 (yasonk)
- documenting calling verify_jti callback with 2 arguments in the readme #402 (HoneyryderChuck)
- Target the master branch on the build status badge #399 (anakinj)
- Improving the local development experience #397 (anakinj)
- Fix sourcelevel broken links #395 (anakinj)
- Don't recommend installing gem with sudo #391 (tjschuck)
- Enable rubocop locally and on ci #390 (anakinj)
- Ci and test cleanup #387 (anakinj)
- Make JWT::JWK::EC compatible with Ruby 2.3 #386 (anakinj)
- Support JWKs for pre 2.3 rubies #382 (anakinj)
- Replace Travis CI with GitHub Actions (also favor openssl/rbnacl combinations over rails compatibility tests) #381 (anakinj)
- Add auth0 sponsor message #379 (excpt)
- Adapt HMAC to JWK RSA code style. #378 (phlegx)
- Disable Rails cops #376 (anakinj)
- Support exporting RSA JWK private keys #375 (anakinj)
- Ebert is SourceLevel nowadays #374 (anakinj)
- Add support for JWKs with EC key type #371 (richardlarocque)
- Add Truffleruby head to CI #368 (gogainda)
- Add more docs about JWK support #341 (take)
- Ruby
Published by excpt almost 5 years ago
https://github.com/jwt/ruby-jwt - jwt-2.2.2
v2.2.2 (2020-08-18)
Implemented enhancements:
- JWK does not decode. #332
- Inconsistent use of symbol and string keys in args (exp and alrogithm). #331
- Pin simplecov to < 0.18 #356 (anakinj)
- verifies algorithm before evaluating keyfinder #346 (jb08)
- Update Rails 6 appraisal to use actual release version #336 (smudge)
- Update Travis #326 (berkos)
- Improvement/encode hmac without key #312 (JotaSe)
Fixed bugs:
- v2.2.1 warning: already initialized constant JWT Error #335
- 2.2.1 is no longer raising
JWT::DecodeErroronnilverification key #328 - Fix algorithm picking from decode options #359 (excpt)
- Raise error when verification key is empty #358 (anakinj)
Closed issues:
- JWT RSA: is it possible to encrypt using the public key? #366
- Example unsigned token that bypasses verification #364
- Verify exp claim/field even if it's not present #363
- Decode any token #360
- [question] example of using a pub/priv keys for signing? #351
- JWT::ExpiredSignature raised for non-JSON payloads #350
- verify_aud only verifies that at least one aud is expected #345
- Sinatra 4.90s TTFB #344
- How to Logout #342
- jwt token decoding even when wrong token is provided for some letters #337
- Need to use
symbolize\_keyseverywhere! #330 - eval() used in Forwardable limits usage in iOS App Store #324
- HS512256 OpenSSL Exception: First num too large #322
- Can we change the separator character? #321
- Verifying iat without leeway may break with poorly synced clocks #319
- Adding support for 'hd' hosted domain string #314
- There is no "typ" header in version 2.0.0 #233
Merged pull requests:
- Fix 'already initialized constant JWT Error' #357 (excpt)
- Support RSA.import for all Ruby versions. #333 (rabajaj0509)
- Removed forwardable dependency #325 (anakinj)
- Ruby
Published by excpt over 5 years ago
https://github.com/jwt/ruby-jwt - jwt-2.2.0
v2.2.0 (2019-03-20)
Implemented enhancements:
- Use iat_leeway option #273
- Use of global state in latest version breaks thread safety of JWT.decode #268
- JSON support #246
- Change the Github homepage URL to https #301 (ekohl)
- Fix Salt length for conformance with PS family specification. #300 (tobypinder)
- Add support for Ruby 2.6 #299 (bustikiller)
- update homepage in gemspec to use HTTPS #298 (evgeni)
- Make sure alg parameter value isn't added twice #297 (korstiaan)
- Claims Validation #295 (jamesstonehill)
- JWT::Encode refactorings, alg and exp related bugfixes #293 (anakinj)
- Proposal of simple JWK support #289 (anakinj)
- Add RSASSA-PSS signature signing support #285 (oliver-hohn)
- Add note about using a hard coded algorithm in README #280 (revodoge)
- Add Appraisal support #278 (olbrich)
- Fix decode threading issue #269 (ab320012)
- Removed leeway from verify_iat #257 (ab320012)
Fixed bugs:
- Inconsistent handling of payload claim data types #282
- Use iat\_leeway option #273
- Issued at validation #247
- Fix bug and simplify segment validation #292 (anakinj)
- Removed leeway from verify\_iat #257 (ab320012)
Closed issues:
- RS256, public and private keys #291
- Allow passing current time to
