3.8.3 (2019-09-25)
Security
- Fix: updated jackson-databind to 2.10.0.pr3 to block CVE #356 (danbrodsky)
3.8.2 (2019-08-15)
Security
- Fix: updated jackson-databind to 2.9.9.3 to block CVE #347 (danbrodsky)
3.8.1 (2019-05-22)
Security
- Bump dependencies and fix security issue #337 (lbalmaceda)
3.8.0 (2019-03-14)
Added
- Support multiple issuers #246 #288 (itdevelopmentapps)
3.7.0 (2019-01-29)
Added
3.6.0 (2019-01-24)
Added
- Allow to skip "issued at" validation #297 (complanboy2)
3.5.0 (2019-01-03)
Added
- Verify a DecodedJWT #308 (martinoconnor)
Changed
Fixed
- Remove unnecessary cast between long/double and floor call #296 (jhorstmann)
Security
- Bump jackson-databind to patch security issues #309 (lbalmaceda)
3.4.1 (2018-10-24)
Security
- Update jackson-databind dependency #292 (lbalmaceda)
3.4.0 (2018-06-13)
Changed
- Fix for issue #236 - refactored HMACAlgorithm so that it doesn't throw an UnsupportedEncodingException #242 (obecker)
- Throw JWTDecodeException when date claim format is invalid #241 (lbalmaceda)
Security
3.3.0 (2017-11-06)
Full Changelog Closed issues
- Wrong ES256 signature length #187
Fixed
- Rework ECDSA #212 (lbalmaceda)
- Instantiate exception only when required #198 (rumdidumdum)
3.2.0 (2017-05-04)
Full Changelog Closed issues
- Claim.isNull() returns true for JSON Object constructed claims #160
- Incorrectly rejects whitespace after JSON header as invalid #144
- No token type #136
- Timestamps are limited by Integer/int to 2038-01-19T04:14:07.000+0100 #132
Added
- Refactor KeyProvider to receive the "Key Id" #167 (lbalmaceda)
- Add Sign/Verify of Long type claims #157 (vrancic)
- added date validation dedicated exception #155 (Spyna)
- Allow to get a Claim as Map #152 (lbalmaceda)
- Add Algorithm KeyProvider interface #149 (lbalmaceda)
- Instantiate RSA/EC Algorithm with both keys #147 (lbalmaceda)
- Add Key Id setter and set JWT Type after signing #138 (lbalmaceda)
Changed
- Change the JWT.decode() return type to DecodedJWT #150 (lbalmaceda)
Fixed
- Fix Claim.isNull() method for JSON Objects #161 (lbalmaceda)
- Accept blanks, new line and carriage returns on JSON #151 (lbalmaceda)
- Fix Date value conversion #137 (lbalmaceda)
3.1.0 (2017-01-04)
Added
- Make Clock customization accessible for verification #125 (lbalmaceda)
- Add getter for all the Payload's Claims #124 (lbalmaceda)
- Accept Array type on verification and creation. #123 (lbalmaceda)
3.0.2 (2016-12-13)
Fixed
3.0.1 (2016-12-05)
Update to allow sync with Maven Central
3.0.0 (2016-12-05)
Reimplemented java-jwt to improve API and include more signing algorithms
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.0.0</version>
</dependency>
compile 'com.auth0:java-jwt:3.0.0'
The library implements JWT Verification and Signing using the following algorithms:
JWS | Algorithm | Description |
---|---|---|
HS256 | HMAC256 | HMAC with SHA-256 |
HS384 | HMAC384 | HMAC with SHA-384 |
HS512 | HMAC512 | HMAC with SHA-512 |
RS256 | RSA256 | RSASSA-PKCS1-v1_5 with SHA-256 |
RS384 | RSA384 | RSASSA-PKCS1-v1_5 with SHA-384 |
RS512 | RSA512 | RSASSA-PKCS1-v1_5 with SHA-512 |
ES256 | ECDSA256 | ECDSA with curve P-256 and SHA-256 |
ES384 | ECDSA384 | ECDSA with curve P-384 and SHA-384 |
ES512 | ECDSA512 | ECDSA with curve P-521 and SHA-512 |