jwt 2.2.1 → 2.2.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/test.yml +74 -0
- data/.rspec +1 -0
- data/.rubocop.yml +15 -16
- data/.rubocop_todo.yml +191 -0
- data/{.ebert.yml → .sourcelevel.yml} +1 -1
- data/AUTHORS +60 -43
- data/Appraisals +4 -8
- data/CHANGELOG.md +154 -20
- data/Gemfile +2 -0
- data/README.md +60 -6
- data/Rakefile +4 -1
- data/lib/jwt/algos/hmac.rb +1 -0
- data/lib/jwt/algos/none.rb +15 -0
- data/lib/jwt/algos/unsupported.rb +5 -4
- data/lib/jwt/algos.rb +44 -0
- data/lib/jwt/claims_validator.rb +9 -7
- data/lib/jwt/decode.rb +17 -8
- data/lib/jwt/encode.rb +5 -4
- data/lib/jwt/error.rb +14 -14
- data/lib/jwt/jwk/ec.rb +150 -0
- data/lib/jwt/jwk/hmac.rb +58 -0
- data/lib/jwt/jwk/key_base.rb +18 -0
- data/lib/jwt/jwk/key_finder.rb +6 -1
- data/lib/jwt/jwk/rsa.rb +93 -25
- data/lib/jwt/jwk.rb +29 -9
- data/lib/jwt/signature.rb +9 -22
- data/lib/jwt/version.rb +2 -2
- data/ruby-jwt.gemspec +0 -6
- metadata +14 -79
- data/.codeclimate.yml +0 -20
- data/.travis.yml +0 -20
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,109 @@
|
|
1
|
-
#
|
1
|
+
# Changelog
|
2
|
+
|
3
|
+
## [2.2.3](https://github.com/jwt/ruby-jwt/tree/2.2.3) (2021-04-19)
|
4
|
+
|
5
|
+
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.2.2...2.2.3)
|
6
|
+
|
7
|
+
**Implemented enhancements:**
|
8
|
+
|
9
|
+
- Verify algorithm before evaluating keyfinder [\#343](https://github.com/jwt/ruby-jwt/issues/343)
|
10
|
+
- Why jwt depends on json \< 2.0 ? [\#179](https://github.com/jwt/ruby-jwt/issues/179)
|
11
|
+
- Support for JWK in-lieu of rsa\_public [\#158](https://github.com/jwt/ruby-jwt/issues/158)
|
12
|
+
- Fix rspec `raise_error` warning [\#413](https://github.com/jwt/ruby-jwt/pull/413) ([excpt](https://github.com/excpt))
|
13
|
+
- Add support for JWKs with HMAC key type. [\#372](https://github.com/jwt/ruby-jwt/pull/372) ([phlegx](https://github.com/phlegx))
|
14
|
+
- Improve 'none' algorithm handling [\#365](https://github.com/jwt/ruby-jwt/pull/365) ([danleyden](https://github.com/danleyden))
|
15
|
+
- Handle parsed JSON JWKS input with string keys [\#348](https://github.com/jwt/ruby-jwt/pull/348) ([martinemde](https://github.com/martinemde))
|
16
|
+
- Allow Numeric values during encoding [\#327](https://github.com/jwt/ruby-jwt/pull/327) ([fanfilmu](https://github.com/fanfilmu))
|
17
|
+
|
18
|
+
**Closed issues:**
|
19
|
+
|
20
|
+
- "Signature verification raised", yet jwt.io says "Signature Verified" [\#401](https://github.com/jwt/ruby-jwt/issues/401)
|
21
|
+
- truffleruby-head build is failing [\#396](https://github.com/jwt/ruby-jwt/issues/396)
|
22
|
+
- JWT::JWK::EC needs `require 'forwardable'` [\#392](https://github.com/jwt/ruby-jwt/issues/392)
|
23
|
+
- How to use a 'signing key' as used by next-auth [\#389](https://github.com/jwt/ruby-jwt/issues/389)
|
24
|
+
- undefined method `verify' for nil:NilClass when validate a JWT with JWK [\#383](https://github.com/jwt/ruby-jwt/issues/383)
|
25
|
+
- Make specifying "algorithm" optional on decode [\#380](https://github.com/jwt/ruby-jwt/issues/380)
|
26
|
+
- ADFS created access tokens can't be validated due to missing 'kid' header [\#370](https://github.com/jwt/ruby-jwt/issues/370)
|
27
|
+
- new version? [\#355](https://github.com/jwt/ruby-jwt/issues/355)
|
28
|
+
- JWT gitlab OmniAuth provider setup support [\#354](https://github.com/jwt/ruby-jwt/issues/354)
|
29
|
+
- Release with support for RSA.import for ruby \< 2.4 hasn't been released [\#347](https://github.com/jwt/ruby-jwt/issues/347)
|
30
|
+
- cannot load such file -- jwt [\#339](https://github.com/jwt/ruby-jwt/issues/339)
|
31
|
+
|
32
|
+
**Merged pull requests:**
|
33
|
+
|
34
|
+
- Remove codeclimate code coverage dev dependency [\#414](https://github.com/jwt/ruby-jwt/pull/414) ([excpt](https://github.com/excpt))
|
35
|
+
- Add forwardable dependency [\#408](https://github.com/jwt/ruby-jwt/pull/408) ([anakinj](https://github.com/anakinj))
|
36
|
+
- Ignore casing of algorithm [\#405](https://github.com/jwt/ruby-jwt/pull/405) ([johnnyshields](https://github.com/johnnyshields))
|
37
|
+
- Document function and add tests for verify claims method [\#404](https://github.com/jwt/ruby-jwt/pull/404) ([yasonk](https://github.com/yasonk))
|
38
|
+
- documenting calling verify\_jti callback with 2 arguments in the readme [\#402](https://github.com/jwt/ruby-jwt/pull/402) ([HoneyryderChuck](https://github.com/HoneyryderChuck))
|
39
|
+
- Target the master branch on the build status badge [\#399](https://github.com/jwt/ruby-jwt/pull/399) ([anakinj](https://github.com/anakinj))
|
40
|
+
- Improving the local development experience [\#397](https://github.com/jwt/ruby-jwt/pull/397) ([anakinj](https://github.com/anakinj))
|
41
|
+
- Fix sourcelevel broken links [\#395](https://github.com/jwt/ruby-jwt/pull/395) ([anakinj](https://github.com/anakinj))
|
42
|
+
- Don't recommend installing gem with sudo [\#391](https://github.com/jwt/ruby-jwt/pull/391) ([tjschuck](https://github.com/tjschuck))
|
43
|
+
- Enable rubocop locally and on ci [\#390](https://github.com/jwt/ruby-jwt/pull/390) ([anakinj](https://github.com/anakinj))
