Fusionauth Jwt Versions Save

• Added access to the JWT header in the JWT object.

Correct JWT header to be a String, Object map to support embedded JWK. This is a potentially a breaking change.

• Resolves https://github.com/FusionAuth/fusionauth-jwt/issues/38 Thanks to @tommed for opening the issue.

Modify JSONWebKeySetResponse to be public in support of JPMS.

• Resolves https://github.com/FusionAuth/fusionauth-jwt/issues/36
• Thanks to @XakepSDK for raising the issue.

• Take PublicKey instead of RSAPublicKey or ECPublicKey on verifier methods and then validate the key to ensure the correct type.

• Support taking a PrivateKey object when building a signer in addition to a PEM.

  Resolves https://github.com/FusionAuth/fusionauth-jwt/issues/35 Thanks to @tommed for the request.

Bump optional dep bc-fips to 1.0.2.1 (1.0.2+P1)

• Upgraded Jackson Core to 2.12.2.
• Added additional methods for JSONWebKeySetHelper to modify the HTTP connection allowing you to modify timeout values.
• Resolves https://github.com/FusionAuth/fusionauth-jwt/issues/31 Thanks to @alienintheheights for the suggestion.
• Increased default timeouts in AbstractHttpHelper

• Upgraded Jackson Core to 2.12.1. This upgrade addresses CVE-2020-14060, CVE-2020-14061, CVE-2020-14062, CVE-2020-14195 and CVE-2020-24616 and CVE-2020-24750.

  See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14060 See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14061 See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14062 See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14195 See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24616 See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24750

  Resolves https://github.com/FusionAuth/fusionauth-jwt/issues/29 Thanks to @rvillane for opening the issue.

• Initial support for OAuth2 Authorization Server Metadata.

  Resolves https://github.com/FusionAuth/fusionauth-jwt/issues/23 Thanks to @jamietanna for his contribution.

Changes in 4.0.1

• Added ability to provide your own HttpURLConnection to the JSONWebKeySetHelper helper methods.

  Thanks to @rsatrio for the PR. https://github.com/FusionAuth/fusionauth-jwt/pull/27

Changes in 4.0.0

• Change the JWT header type from a enum to a string to support other JWT types. This is a breaking change so the major version has been incremented to version 4.0.0.

  Thanks to @rsatrio for the PR. See https://github.com/FusionAuth/fusionauth-jwt/pull/26

Changes in 3.6.0

• Add the x5c to the JSON Web Key Builder
• When provided, use the x5c JSON Web Key property to verify the public key modulus and exponent.
• Improve KeyUtils.getKeyLength to report the correct key length for some EC keys.
• Add support for clock skew in the JWT Decoder. See JWTDecoder.withClockSkew.
• Add TimeMachineJWTDecoder to support adjusting 'now' which may be helpful in tests to verify old JWTs.