A simple to use Java 8 JWT Library. Verify, Sign, Encode, Decode all day.
Correct JWT header to be a String, Object map to support embedded JWK. This is a potentially a breaking change.
Modify JSONWebKeySetResponse
to be public in support of JPMS.
Take PublicKey instead of RSAPublicKey or ECPublicKey on verifier methods and then validate the key to ensure the correct type.
Support taking a PrivateKey object when building a signer in addition to a PEM.
Resolves https://github.com/FusionAuth/fusionauth-jwt/issues/35 Thanks to @tommed for the request.
Bump optional dep bc-fips to 1.0.2.1 (1.0.2+P1)
Upgraded Jackson Core to 2.12.1. This upgrade addresses CVE-2020-14060, CVE-2020-14061, CVE-2020-14062, CVE-2020-14195 and CVE-2020-24616 and CVE-2020-24750.
See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14060 See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14061 See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14062 See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14195 See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24616 See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24750
Resolves https://github.com/FusionAuth/fusionauth-jwt/issues/29 Thanks to @rvillane for opening the issue.
Initial support for OAuth2 Authorization Server Metadata.
Resolves https://github.com/FusionAuth/fusionauth-jwt/issues/23 Thanks to @jamietanna for his contribution.
Changes in 4.0.1
Added ability to provide your own HttpURLConnection to the JSONWebKeySetHelper helper methods.
Thanks to @rsatrio for the PR. https://github.com/FusionAuth/fusionauth-jwt/pull/27
Changes in 4.0.0
Change the JWT header type from a enum to a string to support other JWT types. This is a breaking change so the major version has been incremented to version 4.0.0.
Thanks to @rsatrio for the PR. See https://github.com/FusionAuth/fusionauth-jwt/pull/26
Changes in 3.6.0