|
44
|
+
- Ci and test cleanup [\#387](https://github.com/jwt/ruby-jwt/pull/387) ([anakinj](https://github.com/anakinj))
|
45
|
+
- Make JWT::JWK::EC compatible with Ruby 2.3 [\#386](https://github.com/jwt/ruby-jwt/pull/386) ([anakinj](https://github.com/anakinj))
|
46
|
+
- Support JWKs for pre 2.3 rubies [\#382](https://github.com/jwt/ruby-jwt/pull/382) ([anakinj](https://github.com/anakinj))
|
47
|
+
- Replace Travis CI with GitHub Actions \(also favor openssl/rbnacl combinations over rails compatibility tests\) [\#381](https://github.com/jwt/ruby-jwt/pull/381) ([anakinj](https://github.com/anakinj))
|
48
|
+
- Add auth0 sponsor message [\#379](https://github.com/jwt/ruby-jwt/pull/379) ([excpt](https://github.com/excpt))
|
49
|
+
- Adapt HMAC to JWK RSA code style. [\#378](https://github.com/jwt/ruby-jwt/pull/378) ([phlegx](https://github.com/phlegx))
|
50
|
+
- Disable Rails cops [\#376](https://github.com/jwt/ruby-jwt/pull/376) ([anakinj](https://github.com/anakinj))
|
51
|
+
- Support exporting RSA JWK private keys [\#375](https://github.com/jwt/ruby-jwt/pull/375) ([anakinj](https://github.com/anakinj))
|
52
|
+
- Ebert is SourceLevel nowadays [\#374](https://github.com/jwt/ruby-jwt/pull/374) ([anakinj](https://github.com/anakinj))
|
53
|
+
- Add support for JWKs with EC key type [\#371](https://github.com/jwt/ruby-jwt/pull/371) ([richardlarocque](https://github.com/richardlarocque))
|
54
|
+
- Add Truffleruby head to CI [\#368](https://github.com/jwt/ruby-jwt/pull/368) ([gogainda](https://github.com/gogainda))
|
55
|
+
- Add more docs about JWK support [\#341](https://github.com/jwt/ruby-jwt/pull/341) ([take](https://github.com/take))
|
56
|
+
|
57
|
+
## [v2.2.2](https://github.com/jwt/ruby-jwt/tree/v2.2.2) (2020-08-18)
|
58
|
+
|
59
|
+
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.2.1...v2.2.2)
|
60
|
+
|
61
|
+
**Implemented enhancements:**
|
62
|
+
|
63
|
+
- JWK does not decode. [\#332](https://github.com/jwt/ruby-jwt/issues/332)
|
64
|
+
- Inconsistent use of symbol and string keys in args \(exp and alrogithm\). [\#331](https://github.com/jwt/ruby-jwt/issues/331)
|
65
|
+
- Pin simplecov to \< 0.18 [\#356](https://github.com/jwt/ruby-jwt/pull/356) ([anakinj](https://github.com/anakinj))
|
66
|
+
- verifies algorithm before evaluating keyfinder [\#346](https://github.com/jwt/ruby-jwt/pull/346) ([jb08](https://github.com/jb08))
|
67
|
+
- Update Rails 6 appraisal to use actual release version [\#336](https://github.com/jwt/ruby-jwt/pull/336) ([smudge](https://github.com/smudge))
|
68
|
+
- Update Travis [\#326](https://github.com/jwt/ruby-jwt/pull/326) ([berkos](https://github.com/berkos))
|
69
|
+
- Improvement/encode hmac without key [\#312](https://github.com/jwt/ruby-jwt/pull/312) ([JotaSe](https://github.com/JotaSe))
|
70
|
+
|
71
|
+
**Fixed bugs:**
|
72
|
+
|
73
|
+
- v2.2.1 warning: already initialized constant JWT Error [\#335](https://github.com/jwt/ruby-jwt/issues/335)
|
74
|
+
- 2.2.1 is no longer raising `JWT::DecodeError` on `nil` verification key [\#328](https://github.com/jwt/ruby-jwt/issues/328)
|
75
|
+
- Fix algorithm picking from decode options [\#359](https://github.com/jwt/ruby-jwt/pull/359) ([excpt](https://github.com/excpt))
|
76
|
+
- Raise error when verification key is empty [\#358](https://github.com/jwt/ruby-jwt/pull/358) ([anakinj](https://github.com/anakinj))
|
77
|
+
|
78
|
+
**Closed issues:**
|
79
|
+
|
80
|
+
- JWT RSA: is it possible to encrypt using the public key? [\#366](https://github.com/jwt/ruby-jwt/issues/366)
|
81
|
+
- Example unsigned token that bypasses verification [\#364](https://github.com/jwt/ruby-jwt/issues/364)
|
82
|
+
- Verify exp claim/field even if it's not present [\#363](https://github.com/jwt/ruby-jwt/issues/363)
|
83
|
+
- Decode any token [\#360](https://github.com/jwt/ruby-jwt/issues/360)
|
84
|
+
- \[question\] example of using a pub/priv keys for signing? [\#351](https://github.com/jwt/ruby-jwt/issues/351)
|
85
|
+
- JWT::ExpiredSignature raised for non-JSON payloads [\#350](https://github.com/jwt/ruby-jwt/issues/350)
|
86
|
+
- verify\_aud only verifies that at least one aud is expected [\#345](https://github.com/jwt/ruby-jwt/issues/345)
|
87
|
+
- Sinatra 4.90s TTFB [\#344](https://github.com/jwt/ruby-jwt/issues/344)
|
88
|
+
- How to Logout [\#342](https://github.com/jwt/ruby-jwt/issues/342)
|
89
|
+
- jwt token decoding even when wrong token is provided for some letters [\#337](https://github.com/jwt/ruby-jwt/issues/337)
|
90
|
+
- Need to use `symbolize_keys` everywhere! [\#330](https://github.com/jwt/ruby-jwt/issues/330)
|
91
|
+
- eval\(\) used in Forwardable limits usage in iOS App Store [\#324](https://github.com/jwt/ruby-jwt/issues/324)
|
92
|
+
- HS512256 OpenSSL Exception: First num too large [\#322](https://github.com/jwt/ruby-jwt/issues/322)
|
93
|
+
- Can we change the separator character? [\#321](https://github.com/jwt/ruby-jwt/issues/321)
|
94
|
+
- Verifying iat without leeway may break with poorly synced clocks [\#319](https://github.com/jwt/ruby-jwt/issues/319)