decode#288 - Verify exp claim without verifying jwt #281
- Decoding JWT with ES256 and secp256k1 curve #277
- Audience as an array - how to specify? #276
- signature validation using decode method for JWT #271
- JWT is easily breakable #267
- Ruby JWT Token #265
- ECDSA supported algorithms constant is defined as a string, not an array #264
- NoMethodError: undefined method `group' for <xxxxx> #261
- 'DecodeError'will replace 'ExpiredSignature' #260
- TypeError: no implicit conversion of OpenSSL::PKey::RSA into String #259
- NameError: uninitialized constant JWT::Algos::Eddsa::RbNaCl #258
- Get new token if curren token expired #256
- Infer algorithm from header #254
- Why is the result of decode is an array? #252
- Add support for headless token #251
- Leeway or exp_leeway #215
- Could you describe purpose of cert fixtures and their cryptokey lengths. #185
Merged pull requests:
- Misc config improvements #296 (jamesstonehill)
- Fix JSON conflict between #293 and #292 #294 (anakinj)
- Drop Ruby 2.2 from test matrix #290 (anakinj)
- Remove broken reek config #283 (excpt)
- Add missing test, Update common files #275 (excpt)
- Remove iat_leeway option #274 (wohlgejm)
- improving code quality of jwt module #266 (ab320012)
- fixed ECDSA supported versions const #263 (starbeast)
- Added my name to contributor list #262 (ab320012)
- Use
Class\#newShorthand For Error Subclasses #255 (akabiru) - [CI] Test against Ruby 2.5 #253 (nicolasleger)
- Fix README #250 (rono23)
- Fix link format #248 (y-yagi)
- Ruby
Published by excpt almost 7 years ago
https://github.com/jwt/ruby-jwt - jwt-2.2.0-beta.0
2.2.0-beta.0 (2019-03-20)
Implemented enhancements:
- Use iat_leeway option #273
- Use of global state in latest version breaks thread safety of JWT.decode #268
- JSON support #246
- Change the Github homepage URL to https #301 (ekohl)
- Fix Salt length for conformance with PS family specification. #300 (tobypinder)
- Add support for Ruby 2.6 #299 (bustikiller)
- update homepage in gemspec to use HTTPS #298 (evgeni)
- Make sure alg parameter value isn't added twice #297 (korstiaan)
- Claims Validation #295 (jamesstonehill)
- JWT::Encode refactorings, alg and exp related bugfixes #293 (anakinj)
- Proposal of simple JWK support #289 (anakinj)
- Add RSASSA-PSS signature signing support #285 (oliver-hohn)
- Add note about using a hard coded algorithm in README #280 (revodoge)
- Add Appraisal support #278 (olbrich)
- Fix decode threading issue #269 (ab320012)
- Removed leeway from verify_iat #257 (ab320012)
Fixed bugs:
- Inconsistent handling of payload claim data types #282
- Use iat\_leeway option #273
- Issued at validation #247
- Fix bug and simplify segment validation #292 (anakinj)
- Removed leeway from verify\_iat #257 (ab320012)
Closed issues:
- RS256, public and private keys #291
- Allow passing current time to
decode#288 - Verify exp claim without verifying jwt #281
- Decoding JWT with ES256 and secp256k1 curve #277
- Audience as an array - how to specify? #276
- signature validation using decode method for JWT #271
- JWT is easily breakable #267
- Ruby JWT Token #265
- ECDSA supported algorithms constant is defined as a string, not an array #264
- NoMethodError: undefined method `group' for <xxxxx> #261
- 'DecodeError'will replace 'ExpiredSignature' #260
- TypeError: no implicit conversion of OpenSSL::PKey::RSA into String #259
- NameError: uninitialized constant JWT::Algos::Eddsa::RbNaCl #258
- Get new token if curren token expired #256
- Infer algorithm from header #254
- Why is the result of decode is an array? #252
- Add support for headless token #251
- Leeway or exp_leeway #215
- Could you describe purpose of cert fixtures and their cryptokey lengths. #185
Merged pull requests:
- Misc config improvements #296 (jamesstonehill)
- Fix JSON conflict between #293 and #292 #294 (anakinj)
- Drop Ruby 2.2 from test matrix #290 (anakinj)
- Remove broken reek config #283 (excpt)
- Add missing test, Update common files #275 (excpt)
- Remove iat_leeway option #274 (wohlgejm)
- improving code quality of jwt module #266 (ab320012)
- fixed ECDSA supported versions const #263 (starbeast)
- Added my name to contributor list #262 (ab320012)
- Use
Class\#newShorthand For Error Subclasses #255 (akabiru) - [CI] Test against Ruby 2.5 #253 (nicolasleger)
- Fix README #250 (rono23)
- Fix link format #248 (y-yagi)
- Ruby
Published by excpt almost 7 years ago
https://github.com/jwt/ruby-jwt - jwt-2.1.0
2.1.0 (2017-10-06)
Implemented enhancements:
- Ed25519 support planned? #217
- Verify JTI Proc #207
- Allow a list of algorithms for decode #241 (lautis)
- verify takes 2 params, second being payload closes: #207 #238 (ab320012)
- simplified logic for keyfinder #237 (ab320012)
- Show backtrace if rbnacl-libsodium not loaded #231 (buzztaiki)
- Support for ED25519 #229 (ab320012)
Fixed bugs:
- JWT.encode failing on encode for string #235
- The README says it uses an algorithm by default #226
- Fix string payload issue #236 (excpt)
Closed issues:
- Change from 1.5.6 to 2.0.0 and appears a "Completed 401 Unauthorized" #240
- Why doesn't the decode function use a default algorithm? #227
Merged pull requests:
- Update README.md #242 (excpt)
- Update ebert configuration #232 (excpt)
- added algos/strategy classes + structs for inputs #230 (ab320012)
- Add HS256 algorithm to decode default options #228 (madkin10)
- Ruby
Published by excpt over 8 years ago
https://github.com/jwt/ruby-jwt - jwt-2.0.0.beta1
Changelog
v2.0.0.beta1 (2017-02-27)
Implemented enhancements:
- Error with method sign for String #171
- Refactor the encondig code #121
- Refactor #196 (EmilioCristalli)
- Move signature logic to its own module #195 (EmilioCristalli)
- Add options for claim-specific leeway #187 (EmilioCristalli)
- Add user friendly encode error if private key is a String, #171 #176 (xamenrax)
- Return empty string if signature less than byte_size #155 #175 (xamenrax)
- Remove 'typ' optional parameter #174 (xamenrax)
- Pass payload to keyfinder #172 (CodeMonkeySteve)
- Use RbNaCl for HMAC if available with fallback to OpenSSL #149 (mwpastore)
Fixed bugs:
- ruby-jwt::raw_to_asn1: Fails for signatures less than byte_size #155
- The leeway parameter is applies to all time based verifications #129
- Add options for claim-specific leeway #187 (EmilioCristalli)
- Make algorithm option required to verify signature #184 (EmilioCristalli)
- Validate audience when payload is a scalar and options is an array #183 (steti)
Closed issues:
- Different encoded value between servers with same password #197
- Signature is different at each run #190
- Include custom headers with password #189
- can't create token - 'NotImplementedError: Unsupported signing method' #186
- Why jwt depends on json < 2.0 ? #179
- Cannot verify JWT at all?? #177
- verify_iss: true is raising JWT::DecodeError instead of JWT::InvalidIssuerError #170
Merged pull requests:
- Version bump 2.0.0.beta1 #199 (excpt)
- Update CHANGELOG.md and minor fixes #198 (excpt)
- Add Codacy coverage reporter #194 (excpt)
- Add minimum required ruby version to gemspec #193 (excpt)
- Code smell fixes #192 (excpt)
- Version bump to 2.0.0.dev #191 (excpt)
- Basic encode module refactoring #121 #182 (xamenrax)
- Fix travis ci build configuration #181 (excpt)
- Fix travis ci build configuration #180 (excpt)
- Fix typo in README #178 (tomeduarte)
- Fix code style #173 (excpt)
- Fixed a typo in a spec name #169 (Mingan)
- Ruby
Published by excpt over 8 years ago
https://github.com/jwt/ruby-jwt - jwt-2.0.0
Change Log
v2.0.0 (2017-09-03)
Fixed bugs:
- Support versions outside 2.1 #209
- Verifying expiration without leeway throws exception #206
- Ruby interpreter warning #200
- TypeError: no implicit conversion of String into Integer #188
- Fix JWT.encode(nil) #203 (tmm1)
Closed issues:
Merged pull requests:
- Skip 'exp' claim validation for array payloads #224 (excpt)
- Use a default leeway of 0 #223 (travisofthenorth)
- Fix reported codesmells #221 (excpt)
- Add fancy gem version badge #220 (excpt)
- Add missing dist option to .travis.yml #219 (excpt)
- Fix ruby version requirements in gemspec file #218 (excpt)
- Fix a little typo in the readme #214 (RyanBrushett)
- Update README.md #212 (zuzannast)
- Fix typo in HS512256 algorithm description #211 (ojab)
- Allow configuration of multiple acceptable issuers #210 (ojab)
- Enforce
expto be anInteger#205 (lucasmazza) - ruby 1.9.3 support message upd #204 (maokomioko)
- Guard against partially loaded RbNaCl when failing to load libsodium #202 (Dorian)
