v3.0.0.beta1

Breaking Changes

📅 Jan 25, 2025📦 jwt-librariesView on GitHub →

⚠ 8 breaking✨ 3 features🔧 3 symbols

Summary

This major beta release introduces significant breaking changes, including stricter signature verification, removal of deprecated methods and the rbnacl dependency, and updates to algorithm and key requirements. It also adds the convenient JWT::EncodedToken#verify! method.

⚠️ Breaking Changes

Require token signature to be verified before accessing payload.
Drop support for the HS512256 algorithm.
Remove deprecated claim verification methods.
Remove dependency to rbnacl.
Support only stricter base64 decoding (RFC 4648).
Custom algorithms are required to include `JWT::JWA::SigningAlgorithm`.
Require RSA keys to be at least 2048 bits.
Base64 encode and decode the k value for HMAC JWKs.

Migration Steps

Consult the [upgrade guide](UPGRADING.md) for detailed upgrade instructions.

✨ New Features

JWT::EncodedToken#verify! method that bundles signature and claim validation.
Do not override the alg header if already given.
Make `JWK::KeyFinder` compatible with `JWT::EncodedToken`.

Affected Symbols

JWT::EncodedToken#verify!JWT::JWA::SigningAlgorithm JWK::KeyFinder