|
95
|
+
- Adding support for 'hd' hosted domain string [\#314](https://github.com/jwt/ruby-jwt/issues/314)
|
96
|
+
- There is no "typ" header in version 2.0.0 [\#233](https://github.com/jwt/ruby-jwt/issues/233)
|
97
|
+
|
98
|
+
**Merged pull requests:**
|
99
|
+
|
100
|
+
- Release v2.2.2 [\#367](https://github.com/jwt/ruby-jwt/pull/367) ([excpt](https://github.com/excpt))
|
101
|
+
- Fix 'already initialized constant JWT Error' [\#357](https://github.com/jwt/ruby-jwt/pull/357) ([excpt](https://github.com/excpt))
|
102
|
+
- Support RSA.import for all Ruby versions. [\#333](https://github.com/jwt/ruby-jwt/pull/333) ([rabajaj0509](https://github.com/rabajaj0509))
|
103
|
+
- Removed forwardable dependency [\#325](https://github.com/jwt/ruby-jwt/pull/325) ([anakinj](https://github.com/anakinj))
|
2
104
|
|
3
105
|
## [v2.2.1](https://github.com/jwt/ruby-jwt/tree/v2.2.1) (2019-05-24)
|
106
|
+
|
4
107
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.2.0...v2.2.1)
|
5
108
|
|
6
109
|
**Fixed bugs:**
|
@@ -8,7 +111,12 @@
|
|
8
111
|
- need to `require 'forwardable'` to use `Forwardable` [\#316](https://github.com/jwt/ruby-jwt/issues/316)
|
9
112
|
- Add forwardable dependency for JWK RSA KeyFinder [\#317](https://github.com/jwt/ruby-jwt/pull/317) ([excpt](https://github.com/excpt))
|
10
113
|
|
114
|
+
**Merged pull requests:**
|
115
|
+
|
116
|
+
- Release 2.2.1 [\#318](https://github.com/jwt/ruby-jwt/pull/318) ([excpt](https://github.com/excpt))
|
117
|
+
|
11
118
|
## [v2.2.0](https://github.com/jwt/ruby-jwt/tree/v2.2.0) (2019-05-23)
|
119
|
+
|
12
120
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.2.0.pre.beta.0...v2.2.0)
|
13
121
|
|
14
122
|
**Closed issues:**
|
@@ -22,6 +130,7 @@
|
|
22
130
|
- Release 2.2.0 [\#315](https://github.com/jwt/ruby-jwt/pull/315) ([excpt](https://github.com/excpt))
|
23
131
|
|
24
132
|
## [v2.2.0.pre.beta.0](https://github.com/jwt/ruby-jwt/tree/v2.2.0.pre.beta.0) (2019-03-20)
|
133
|
+
|
25
134
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.1.0...v2.2.0.pre.beta.0)
|
26
135
|
|
27
136
|
**Implemented enhancements:**
|
@@ -46,17 +155,18 @@
|
|
46
155
|
**Fixed bugs:**
|
47
156
|
|
48
157
|
- Inconsistent handling of payload claim data types [\#282](https://github.com/jwt/ruby-jwt/issues/282)
|
49
|
-
- Use iat\\_leeway option [\#273](https://github.com/jwt/ruby-jwt/issues/273)
|
50
158
|
- Issued at validation [\#247](https://github.com/jwt/ruby-jwt/issues/247)
|
51
159
|
- Fix bug and simplify segment validation [\#292](https://github.com/jwt/ruby-jwt/pull/292) ([anakinj](https://github.com/anakinj))
|
52
|
-
|
160
|
+
|
161
|
+
**Security fixes:**
|
162
|
+
|
163
|
+
- Decoding JWT with ES256 and secp256k1 curve [\#277](https://github.com/jwt/ruby-jwt/issues/277)
|
53
164
|
|
54
165
|
**Closed issues:**
|
55
166
|
|
56
167
|
- RS256, public and private keys [\#291](https://github.com/jwt/ruby-jwt/issues/291)
|
57
168
|
- Allow passing current time to `decode` [\#288](https://github.com/jwt/ruby-jwt/issues/288)
|
58
169
|
- Verify exp claim without verifying jwt [\#281](https://github.com/jwt/ruby-jwt/issues/281)
|
59
|
-
- Decoding JWT with ES256 and secp256k1 curve [\#277](https://github.com/jwt/ruby-jwt/issues/277)
|
60
170
|
- Audience as an array - how to specify? [\#276](https://github.com/jwt/ruby-jwt/issues/276)
|
61
171
|
- signature validation using decode method for JWT [\#271](https://github.com/jwt/ruby-jwt/issues/271)
|
62
172
|
- JWT is easily breakable [\#267](https://github.com/jwt/ruby-jwt/issues/267)
|
@@ -85,12 +195,13 @@
|
|
85
195
|
- improving code quality of jwt module [\#266](https://github.com/jwt/ruby-jwt/pull/266) ([ab320012](https://github.com/ab320012))
|
86
196
|
- fixed ECDSA supported versions const [\#263](https://github.com/jwt/ruby-jwt/pull/263) ([starbeast](https://github.com/starbeast))
|
87
197
|
- Added my name to contributor list [\#262](https://github.com/jwt/ruby-jwt/pull/262) ([ab320012](https://github.com/ab320012))
|
88
|
-
- Use `Class
|
198
|
+
- Use `Class#new` Shorthand For Error Subclasses [\#255](https://github.com/jwt/ruby-jwt/pull/255) ([akabiru](https://github.com/akabiru))
|
89
199
|
- \[CI\] Test against Ruby 2.5 [\#253](https://github.com/jwt/ruby-jwt/pull/253) ([nicolasleger](https://github.com/nicolasleger))
|
90
200
|
- Fix README [\#250](https://github.com/jwt/ruby-jwt/pull/250) ([rono23](https://github.com/rono23))
|
91
201
|
- Fix link format [\#248](https://github.com/jwt/ruby-jwt/pull/248) ([y-yagi](https://github.com/y-yagi))
|
92
202
|
|
93
203
|
## [v2.1.0](https://github.com/jwt/ruby-jwt/tree/v2.1.0) (2017-10-06)
|
204
|
+
|
94
205
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.0.0...v2.1.0)
|
95
206
|
|
96
207
|
**Implemented enhancements:**
|
@@ -101,6 +212,7 @@
|
|
101
212
|
- verify takes 2 params, second being payload closes: \#207 [\#238](https://github.com/jwt/ruby-jwt/pull/238) ([ab320012](https://github.com/ab320012))
|
102
213
|
- simplified logic for keyfinder [\#237](https://github.com/jwt/ruby-jwt/pull/237) ([ab320012](https://github.com/ab320012))
|