- Ruby
Published by excpt over 8 years ago
https://github.com/jwt/ruby-jwt - jwt-1.5.6
Fixed bugs:
Merged pull requests:
- Ruby
Published by excpt over 9 years ago
https://github.com/jwt/ruby-jwt - jwt-1.5.5
Implemented enhancements:
- JWT.decode always raises JWT::ExpiredSignature for tokens created with Time objects passed as the
expparameter #148
Fixed bugs:
- expiration check does not give "Signature has expired" error for the exact time of expiration #157
- JTI claim broken? #152
- Audience Claim broken? #151
- 1.5.3 breaks compatibility with 1.5.2 #133
- Version 1.5.3 breaks 1.9.3 compatibility, but not documented as such #132
- Fix: exp claim check #161 (excpt)
Closed issues:
- Rendering Json Results in JWT::DecodeError #162
- PHP Libraries #154
- [security] Signature verified after expiration/sub/iss checks #153
- Is ruby-jwt thread-safe? #150
- JWT 1.5.3 #143
- gem install v 1.5.3 returns error #141
- Adding a CHANGELOG #140
Merged pull requests:
- Bump version #165 (excpt)
- Improve error message for exp claim in payload #164 (excpt)
- Fix #151 and code refactoring #163 (excpt)
- Signature validation before claim verification #160 (excpt)
- Create specs for README.md examples #159 (excpt)
- Tiny Readme Improvement #156 (b264)
- Added test execution to Rakefile #147 (jabbrwcky)
- Add more bling bling to the site #146 (excpt)
- Bump version #145 (excpt)
- Add first content and basic layout #144 (excpt)
- Add a changelog file #142 (excpt)
- Return decoded_segments #139 (akostrikov)
- Ruby
Published by excpt over 9 years ago
https://github.com/jwt/ruby-jwt - jwt-1.5.4
Closed issues:
Merged pull requests:
- Update README.md #138 (excpt)
- Fix base64url_decode #136 (excpt)
- Fix ruby 1.9.3 compatibility #135 (excpt)
- iat can be a float value #134 (llimllib)
- Ruby
Published by excpt over 9 years ago
https://github.com/jwt/ruby-jwt - [YANKED] jwt-1.5.3
Changelog
- Dropped ruby 1.9.3 support #131
- Update README.md - improve documentation and fix typos
- Removed
echoedependency - Fix hash/string key issue in options #130
- Allow a proc to be passed for JTI verification #126
- Code refactoring and code smell fixes
Commits
4a0b939 Merge pull request #131 from jwt/drop-ruby-1.9.3-support
cfc8362 Update .travis.yml
04120f6 Merge pull request #130 from tpickett66/hash-keys
a4d0473 Bump version
a6d1a33 Allow verification option keys to be strings or symbols
b47ab94 Make Verify an instantiatable class
6a9b5cc Adjust aud checking to use a string key against the payload
7b80ec9 Move Verify specs to a separate file.
2c7837f update testing and install sections of readme
d4fca40 Merge pull request #126 from yahooguntu/master
0100ad6 Allow a proc to be passed for JTI verification
b85b30e Merge pull request #122 from excpt/refactor-json-dependency
1499b16 Merge pull request #123 from excpt/ci-settings
2d5bc86 Remove obsolete json code
a03fbaf Add ruby 2.3.0 for travis ci testing
91b4220 Update README.md
86f470b Merge pull request #118 from excpt/master
a6672da Add fancy badges to README.md
0a2fa6c Merge pull request #117 from excpt/master
707376a Fix merge options bug
f889e49 Fix some code smells
a0815ee Fix some more code smells
e556eb9 Fix some code smells in JWT::Verify class
7a7ac9a Refactor decode and verify functionality
59dd2e0 Merge pull request #116 from excpt/master
79cdce8 Fix code smell reported by rubocop
451d950 Fix code smells reported by rubocop
4d440dc Fix travis test command
279df0e Remove echoe dependency
4f45b66 Add version class, remove utf8 encoding comment
559a23b Update codeclimate settings
cabde34 Merge pull request #114 from FXFusion/master
e5a94db Updated readme for iss/aud options
6c84213 Merge pull request #113 from lwe/lwe-jti-validation-fix
320306b relax restrictions on "jti" claim verification
27c7412 Merge pull request #112 from kat3kasper/fix/misspelling
02cbbd6 Fix error misspelling
- Ruby
Published by excpt about 10 years ago
https://github.com/jwt/ruby-jwt -
- drop active ruby 1.8.x and <= 1.9.2 support
- allow nbf to have exact time matches
- iat now recognizes leeway
- ensure that the sub claim check behaves like the aud claim check
- test suite refactored
- documentation updates
- Ruby
Published by excpt over 10 years ago