Skip to content

jwt-3.0.0.beta1

Pre-release
Pre-release
Compare
Choose a tag to compare
@anakinj anakinj released this 25 Jan 10:20
· 1 commit to main since this release
v3.0.0.beta1
bf5cc3e

v3.0.0-beta1 (2025-01-25)

Full Changelog

Breaking changes:

  • Require token signature to be verified before accessing payload #648 (@anakinj)
  • Drop support for the HS512256 algorithm #650 (@anakinj)
  • Remove deprecated claim verification methods #654 (@anakinj)
  • Remove dependency to rbnacl #655 (@anakinj)
  • Support only stricter base64 decoding (RFC 4648) #658 (@anakinj)
  • Custom algorithms are required to include JWT::JWA::SigningAlgorithm #660 (@anakinj)
  • Require RSA keys to be at least 2048 bits #661 (@anakinj)
  • Base64 encode and decode the k value for HMAC JWKs #662 (@anakinj)

Take a look at the upgrade guide for more details.

Features:

  • JWT::EncodedToken#verify! method that bundles signature and claim validation #647 (@anakinj)
  • Do not override the alg header if already given #659 (@anakinj)
  • Make JWK::KeyFinder compatible with JWT::EncodedToken #663 (@anakinj)

Fixes and enhancements:

Assets 2
Loading