103
214
|
- Show backtrace if rbnacl-libsodium not loaded [\#231](https://github.com/jwt/ruby-jwt/pull/231) ([buzztaiki](https://github.com/buzztaiki))
|
215
|
+
- Support for ED25519 [\#229](https://github.com/jwt/ruby-jwt/pull/229) ([ab320012](https://github.com/ab320012))
|
104
216
|
|
105
217
|
**Fixed bugs:**
|
106
218
|
|
@@ -108,6 +220,10 @@
|
|
108
220
|
- The README says it uses an algorithm by default [\#226](https://github.com/jwt/ruby-jwt/issues/226)
|
109
221
|
- Fix string payload issue [\#236](https://github.com/jwt/ruby-jwt/pull/236) ([excpt](https://github.com/excpt))
|
110
222
|
|
223
|
+
**Security fixes:**
|
224
|
+
|
225
|
+
- Add HS256 algorithm to decode default options [\#228](https://github.com/jwt/ruby-jwt/pull/228) ([marcoadkins](https://github.com/marcoadkins))
|
226
|
+
|
111
227
|
**Closed issues:**
|
112
228
|
|
113
229
|
- Change from 1.5.6 to 2.0.0 and appears a "Completed 401 Unauthorized" [\#240](https://github.com/jwt/ruby-jwt/issues/240)
|
@@ -119,14 +235,10 @@
|
|
119
235
|
- Update README.md [\#242](https://github.com/jwt/ruby-jwt/pull/242) ([excpt](https://github.com/excpt))
|
120
236
|
- Update ebert configuration [\#232](https://github.com/jwt/ruby-jwt/pull/232) ([excpt](https://github.com/excpt))
|
121
237
|
- added algos/strategy classes + structs for inputs [\#230](https://github.com/jwt/ruby-jwt/pull/230) ([ab320012](https://github.com/ab320012))
|
122
|
-
- Add HS256 algorithm to decode default options [\#228](https://github.com/jwt/ruby-jwt/pull/228) ([madkin10](https://github.com/madkin10))
|
123
238
|
|
124
239
|
## [v2.0.0](https://github.com/jwt/ruby-jwt/tree/v2.0.0) (2017-09-03)
|
125
|
-
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.0.0.beta1...v2.0.0)
|
126
240
|
|
127
|
-
|
128
|
-
|
129
|
-
- Support for ED25519 [\#229](https://github.com/jwt/ruby-jwt/pull/229) ([ab320012](https://github.com/ab320012))
|
241
|
+
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.0.0.beta1...v2.0.0)
|
130
242
|
|
131
243
|
**Fixed bugs:**
|
132
244
|
|
@@ -156,9 +268,9 @@
|
|
156
268
|
- Allow configuration of multiple acceptable issuers [\#210](https://github.com/jwt/ruby-jwt/pull/210) ([ojab](https://github.com/ojab))
|
157
269
|
- Enforce `exp` to be an `Integer` [\#205](https://github.com/jwt/ruby-jwt/pull/205) ([lucasmazza](https://github.com/lucasmazza))
|
158
270
|
- ruby 1.9.3 support message upd [\#204](https://github.com/jwt/ruby-jwt/pull/204) ([maokomioko](https://github.com/maokomioko))
|
159
|
-
- Guard against partially loaded RbNaCl when failing to load libsodium [\#202](https://github.com/jwt/ruby-jwt/pull/202) ([Dorian](https://github.com/Dorian))
|
160
271
|
|
161
272
|
## [v2.0.0.beta1](https://github.com/jwt/ruby-jwt/tree/v2.0.0.beta1) (2017-02-27)
|
273
|
+
|
162
274
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v1.5.6...v2.0.0.beta1)
|
163
275
|
|
164
276
|
**Implemented enhancements:**
|
@@ -178,7 +290,6 @@
|
|
178
290
|
|
179
291
|
- ruby-jwt::raw\_to\_asn1: Fails for signatures less than byte\_size [\#155](https://github.com/jwt/ruby-jwt/issues/155)
|
180
292
|
- The leeway parameter is applies to all time based verifications [\#129](https://github.com/jwt/ruby-jwt/issues/129)
|
181
|
-
- Add options for claim-specific leeway [\#187](https://github.com/jwt/ruby-jwt/pull/187) ([EmilioCristalli](https://github.com/EmilioCristalli))
|
182
293
|
- Make algorithm option required to verify signature [\#184](https://github.com/jwt/ruby-jwt/pull/184) ([EmilioCristalli](https://github.com/EmilioCristalli))
|
183
294
|
- Validate audience when payload is a scalar and options is an array [\#183](https://github.com/jwt/ruby-jwt/pull/183) ([steti](https://github.com/steti))
|
184
295
|
|
@@ -207,6 +318,7 @@
|
|
207
318
|
- Fixed a typo in a spec name [\#169](https://github.com/jwt/ruby-jwt/pull/169) ([mingan](https://github.com/mingan))
|
208
319
|
|
209
320
|
## [v1.5.6](https://github.com/jwt/ruby-jwt/tree/v1.5.6) (2016-09-19)
|
321
|
+
|
210
322
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v1.5.5...v1.5.6)
|
211
323
|
|
212
324
|
**Fixed bugs:**
|
@@ -219,6 +331,7 @@
|
|
219
331
|
- Fix rubocop code smells [\#167](https://github.com/jwt/ruby-jwt/pull/167) ([excpt](https://github.com/excpt))
|
220
332
|
|
221
333
|
## [v1.5.5](https://github.com/jwt/ruby-jwt/tree/v1.5.5) (2016-09-16)
|
334
|
+
|
222
335
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v1.5.4...v1.5.5)
|
223
336
|
|
224
337
|
**Implemented enhancements:**
|
@@ -234,11 +347,15 @@
|
|
234
347
|
- Version 1.5.3 breaks 1.9.3 compatibility, but not documented as such [\#132](https://github.com/jwt/ruby-jwt/issues/132)
|
235
348
|
- Fix: exp claim check [\#161](https://github.com/jwt/ruby-jwt/pull/161) ([excpt](https://github.com/excpt))
|
236
349
|
|
350
|
+
**Security fixes:**
|
351
|
+
|
352
|
+
- \[security\] Signature verified after expiration/sub/iss checks [\#153](https://github.com/jwt/ruby-jwt/issues/153)
|
353
|
+
- Signature validation before claim verification [\#160](https://github.com/jwt/ruby-jwt/pull/160) ([excpt](https://github.com/excpt))
|
