A really simple library to generate JSON Web Tokens in PHP.
This release upgrades the ReallySimpleJWT library to work with PHP 8 and above. It also makes some significant design tweaks to the underlying codebase which should empower further improvements and functionality. The core interfaces for the library remain unchanged which should minimise the impact of the release.
The main design changes are the removal of the Secret class and interface, secret validation is now handled in the relevant encoding class. Token structure validation is now enforced in the Jwt value object class and not the Validator class. The Validate class now depends on the Parsed class, not the Parse class. This simplifies the Parse class and means token claim data access is only in one place.
Additional Work:
To Do:
sed
command implementation in the CI pipeline.user_id
and sub
claims.Notes:
This is the Release Candidate for version 5.0.0, only minor fixes will be made from this point until the release. The main change for this release is ensuring the documentation is correct both in the code comments and in the README.
Additional Work:
To Do:
sed
command implementation in the CI pipeline.This is the first release for version 5.0 of ReallySimpleJWT and introduces a number of significant architectural changes. It is a Beta release rather than an Alpha as it should work without any significant issues.
Version 5.0 further simplifies the code design and architecture, this should result in a more flexible library. And it should enable the introduction of Public-Private Keys for signature and token security.
The release will also upgrade the library to support PHP 8.1 and drop support for PHP 7.4. This needs to be done to enable the use of all the new features in PHP 8.0.
Additional Work:
To Do:
This release fixes a bug with the way the package validates Not Before claims in tokens. The Not Before claim defines when a token is usable from, it should have validated when the nbf claim matched the current time, but it didn't. This has been resolved.
See issue #69 for further details.
Additional Work:
This security patch adds a check to the Tokens::validate()
method to ensure the algorithm provided is not set to none as this may result in token misuse.
Additional Work:
This security patch adds a check to the Parse::validate()
method to ensure the algorithm provided is not set to none as this may result in token misuse.
Additional Work:
This release makes some documentation improvements to the README based on issue #63 to make validation method usage clearer in the Token class.
Additional Work:
Version 4.0.0 of ReallySimpleJWT is a significant release as it makes numerous interface changes to improve the composability of the package. It also upgrades PHP support from version 7.2 and above to version 7.4 and above.
The core Token
class interface mainly remains unaffected by this release, but a lot of what sits behind it has changed. The Token
class is now just a static interface wrapper around the new Tokens
class. This enables developers to instantiate and inject the core ReallySimpleJWT functionality if they chose too.
In addition, the validation functionality which existed in the Parse
class has been abstracted away and now just exists in the Validate
and Helper\Validator
classes. Also a number of interfaces for encoding, decoding and validation have been created, this increases composability and allows developers to amend functionality to meet their needs.
Additional Work:
To Do:
This is the Release Candidate for version 4.0.0 of the Really Simple JWT package. No further interface or functional changes will be made before the 4.0.0 release, only bug fixes and documentation updates.
The release focuses on documentation improvements to the README and the code comments. As a result of this a number of functionality and interface improvements have been made to make the code cleaner and clearer.
Additional Work:
To Do:
This Beta release gets version 4.0.0 into a working state and completes the design changes. Primarily it fixes the unit tests, integration tests and benchmark tests so they now all work with the new interfaces.
Additional Work:
ToDo: