v0.7.0

Breaking Changes ⚠️

Originally published in 0.7.0 Release Candidate 0

• Allow generic access to JWT header and payload (#251)
  • get_payload_claims() was replaced by get_payload_json()
• Removing extra exception aliases (#257)

Improvements

• Allow moving decoded_jwt (#225) @Ka0o0
• Add verify context trait template specialization (#229) @sirzooro
• Allow to retrieve list of claims (#231) @Ka0o0
• Use EVP_PKEY_up_ref if available (#238)
• Support for Base64url with case insensitive padding (#219)
• A NuGet package now exists (#262) @diogo-strube
• Helper functions for converting DER to PEM format (#283) @dennisyakovlev
• New docs for signing tokens (#316)

Bug fixes

• Fix build with OPENSSL_NO_DEPRECATED (#228) @janblome
• Fix as_date()'s std::bad_cast with decimal value (#240) @Prosperoh
• Do not embed nlohmann::json directly, use find_package / FetchContent (#250) @sjanel
• gcc-13 build (#287) @hlounent @vai-hanlo
• Replace deprecated wstring_convert (#290) @JonasBorchelt
• Corrected a few typos (#297) @criadoperez

Full Changelog: v0.6.0...v0.7.0

Refinement and fixes

Breaking Changes ⚠️

• Allow generic access to JWT header and payload (#251)
  • get_payload_claims() was replaced by get_payload_json()
• Removing extra exception aliases (#257)

Improvements

• Allow moving decoded_jwt (#225) @Ka0o0
• Add verify context trait template specialization (#229) @sirzooro
• Allow to retrieve list of claims (#231) @Ka0o0
• Use EVP_PKEY_up_ref if available (#238)
• Support for Base64url with case insensitive padding (#219)

Bug fixes

• Fix build with OPENSSL_NO_DEPRECATED (#228) @janblome
• Fix as_date()'s std::bad_cast with decimal value (#240) @Prosperoh
• Do not embed nlohmann::json directly, use find_package / FetchContent (#250) @sjanel

Full Changelog: v0.6.0...v0.7.0-rc.0

OpenSSL 3.0.0, WolfSSL, Hunter CMake, Boost.JSON, JWKs, ES256K

New Features

• Preliminary JWKs support by @tchinmai7 💟
• Implemented the "alg" ES256K
• Adds support for Hunter Package Manager.
• Add support for Boost.JSON (standalone C++17 variant)
• Add WolfSSL v5.0.0 support
• The example traits are now included in the JWT-CPP headers so everyone can use them.

Improvements

• jwt::verifier has been refactored to accept a more generic "verification operation". There are no API breaks.
• Support for OpenSSL 3.0.0 has been confirmed. 🤗 Thanks to @kleinmrk
• Adjustments to the RSA implementation by @akyidrian for wider compatibility
• Bump tested SSL options
• Adding clang-tidy, cmake-format, and ASAN tests
• Minimal key usage in RSA examples
• Simplify reading of EC keys by @kleinmrk 😻

Breaking Changes ⚠️

• jwt::picojson_traits became jwt::traits::kazuho_picojson #193

Improvements

• Removed all deprecated OpenSSL v3.0.0 API calls @kleinmrk

Bug Fixes

• Fixes to_lower that was actually doing a to_upper.
• Allow relative paths when install CMake for Hunter
• Fix shadow variables @XyFreak

Full Changelog: v0.5.1...v0.6.0

OpenSSL, Hunter CMake

New Features

• The example traits are now included in the JWT-CPP headers so everyone can use them.

Breaking Changes ⚠️

• jwt::picojson_traits became jwt::traits::kazuho_picojson #193

Improvements

• Removed all deprecated OpenSSL v3.0.0 API calls @kleinmrk

Bug Fixes

• Allow relative paths when install CMake for Hunter

Full Changelog: v0.6.0-rc.1...v0.6.0-rc.2

Boost.JSON, WolfSSL

New Features

• Add support for Boost.JSON (standalone C++17 variant)
• Add WolfSSL v5.0.0 support

Improvements

• Bump tested SSL options
• Adding clang-tidy, cmake-format, and ASAN tests
• Minimal key usage in RSA examples
• Simplify reading of EC keys by @kleinmrk 😻

Bug Fixes

• Fix shadow variables @XyFreak

Full Changelog: v0.6.0-rc.0...v0.6.0-rc.1

JWKs, ES256K, Hunter, OpenSSL 3.0.0

New Features

• Preliminary JWKs support by @tchinmai7 💟
• Implemented the "alg" ES256K
• Adds support for Hunter Package Manager.