354
|
+
|
237
355
|
**Closed issues:**
|
238
356
|
|
239
357
|
- Rendering Json Results in JWT::DecodeError [\#162](https://github.com/jwt/ruby-jwt/issues/162)
|
240
358
|
- PHP Libraries [\#154](https://github.com/jwt/ruby-jwt/issues/154)
|
241
|
-
- \[security\] Signature verified after expiration/sub/iss checks [\#153](https://github.com/jwt/ruby-jwt/issues/153)
|
242
359
|
- Is ruby-jwt thread-safe? [\#150](https://github.com/jwt/ruby-jwt/issues/150)
|
243
360
|
- JWT 1.5.3 [\#143](https://github.com/jwt/ruby-jwt/issues/143)
|
244
361
|
- gem install v 1.5.3 returns error [\#141](https://github.com/jwt/ruby-jwt/issues/141)
|
@@ -249,17 +366,15 @@
|
|
249
366
|
- Bump version [\#165](https://github.com/jwt/ruby-jwt/pull/165) ([excpt](https://github.com/excpt))
|
250
367
|
- Improve error message for exp claim in payload [\#164](https://github.com/jwt/ruby-jwt/pull/164) ([excpt](https://github.com/excpt))
|
251
368
|
- Fix \#151 and code refactoring [\#163](https://github.com/jwt/ruby-jwt/pull/163) ([excpt](https://github.com/excpt))
|
252
|
-
- Signature validation before claim verification [\#160](https://github.com/jwt/ruby-jwt/pull/160) ([excpt](https://github.com/excpt))
|
253
369
|
- Create specs for README.md examples [\#159](https://github.com/jwt/ruby-jwt/pull/159) ([excpt](https://github.com/excpt))
|
254
370
|
- Tiny Readme Improvement [\#156](https://github.com/jwt/ruby-jwt/pull/156) ([b264](https://github.com/b264))
|
255
371
|
- Added test execution to Rakefile [\#147](https://github.com/jwt/ruby-jwt/pull/147) ([jabbrwcky](https://github.com/jabbrwcky))
|
256
|
-
- Add more bling bling to the site [\#146](https://github.com/jwt/ruby-jwt/pull/146) ([excpt](https://github.com/excpt))
|
257
372
|
- Bump version [\#145](https://github.com/jwt/ruby-jwt/pull/145) ([excpt](https://github.com/excpt))
|
258
|
-
- Add first content and basic layout [\#144](https://github.com/jwt/ruby-jwt/pull/144) ([excpt](https://github.com/excpt))
|
259
373
|
- Add a changelog file [\#142](https://github.com/jwt/ruby-jwt/pull/142) ([excpt](https://github.com/excpt))
|
260
374
|
- Return decoded\_segments [\#139](https://github.com/jwt/ruby-jwt/pull/139) ([akostrikov](https://github.com/akostrikov))
|
261
375
|
|
262
376
|
## [v1.5.4](https://github.com/jwt/ruby-jwt/tree/v1.5.4) (2016-03-24)
|
377
|
+
|
263
378
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v1.5.3...v1.5.4)
|
264
379
|
|
265
380
|
**Closed issues:**
|
@@ -274,6 +389,7 @@
|
|
274
389
|
- iat can be a float value [\#134](https://github.com/jwt/ruby-jwt/pull/134) ([llimllib](https://github.com/llimllib))
|
275
390
|
|
276
391
|
## [v1.5.3](https://github.com/jwt/ruby-jwt/tree/v1.5.3) (2016-02-24)
|
392
|
+
|
277
393
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.5.2...v1.5.3)
|
278
394
|
|
279
395
|
**Implemented enhancements:**
|
@@ -305,6 +421,7 @@
|
|
305
421
|
- Fix error misspelling [\#112](https://github.com/jwt/ruby-jwt/pull/112) ([kat3kasper](https://github.com/kat3kasper))
|
306
422
|
|
307
423
|
## [jwt-1.5.2](https://github.com/jwt/ruby-jwt/tree/jwt-1.5.2) (2015-10-27)
|
424
|
+
|
308
425
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.5.1...jwt-1.5.2)
|
309
426
|
|
310
427
|
**Implemented enhancements:**
|
@@ -342,6 +459,7 @@
|
|
342
459
|
- nbf check allows exact time matches. [\#88](https://github.com/jwt/ruby-jwt/pull/88) ([aj-michael](https://github.com/aj-michael))
|
343
460
|
|
344
461
|
## [jwt-1.5.1](https://github.com/jwt/ruby-jwt/tree/jwt-1.5.1) (2015-06-22)
|
462
|
+
|
345
463
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.5.0...jwt-1.5.1)
|
346
464
|
|
347
465
|
**Implemented enhancements:**
|
@@ -353,7 +471,6 @@
|
|
353
471
|
|
354
472
|
- ECDSA signature verification fails for valid tokens [\#84](https://github.com/jwt/ruby-jwt/issues/84)
|
355
473
|
- Shouldn't verification of additional claims, like iss, aud etc. be enforced when in options? [\#81](https://github.com/jwt/ruby-jwt/issues/81)
|
356
|
-
- Fix either README or source code [\#78](https://github.com/jwt/ruby-jwt/issues/78)
|
357
474
|
- decode fails with 'none' algorithm and verify [\#75](https://github.com/jwt/ruby-jwt/issues/75)
|
358
475
|
|
359
476
|
**Closed issues:**
|
@@ -369,6 +486,7 @@
|
|
369
486
|
- Force verification of "iss" and "aud" claims [\#82](https://github.com/jwt/ruby-jwt/pull/82) ([lwe](https://github.com/lwe))
|
370
487
|
|
371
488
|
## [jwt-1.5.0](https://github.com/jwt/ruby-jwt/tree/jwt-1.5.0) (2015-05-09)
|
489
|
+
|
372
490
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.4.1...jwt-1.5.0)
|
373
491
|
|
374
492
|
**Implemented enhancements:**
|
@@ -386,6 +504,7 @@
|
|
386
504
|
- Fixed some examples to make them copy-pastable [\#72](https://github.com/jwt/ruby-jwt/pull/72) ([jer](https://github.com/jer))
|
387
505
|
|
388
506
|
## [jwt-1.4.1](https://github.com/jwt/ruby-jwt/tree/jwt-1.4.1) (2015-03-12)
|
507
|
+
|
389
508
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.4.0...jwt-1.4.1)
|
390
509
|
|
391
510
|
**Fixed bugs:**
|
@@ -399,6 +518,7 @@
|
|
399
518
|
