Skip to content

Latest commit

 

History

History
165 lines (104 loc) · 4.21 KB

CHANGELOG.md

File metadata and controls

165 lines (104 loc) · 4.21 KB

Changelog

9.3.0 (2024-03-12)

  • Add Validation.reject_tokens_expiring_in_less_than, the opposite of leeway

9.2.0 (2023-12-01)

  • Add an option to not validate aud in the Validation struct
  • Get the current timestamp in wasm without using std
  • Update ring to 0.17

9.1.0 (2023-10-21)

  • Supports deserialization of unsupported algorithms for JWKs

9.0.0 (2023-10-16)

  • Update ring
  • Rejects JWTs containing audiences when the Validation doesn't contain any

8.3.0 (2023-03-15)

  • Update base64
  • Implement Clone for TokenData if T impls Clone

8.2.0 (2022-12-03)

  • Add DecodingKey::from_jwk
  • Can now use PEM certificates if you have the use_pem feature enabled

8.1.1 (2022-06-17)

  • Fix invalid field name on OctetKeyParameters

8.1.0 (2022-04-12)

  • Make optional fields in the spec really optional
  • Implements Hash for Header

8.0.1 (2022-02-03)

  • Fix documentation of leeway

8.0.0 (2022-02-02)

  • Add EdDSA algorithm
  • sign/verify now takes a &[u8] instead of &str to be more flexible
  • DecodingKey now own its data
  • Remove deprecated dangerous_unsafe_decode
  • Validation::iss is now a HashSet instead of a single value
  • decode will now error if Validation::algorithms is empty
  • Add JWKs types for easy interop with various Oauth provider, see examples/auth0.rs for an example
  • Removed decode_* functions in favour of using the Validation struct
  • Allow float values for exp and nbf, yes it's in the spec... floats will be rounded and converted to u64
  • Error now implements Clone/Eq
  • Change default leeway from 0s to 60s
  • Add Validation::require_spec_claims to validate presence of the spec claims
  • Add default feature for pem decoding named use_pem that can be disabled to avoid 2 dependencies

7.2.0 (2020-06-30)

  • Add dangerous_insecure_decode to replace dangerous_unsafe_decode, which is now deprecated
  • Add dangerous_insecure_decode_with_validation

7.1.2 (2020-06-16)

  • Derive Hash for Header and Algorithm

7.1.1 (2020-06-09)

  • Update dependencies

7.1.0 (2020-03-01)

  • Add into_static to DecodingKey for easier re-use

7.0.0 (2020-01-28)

  • Add support for PS256, PS384 and PS512
  • Add support for verifying with modulus/exponent components for RSA
  • Update to 2018 edition
  • Changed aud field type in Validation to Option<HashSet<String>>. Audience validation now tests for "any-of-these" audience membership.
  • Add support for keys in PEM format
  • Add EncodingKey/DecodingKey API to improve performance and UX

6.0.1 (2019-05-10)

  • Fix Algorithm mapping in FromStr for RSA

6.0.0 (2019-04-21)

  • Update Ring to 0.14
  • Remove iat check to match the JWT spec
  • Add ES256 and ES384 signing decoding

5.0.1 (2018-09-10)

  • Add implementation of FromStr for Algorithm

5.0.0 (2018-08-13)

  • Update ring
  • Change error handling to be based on simple struct/enum rather than error-chain
  • Fix validations not being called properly in some cases
  • Default validation is not checking iat and nbf anymore

4.0.1 (2018-03-19)

  • Add method to decode a token without signature verification

4.0.0 (2017-11-22)

Breaking changes

  • Make it mandatory to specify the algorithm in decode

3.0.0 (2017-09-08)

Breaking changes

  • Remove validate_signature from Validation, use decode_header instead if you don't know the alg used
  • Make typ optional in header, some providers apparently don't use it

Others

  • Update ring & error-chain
  • Fix documentation about leeway being in seconds and not milliseconds
  • Add decode_header to only decode the header: replaces the use case of validate_signature

2.0.3 (2017-07-18)

  • Make TokenData public

2.0.2 (2017-06-24)

  • Update ring & chrono

2.0.1 (2017-05-09)

  • Update ring

2.0.0 (2017-04-23)

  • Use Serde instead of rustc_serialize
  • Add RSA support
  • API overhaul, see README for new usage
  • Add validation
  • Update all dependencies

Previous

  • 1.1.7: update ring
  • 1.1.6: update ring
  • 1.1.5: update ring version
  • 1.1.4: use ring instead of rust-crypto
  • 1.1.3: Make sign and verify public
  • 1.1.2: Update rust-crypto to 0.2.35
  • 1.1.1: Don't serialize empty fields in header
  • 1.1.0: Impl Error for jsonwebtoken errors
  • 1.0: Initial release