CHANGELOG.md

Change Log

3.10.0 (2020-02-14)

Full Changelog Closed issues

• NullPointerException when the claim doesn't exist in the token #384

Added

• Add Javadoc URL and badge to the README #382 (lbalmaceda)
• Allow to customize the typ header claim #381 (lbalmaceda)
• JWTCreator for basic types #282 (skjolber)
• Support verification of Long[] datatype like in JWTCreator #278 (skjolber)

Changed

• Update to Gradle 6.1.1 #389 (jimmyjames)

Fixed

• Handle missing expected array claim #393 (lbalmaceda)
• Update tests to use valid Base64 URL-encoded tokens #386 (jimmyjames)

3.9.0 (2020-01-02)

Full Changelog

Added

• Support serialization of DecodedJWT #370 (jimmyjames)

Fixed

• Fixing JwtCreator builder when setting headers as a map #320 (maxbalan)

3.8.3 (2019-09-25)

Full Changelog

Security

• Fix: updated jackson-databind to 2.10.0.pr3 to block CVE #356 (danbrodsky)

3.8.2 (2019-08-15)

Full Changelog

Security

• Fix: updated jackson-databind to 2.9.9.3 to block CVE #347 (danbrodsky)

3.8.1 (2019-05-22)

Full Changelog

Security

• Bump dependencies and fix security issue #337 (lbalmaceda)

3.8.0 (2019-03-14)

Full Changelog

Added

• Support multiple issuers #246 #288 (itdevelopmentapps)

3.7.0 (2019-01-29)

Full Changelog

Added

• Performance improvements #255 (skjolber)

3.6.0 (2019-01-24)

Full Changelog

Added

• Allow to skip "issued at" validation #297 (complanboy2)

3.5.0 (2019-01-03)

Full Changelog

Added

• Verify a DecodedJWT #308 (martinoconnor)

Changed

• Add an interface for JWTVerifier. #205 (jebbench)

Fixed

• Remove unnecessary cast between long/double and floor call #296 (jhorstmann)

Security

• Bump jackson-databind to patch security issues #309 (lbalmaceda)

3.4.1 (2018-10-24)

Full Changelog

Security

• Update jackson-databind dependency #292 (lbalmaceda)

3.4.0 (2018-06-13)

Full Changelog

Breaking Changes

• Fix for #236 - refactored HMACAlgorithm so that it doesn't throw an UnsupportedEncodingException #242 (obecker).

Clients using the following methods may need to update their code to not catch an UnsupportedEncodingException:

• public static Algorithm HMAC384(String secret)
• public static Algorithm HMAC256(String secret)
• public static Algorithm HMAC512(String secret)

Changed

• Throw JWTDecodeException when date claim format is invalid #241 (lbalmaceda)

Security

• Bump Jackson dependency #244 (skjolber)

3.3.0 (2017-11-06)

Full Changelog Closed issues

• Wrong ES256 signature length #187

Fixed

• Rework ECDSA #212 (lbalmaceda)
• Instantiate exception only when required #198 (rumdidumdum)

3.2.0 (2017-05-04)

Full Changelog Closed issues

• Claim.isNull() returns true for JSON Object constructed claims #160
• Incorrectly rejects whitespace after JSON header as invalid #144
• No token type #136
• Timestamps are limited by Integer/int to 2038-01-19T04:14:07.000+0100 #132

Added

• Refactor KeyProvider to receive the "Key Id" #167 (lbalmaceda)
• Add Sign/Verify of Long type claims #157 (vrancic)
• added date validation dedicated exception #155 (Spyna)
• Allow to get a Claim as Map #152 (lbalmaceda)
• Add Algorithm KeyProvider interface #149 (lbalmaceda)
• Instantiate RSA/EC Algorithm with both keys #147 (lbalmaceda)
• Add Key Id setter and set JWT Type after signing #138 (lbalmaceda)

Changed

• Change the JWT.decode() return type to DecodedJWT #150 (lbalmaceda)

Fixed

• Fix Claim.isNull() method for JSON Objects #161 (lbalmaceda)
• Accept blanks, new line and carriage returns on JSON #151 (lbalmaceda)
• Fix Date value conversion #137 (lbalmaceda)

3.1.0 (2017-01-04)

Full Changelog

Added

• Make Clock customization accessible for verification #125 (lbalmaceda)
• Add getter for all the Payload's Claims #124 (lbalmaceda)
• Accept Array type on verification and creation. #123 (lbalmaceda)

3.0.2 (2016-12-13)

Full Changelog

Fixed

• Add targetCompatibility to 1.7 #121 (hzalaz)

3.0.1 (2016-12-05)

Full Changelog

Update to allow sync with Maven Central

3.0.0 (2016-12-05)

Reimplemented java-jwt to improve API and include more signing algorithms

Installation

Maven

<dependency>
    <groupId>com.auth0</groupId>
    <artifactId>java-jwt</artifactId>
    <version>3.0.0</version>
</dependency>

Gradle

compile 'com.auth0:java-jwt:3.0.0'

Available Algorithms

The library implements JWT Verification and Signing using the following algorithms:

JWS	Algorithm	Description
HS256	HMAC256	HMAC with SHA-256
HS384	HMAC384	HMAC with SHA-384
HS512	HMAC512	HMAC with SHA-512
RS256	RSA256	RSASSA-PKCS1-v1_5 with SHA-256
RS384	RSA384	RSASSA-PKCS1-v1_5 with SHA-384
RS512	RSA512	RSASSA-PKCS1-v1_5 with SHA-512
ES256	ECDSA256	ECDSA with curve P-256 and SHA-256
ES384	ECDSA384	ECDSA with curve P-384 and SHA-384
ES512	ECDSA512	ECDSA with curve P-521 and SHA-512