Improvements

• jwt::verifier has been refactored to accept a more generic "verification operation". There are no API breaks.
• Support for OpenSSL 3.0.0 has been confirmed. 🤗 Thanks to @kleinmrk
• Adjustments to the RSA implementation by @akyidrian for wider compatibility

Bug Fixes

• Fixes to_lower that was actually doing a to_upper.

Full Changelog: v0.5.1...v0.6.0-rc.1

Corrected Warnings and Improved CMake installation

Removed Warnings

This release addresses a few minor (but irritating) warnings #134 #140

📦 CMake Scripts

Special thanks to @sweco-nlahoo 🤗 for helping correct the installed config file location and providing consumers to override the default locations with JWT_CMAKE_FILES_INSTALL_DIR.

Full Changelog: v0.5.0...v0.5.1

Generic JSON and more algorithms

⚠️ API breaks:

• decode_jwt now requires a template argument for traits
• builder now requires a template argument for traits
• builder.set_audience() takes array_type (previously was a set)
  • replace std::vector<std::string>{"*"} with std::vector<picojson::value>{ picojson::value("*") }

Generic basic_claim

Depending on your application needs you might choose one JSON library over another, there's a lot of great choices.

To freely choose whichever is best for your application define your own traits.

jwt::basic_claim<my_favorite_json_library_traits> claim(json::object({{"json", true},{"example", 0}}));

If you implement traits support for a library, please 🙏 submit a pull request to let us know!

EdDSA Support

Special thanks to @Sp3EdeR for their great work 🏆

With the additional algorithms, you can use the jwt::create() and jwt::verify() for handling your tokens

auto token = jwt::create().set_issuer("auth0").set_type("JWS").sign(
    jwt::algorithm::ed25519("", ed25519_priv_key, "", "")); // New algorithms have been added
// ...
auto decoded = jwt::decode(token);
jwt::verify().allow_algorithm(
    jwt::algorithm::ed25519(ed25519_pub_key, "", "", "")) // New algorithms have been added
   .verify(decoded);

Base64 DER encoded to PEM helper

Round of applause for @jbajwa for bringing more JOSE support to the library

When working with OAuth2 and OpenID, it's very common to obtain the public key for verifying tokens from JWK.
If the public key is exposed with the "x5c" you can use a helper to convert it to PEM which is consumed by the jwt::verifier

auto public_cert = jwt::helper::convert_base64_der_to_pem(x5c_base64_der, ec);
auto verify = jwt::verify().allow_algorithm(jwt::algorithm::rs256(public_cert, "", "", ""));

LibreSSL Support

Along with other freedom for JSON libraries there may be a motivating factor for your crypto needs, there for we have expanded support to include LibreSSL.

This can be configured through CMake

cmake .. -DJWT_SSL_LIBRARY:STRING="LibreSSL"

If you prefer the header only approach, make sure to define LIBRESSL_VERSION_NUMBER before including jwt.h

#include <tls.h>
#include "jwt-cpp/jwt.h"

📓 If you have both OpenSSL and LibreSSL installed, they may be in conflict which can produce compile or runtime errors

---

Numerous other contributions were submitted by @Zxey @sdmg15 @aboseley @mbaykara 👏 Thank you!

Full Changelog: v0.5.0-rc.0...v0.5.0

Release Candidate for flexible JSON support and error codes

This RC features the introduction of jwt::basic_claim which is template around a traits object providing the implementation details for using the JSON library of your choosing. 🎉

For performance sensitive code, among other reasons, there is now the introduction of std::error_code support

auto verify = jwt::verify({}).allow_algorithm(jwt::algorithm::hs256{ "secret" });
std::error_code ec;
verify.verify(decoded_token, ec);
if(ec) {
   // handle failures
}

Special thanks to @faustocarva @matze @Sp3EdeR for their contribution helping make this RC possible ❤️

Full Changelog: v0.4.0...v0.5.0-rc.0

Bugfixes and new build system

• Various bugfixes
• Change build system to cmake
• Clean up directory structure
• Add Travis CI script
• Make some internal helpers available to apps
• Clean up noexcept and const correctnes