Skip to content

Releases: vapor/jwt-kit

Support JWKs with no algorithm

29 Jul 18:06
@tanner0101 tanner0101
4.0.0-rc.2
ee44e77
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Support JWKs with no algorithm Pre-release
Pre-release
This patch was authored and released by @tanner0101.

Adds support for JSON Web Keys that do not specify an algorithm (#34).

JWKs are now stored directly in JWTSigners via the use(jwk:) method. When a request to verify a JWT is received that matches a JWK, both the JWT and the JWK's algorithm header is checked. A signer is then created on the fly to handle the request.

Assets 2
Loading

Add support for Apple Silicon

17 Jul 15:50
@tanner0101 tanner0101
4.0.0-rc.1.7
8c9f67a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Add support for Apple Silicon Pre-release
Pre-release
This patch was authored by @0xTim and released by @tanner0101.

Adds support for Apple Silicon (#32).

Assets 2
Loading

Boring SSL update

17 Jul 15:15
@tanner0101 tanner0101
4.0.0-rc.1.6
fa439a7
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Boring SSL update Pre-release
Pre-release
This patch was authored by @0xTim and released by @tanner0101.

Brings in the latest version of BoringSSL (#31).

Assets 2
Loading

Add typ, cty fields in the JWT header

25 Jun 18:10
@tanner0101 tanner0101
4.0.0-rc.1.5
b5b711f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Add typ, cty fields in the JWT header Pre-release
Pre-release
This patch was authored by @Maxim-Inv and released by @tanner0101.

Adds typ and cty fields to the JWT header (#25, fixes #5).

  • Add typ header as parameter making "JWT" the default.

  • Allow setting cty during JWT signing.

let signer = JWTSigner.hs256(key: keyData)`
let token = try signer.sign(payload, cty: "twilio-fpa;v=1")
Assets 2
Loading

Migrate HMAC to Crypto

16 Apr 14:45
@tanner0101 tanner0101
4.0.0-rc.1.4
b5aa3d4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Migrate HMAC to Crypto Pre-release
Pre-release
This patch was authored and released by @0xTim.

Migrate all the HMAC code away from BoringSSL to Swift Crypto (#24).

Assets 2
Loading

Create a generic `JWTMultiValueClaim` protocol

23 Mar 21:52
@tanner0101 tanner0101
4.0.0-rc.1.3
c411158
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Create a generic `JWTMultiValueClaim` protocol Pre-release
Pre-release
This patch was authored and released by @gwynne.
  • Allows much simpler implementation of JWT claims with multiple values.
  • Switches to this implementation for AudienceClaim
Assets 2
Loading

Give `AudienceClaim` more powers

16 Mar 22:53
@tanner0101 tanner0101
4.0.0-rc.1.2
3387c16
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Give `AudienceClaim` more powers Pre-release
Pre-release
This patch was authored and released by @gwynne.
  • Allow AudienceClaim to represent more than one audience, per RFC 7519 § 4.1.3
  • Add verifyIntendedAudience(includes:) method for conveniently verifying that the audience is the intended one.
  • Add unit tests for new functionality.

Because the Value type of AudienceClaim is now [String] instead of String, this change is API-breaking!

This would normally require a semver-major update, but as the package is still in RC, I think it can scrape past with a semver-minor, especially since the change is to obey spec.

Assets 2
Loading

Added the nonce_supported claim to AppleIdentityToken

04 Mar 16:29
@tanner0101 tanner0101
4.0.0-rc.1.1
f1d0e51
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Added the nonce_supported claim to AppleIdentityToken Pre-release
Pre-release

The claim was missing.

This patch was authored and released by @grosch.

Assets 2
Loading

Release Candidate 1

28 Feb 23:30
@tanner0101 tanner0101
4.0.0-rc.1
d7a3a04
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Release Candidate 1 Pre-release
Pre-release

Updates to Swift 5.2.

Release candidates represent the final shift toward focusing on bug fixes and documentation. Breaking changes will only be accepted for critical issues. We expect a final release of this package shortly after Swift 5.2's release date.

Assets 2
Loading

Fixes Codable support for LocaleClaim

26 Feb 21:13
@tanner0101 tanner0101
4.0.0-beta.3.2
57c49ff
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Fixes Codable support for LocaleClaim Pre-release
Pre-release

Previously, LocaleClaims were not decoded from JWTs correctly. This patch fixes their behavior and adds tests to prevent regression.

Assets 2
Loading