- When throwing errors, mention expected/received values [\#65](https://github.com/jwt/ruby-jwt/pull/65) ([rolodato](https://github.com/rolodato))
|
400
519
|
|
401
520
|
## [jwt-1.4.0](https://github.com/jwt/ruby-jwt/tree/jwt-1.4.0) (2015-03-10)
|
521
|
+
|
402
522
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.3.0...jwt-1.4.0)
|
403
523
|
|
404
524
|
**Closed issues:**
|
@@ -414,6 +534,7 @@
|
|
414
534
|
- Clarify .encode API in README [\#60](https://github.com/jwt/ruby-jwt/pull/60) ([jbodah](https://github.com/jbodah))
|
415
535
|
|
416
536
|
## [jwt-1.3.0](https://github.com/jwt/ruby-jwt/tree/jwt-1.3.0) (2015-02-24)
|
537
|
+
|
417
538
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.2.1...jwt-1.3.0)
|
418
539
|
|
419
540
|
**Closed issues:**
|
@@ -429,9 +550,9 @@
|
|
429
550
|
|
430
551
|
- raise verification error for signiture verification [\#58](https://github.com/jwt/ruby-jwt/pull/58) ([punkle](https://github.com/punkle))
|
431
552
|
- Added support for not before claim verification [\#56](https://github.com/jwt/ruby-jwt/pull/56) ([punkle](https://github.com/punkle))
|
432
|
-
- Preperations for version 2.x [\#49](https://github.com/jwt/ruby-jwt/pull/49) ([excpt](https://github.com/excpt))
|
433
553
|
|
434
554
|
## [jwt-1.2.1](https://github.com/jwt/ruby-jwt/tree/jwt-1.2.1) (2015-01-22)
|
555
|
+
|
435
556
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.2.0...jwt-1.2.1)
|
436
557
|
|
437
558
|
**Closed issues:**
|
@@ -444,6 +565,7 @@
|
|
444
565
|
- Accept expiration claims as string [\#53](https://github.com/jwt/ruby-jwt/pull/53) ([yarmand](https://github.com/yarmand))
|
445
566
|
|
446
567
|
## [jwt-1.2.0](https://github.com/jwt/ruby-jwt/tree/jwt-1.2.0) (2014-11-24)
|
568
|
+
|
447
569
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.13...jwt-1.2.0)
|
448
570
|
|
449
571
|
**Closed issues:**
|
@@ -456,6 +578,7 @@
|
|
456
578
|
- rspec 3 breaks passing tests [\#44](https://github.com/jwt/ruby-jwt/pull/44) ([zshannon](https://github.com/zshannon))
|
457
579
|
|
458
580
|
## [jwt-0.1.13](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.13) (2014-05-08)
|
581
|
+
|
459
582
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-1.0.0...jwt-0.1.13)
|
460
583
|
|
461
584
|
**Closed issues:**
|
@@ -465,6 +588,7 @@
|
|
465
588
|
- Update gem to get latest changes [\#36](https://github.com/jwt/ruby-jwt/issues/36)
|
466
589
|
|
467
590
|
## [jwt-1.0.0](https://github.com/jwt/ruby-jwt/tree/jwt-1.0.0) (2014-05-07)
|
591
|
+
|
468
592
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.11...jwt-1.0.0)
|
469
593
|
|
470
594
|
**Closed issues:**
|
@@ -481,6 +605,7 @@
|
|
481
605
|
- Travis - Add Ruby 2.0.0, 2.1.0, Rubinius [\#30](https://github.com/jwt/ruby-jwt/pull/30) ([petergoldstein](https://github.com/petergoldstein))
|
482
606
|
|
483
607
|
## [jwt-0.1.11](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.11) (2014-01-17)
|
608
|
+
|
484
609
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.10...jwt-0.1.11)
|
485
610
|
|
486
611
|
**Closed issues:**
|
@@ -493,6 +618,7 @@
|
|
493
618
|
- fixed urlsafe base64 encoding [\#29](https://github.com/jwt/ruby-jwt/pull/29) ([tobscher](https://github.com/tobscher))
|
494
619
|
|
495
620
|
## [jwt-0.1.10](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.10) (2014-01-10)
|
621
|
+
|
496
622
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.8...jwt-0.1.10)
|
497
623
|
|
498
624
|
**Closed issues:**
|
@@ -510,6 +636,7 @@
|
|
510
636
|
- Don't leave errors in OpenSSL.errors when there is a decoding error. [\#19](https://github.com/jwt/ruby-jwt/pull/19) ([lowellk](https://github.com/lowellk))
|
511
637
|
|
512
638
|
## [jwt-0.1.8](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.8) (2013-03-14)
|
639
|
+
|
513
640
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.7...jwt-0.1.8)
|
514
641
|
|
515
642
|
**Merged pull requests:**
|
@@ -518,6 +645,7 @@
|
|
518
645
|
- Verify if verify is truthy \(not just true\) [\#17](https://github.com/jwt/ruby-jwt/pull/17) ([threedaymonk](https://github.com/threedaymonk))
|
519
646
|
|
520
647
|
## [jwt-0.1.7](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.7) (2013-03-07)
|
648
|
+
|
521
649
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.6...jwt-0.1.7)
|
522
650
|
|
523
651
|
**Merged pull requests:**
|
@@ -525,6 +653,7 @@
|
|
525
653
|
- Catch MultiJson::LoadError and reraise as JWT::DecodeError [\#16](https://github.com/jwt/ruby-jwt/pull/16) ([rwygand](https://github.com/rwygand))
|
526
654
|
|
527
655
|
## [jwt-0.1.6](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.6) (2013-03-05)
|
656
|
+
|
528
657
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.5...jwt-0.1.6)
|
529
658
|
|
530
659
|
**Merged pull requests:**
|
@@ -533,6 +662,7 @@
|
|
533
662
|
- Use StandardError as parent for DecodeError [\#13](https://github.com/jwt/ruby-jwt/pull/13) ([Oscil8](https://github.com/Oscil8))
|
534
663
|
|
535
664
|
## [jwt-0.1.5](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.5) (2012-07-20)
|
665
|
+
|
536
666
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.4...jwt-0.1.5)
|
537
667
|
|
