jwt-2.2.3

v2.2.3 (2021-04-19)

Full Changelog

Implemented enhancements:

• Verify algorithm before evaluating keyfinder #343
• Why jwt depends on json < 2.0 ? #179
• Support for JWK in-lieu of rsa_public #158
• Fix rspec raise_error warning #413 (excpt)
• Add support for JWKs with HMAC key type. #372 (phlegx)
• Improve 'none' algorithm handling #365 (danleyden)
• Handle parsed JSON JWKS input with string keys #348 (martinemde)
• Allow Numeric values during encoding #327 (fanfilmu)

Closed issues:

• "Signature verification raised", yet jwt.io says "Signature Verified" #401
• truffleruby-head build is failing #396
• JWT::JWK::EC needs require 'forwardable' #392
• How to use a 'signing key' as used by next-auth #389
• undefined method `verify' for nil:NilClass when validate a JWT with JWK #383
• Make specifying "algorithm" optional on decode #380
• ADFS created access tokens can't be validated due to missing 'kid' header #370
• new version? #355
• JWT gitlab OmniAuth provider setup support #354
• Release with support for RSA.import for ruby < 2.4 hasn't been released #347
• cannot load such file -- jwt #339

Merged pull requests:

• Remove codeclimate code coverage dev dependency #414 (excpt)
• Add forwardable dependency #408 (anakinj)
• Ignore casing of algorithm #405 (johnnyshields)
• Document function and add tests for verify claims method #404 (yasonk)
• documenting calling verify_jti callback with 2 arguments in the readme #402 (HoneyryderChuck)
• Target the master branch on the build status badge #399 (anakinj)
• Improving the local development experience #397 (anakinj)
• Fix sourcelevel broken links #395 (anakinj)
• Don't recommend installing gem with sudo #391 (tjschuck)
• Enable rubocop locally and on ci #390 (anakinj)
• Ci and test cleanup #387 (anakinj)
• Make JWT::JWK::EC compatible with Ruby 2.3 #386 (anakinj)
• Support JWKs for pre 2.3 rubies #382 (anakinj)
• Replace Travis CI with GitHub Actions (also favor openssl/rbnacl combinations over rails compatibility tests) #381 (anakinj)
• Add auth0 sponsor message #379 (excpt)
• Adapt HMAC to JWK RSA code style. #378 (phlegx)
• Disable Rails cops #376 (anakinj)
• Support exporting RSA JWK private keys #375 (anakinj)
• Ebert is SourceLevel nowadays #374 (anakinj)
• Add support for JWKs with EC key type #371 (richardlarocque)
• Add Truffleruby head to CI #368 (gogainda)
• Add more docs about JWK support #341 (take)