- [#84] (jwtk#84) Resolves
uuid
vulnerability.
- #77 Adds TypeScript type definitions.
- Removed support for older Node versions. Now requires Node 6+.
- Updated
nJwt.base64urlEncode()
to replace deprecatednew Buffer()
withBuffer.from()
- Added a key resolver interface, use
nJwt.createVerifier().withKeyResolver(function(kid, cb){ })
- Added
jwt.setClaim(claim, value)
andjwt.setHeader(param, value)
for setting body claims and header values in a chain-able way.
Added support for the nbf
, "not before", claim.
Fixed to support proper signing and verification of ECDSA signatures.
The JWTs that are returned by nJwt.verify()
and nJwt.parse()
will no longer
populate the iat
and jti
fields with default random values.
Fixed to prevent the jti
and iat
claims of the passed token from being
over-written with default random values during verification.
jwt.toString()
is now an alias for jwt.compact()
.
When parsing a JWT string, the header values of the JWT are now populated on the object that is returned.
The default exp
field is now set to a default expiration of 1 hour.
First release.