538
668
|
**Closed issues:**
|
@@ -545,9 +675,11 @@
|
|
545
675
|
- Oops. :-\) [\#11](https://github.com/jwt/ruby-jwt/pull/11) ([sporkmonger](https://github.com/sporkmonger))
|
546
676
|
- Fix issue with signature verification in JRuby [\#10](https://github.com/jwt/ruby-jwt/pull/10) ([sporkmonger](https://github.com/sporkmonger))
|
547
677
|
- Depend on MultiJson [\#9](https://github.com/jwt/ruby-jwt/pull/9) ([lautis](https://github.com/lautis))
|
678
|
+
- Allow for custom headers on encode and decode [\#8](https://github.com/jwt/ruby-jwt/pull/8) ([dgrijalva](https://github.com/dgrijalva))
|
548
679
|
- Missing development dependency for echoe gem. [\#6](https://github.com/jwt/ruby-jwt/pull/6) ([sporkmonger](https://github.com/sporkmonger))
|
549
680
|
|
550
681
|
## [jwt-0.1.4](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.4) (2011-11-11)
|
682
|
+
|
551
683
|
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/jwt-0.1.3...jwt-0.1.4)
|
552
684
|
|
553
685
|
**Merged pull requests:**
|
@@ -555,16 +687,18 @@
|
|
555
687
|
- Fix for RSA verification [\#5](https://github.com/jwt/ruby-jwt/pull/5) ([jordan-brough](https://github.com/jordan-brough))
|
556
688
|
|
557
689
|
## [jwt-0.1.3](https://github.com/jwt/ruby-jwt/tree/jwt-0.1.3) (2011-06-30)
|
690
|
+
|
691
|
+
[Full Changelog](https://github.com/jwt/ruby-jwt/compare/10d7492ea325c65fce41191c73cd90d4de494772...jwt-0.1.3)
|
692
|
+
|
558
693
|
**Closed issues:**
|
559
694
|
|
560
695
|
- signatures calculated incorrectly \(hexdigest instead of digest\) [\#1](https://github.com/jwt/ruby-jwt/issues/1)
|
561
696
|
|
562
697
|
**Merged pull requests:**
|
563
698
|
|
564
|
-
- Allow for custom headers on encode and decode [\#8](https://github.com/jwt/ruby-jwt/pull/8) ([dgrijalva](https://github.com/dgrijalva))
|
565
699
|
- Bumped a version and added a .gemspec using rake build\_gemspec [\#3](https://github.com/jwt/ruby-jwt/pull/3) ([zhitomirskiyi](https://github.com/zhitomirskiyi))
|
566
700
|
- Added RSA support [\#2](https://github.com/jwt/ruby-jwt/pull/2) ([zhitomirskiyi](https://github.com/zhitomirskiyi))
|
567
701
|
|
568
702
|
|
569
703
|
|
570
|
-
\* *This
|
704
|
+
\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
|
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -1,11 +1,11 @@
|
|
1
1
|
# JWT
|
2
2
|
|
3
3
|
[![Gem Version](https://badge.fury.io/rb/jwt.svg)](https://badge.fury.io/rb/jwt)
|
4
|
-
[![Build Status](https://
|
4
|
+
[![Build Status](https://github.com/jwt/ruby-jwt/workflows/test/badge.svg?branch=master)](https://github.com/jwt/ruby-jwt/actions)
|
5
5
|
[![Code Climate](https://codeclimate.com/github/jwt/ruby-jwt/badges/gpa.svg)](https://codeclimate.com/github/jwt/ruby-jwt)
|
6
6
|
[![Test Coverage](https://codeclimate.com/github/jwt/ruby-jwt/badges/coverage.svg)](https://codeclimate.com/github/jwt/ruby-jwt/coverage)
|
7
7
|
[![Issue Count](https://codeclimate.com/github/jwt/ruby-jwt/badges/issue_count.svg)](https://codeclimate.com/github/jwt/ruby-jwt)
|
8
|
-
[![
|
8
|
+
[![SourceLevel](https://app.sourcelevel.io/github/jwt/-/ruby-jwt.svg)](https://app.sourcelevel.io/github/jwt/-/ruby-jwt)
|
9
9
|
|
10
10
|
A ruby implementation of the [RFC 7519 OAuth JSON Web Token (JWT)](https://tools.ietf.org/html/rfc7519) standard.
|
11
11
|
|
@@ -16,11 +16,17 @@ If you have further questions related to development or usage, join us: [ruby-jw
|
|
16
16
|
* Ruby 1.9.3 support was dropped at December 31st, 2016.
|
17
17
|
* Version 1.5.3 yanked. See: [#132](https://github.com/jwt/ruby-jwt/issues/132) and [#133](https://github.com/jwt/ruby-jwt/issues/133)
|
18
18
|
|
19
|
+
## Sponsors
|
20
|
+
|
21
|
+
|Logo|Message|
|
22
|
+
|-|-|
|
23
|
+
|![auth0 logo](https://user-images.githubusercontent.com/83319/31722733-de95bbde-b3ea-11e7-96bf-4f4e8f915588.png)|If you want to quickly add secure token-based authentication to Ruby projects, feel free to check Auth0's Ruby SDK and free plan at [auth0.com/developers](https://auth0.com/developers?utm_source=GHsponsor&utm_medium=GHsponsor&utm_campaign=rubyjwt&utm_content=auth)|
|
24
|
+
|
19
25
|
## Installing
|
20
26
|
|
21
27
|
### Using Rubygems:
|
22
28
|
```bash
|
23
|
-
|
29
|
+
gem install jwt
|
24
30
|
```
|
25
31
|
|
26
32
|
### Using Bundler:
|
@@ -79,6 +85,21 @@ puts token
|
|
79
85
|
|
80
86
|
decoded_token = JWT.decode token, hmac_secret, true, { algorithm: 'HS256' }
|
81
87
|
|
88
|
+
# Array
|
89
|
+
# [
|
90
|
+
# {"data"=>"test"}, # payload
|
91
|
+
# {"alg"=>"HS256"} # header
|
92
|
+
# ]
|
93
|
+
puts decoded_token
|
94
|
+
|
95
|
+
# Without secret key
|
96
|
+
token = JWT.encode payload, nil, 'HS256'
|
97
|
+
|
98
|
+
# eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoidGVzdCJ9.pVzcY2dX8JNM3LzIYeP2B1e1Wcpt1K3TWVvIYSF4x-o
|
99
|
+
puts token
|
100
|
+
|
101
|
+
decoded_token = JWT.decode token, nil, true, { algorithm: 'HS256' }
|
102
|
+
|
82
103
|
# Array
|
83
104
|
# [
|
84
105
|
# {"data"=>"test"}, # payload
|
@@ -270,6 +291,12 @@ rescue JWT::ExpiredSignature
|
|
270
291
|
end
|
271
292
|
```
|
272
293
|
|
294
|
+
The Expiration Claim verification can be disabled.
|
295
|
+
```ruby
|
296
|
+
# Decode token without raising JWT::ExpiredSignature error
|
297
|
+
JWT.decode token, hmac_secret, true, { verify_expiration: false, algorithm: 'HS256' }
|
298
|
+
```
|
299
|
+
|
273
300
|
**Adding Leeway**
|
274
301
|
|
275
302
|
```ruby
|
@@ -310,6 +337,12 @@ rescue JWT::ImmatureSignature
|
|
310
337
|
end
|
311
338
|
```
|
312
339
|
|
340
|
+
The Not Before Claim verification can be disabled.
|
341
|
+
```ruby
|
342
|
+
# Decode token without raising JWT::ImmatureSignature error
|
343
|
+
JWT.decode token, hmac_secret, true, { verify_not_before: false, algorithm: 'HS256' }
|
344
|
+
```
|
345
|
+
|
313
346
|
**Adding Leeway**
|
314
347
|
|
315
348
|
```ruby
|
@@ -391,6 +424,8 @@ begin
|
|
391
424
|
#decoded_token = JWT.decode token, hmac_secret, true, { verify_jti: true, algorithm: 'HS256' }
|
392
425
|
# Alternatively, pass a proc with your own code to check if the JTI has already been used
|
393
426
|
decoded_token = JWT.decode token, hmac_secret, true, { verify_jti: proc { |jti| my_validation_method(jti) }, algorithm: 'HS256' }
|
427
|
+
# or
|
428
|
+
decoded_token = JWT.decode token, hmac_secret, true, { verify_jti: proc { |jti, payload| my_validation_method(jti, payload) }, algorithm: 'HS256' }
|
394
429
|
rescue JWT::InvalidJtiError
|
395
430
|
# Handle invalid token, e.g. logout user or deny access
|
396
431
|
puts 'Error'
|
@@ -460,10 +495,28 @@ begin
|
|
460
495
|
rescue JWT::JWKError
|
461
496
|
# Handle problems with the provided JWKs
|
462
497
|
rescue JWT::DecodeError
|
463
|
-
# Handle other decode related issues e.g. no kid in header, no matching public key found etc.
|
498
|
+
# Handle other decode related issues e.g. no kid in header, no matching public key found etc.
|
464
499
|
end
|
465
500
|
```
|
466
501
|
|
502
|
+
or by passing JWK as a simple Hash
|
503
|
+
|
504
|
+
```
|
505
|
+
jwks = { keys: [{ ... }] } # keys needs to be Symbol
|
506
|
+
JWT.decode(token, nil, true, { algorithms: ['RS512'], jwks: jwks})
|
507
|
+
```
|
508
|
+
|
509
|
+
### Importing and exporting JSON Web Keys
|
510
|
+
|
511
|
+
The ::JWT::JWK class can be used to import and export both the public key (default behaviour) and the private key. To include the private key in the export pass the `include_private` parameter to the export method.
|
512
|
+
|
513
|
+
```ruby
|
514
|
+
jwk = JWT::JWK.new(OpenSSL::PKey::RSA.new(2048))
|
515
|
+
|
516
|
+
jwk_hash = jwk.export
|
517
|
+
jwk_hash_with_private_key = jwk.export(include_private: true)
|
518
|
+
```
|
519
|
+
|
467
520
|
# Development and Tests
|
468
521
|
|
469
522
|
We depend on [Bundler](http://rubygems.org/gems/bundler) for defining gemspec and performing releases to rubygems.org, which can be done with
|
@@ -472,10 +525,11 @@ We depend on [Bundler](http://rubygems.org/gems/bundler) for defining gemspec an
|
|
472
525
|
rake release
|
473
526
|
```
|
474
527
|
|
475
|
-
The tests are written with rspec.
|
528
|
+
The tests are written with rspec. [Appraisal](https://github.com/thoughtbot/appraisal) is used to ensure compatibility with 3rd party dependencies providing cryptographic features.
|
476
529
|
|
477
530
|
```bash
|
478
|
-
bundle
|
531
|
+
bundle install
|
532
|
+
bundle exec appraisal rake test
|
479
533
|
```
|
480
534
|
|
481
535
|
**If you want a release cut with your PR, please include a version bump according to [Semantic Versioning](http://semver.org/)**
|
data/Rakefile
CHANGED
@@ -1,11 +1,14 @@
|
|
1
|
+
require 'bundler/setup'
|
1
2
|
require 'bundler/gem_tasks'
|
2
3
|
|
3
4
|
begin
|
4
5
|
require 'rspec/core/rake_task'
|
6
|
+
require 'rubocop/rake_task'
|
5
7
|
|
6
8
|
RSpec::Core::RakeTask.new(:test)
|
9
|
+
RuboCop::RakeTask.new(:rubocop)
|
7
10
|
|
8
|
-
task default:
|
11
|
+
task default: %i[rubocop test]
|
9
12
|
rescue LoadError
|
10
13
|
puts 'RSpec rake tasks not available. Please run "bundle install" to install missing dependencies.'
|
11
14
|
end
|
data/lib/jwt/algos/hmac.rb
CHANGED
@@ -3,14 +3,15 @@ module JWT
|
|
3
3
|
module Unsupported
|
4
4
|
module_function
|
5
5
|
|
6
|
-
SUPPORTED =
|
7
|
-
def verify(*)
|
8
|
-
raise JWT::VerificationError, 'Algorithm not supported'
|
9
|
-
end
|
6
|
+
SUPPORTED = [].freeze
|
10
7
|
|
11
8
|
def sign(*)
|
12
9
|
raise NotImplementedError, 'Unsupported signing method'
|
13
10
|
end
|
11
|
+
|
12
|
+
def verify(*)
|
13
|
+
raise JWT::VerificationError, 'Algorithm not supported'
|
14
|
+
end
|
14
15
|
end
|
15
16
|
end
|
16
17
|
end
|