Releases: vapor/jwt-kit
Fix ECDSA signature size
Correctly serializes ECDSA signature R / S values according to elliptic curve.
Before this patch, the code assumes R / S values will be 32 bytes. This is true for P-256 and P-384 keys, but is not true for P-521 keys. P-521 keys result in 66 byte R / S values.
From https://tools.ietf.org/html/rfc7515#appendix-A.3:
Section on ES256
We need to split the 64 member octet sequence of the JWS Signature
Section on ES512
We need to split the 132-member octet sequence of the JWS Signature into two 66-octet sequences
Note that the curve name (i.e., P-521) is different than the JWT algorithm name (i.e., ES512). The 512 in ES512 refers to SHA512. Also note that P-521 != 512, that's not a typo.
In order to support the different key curves dynamically, the signer now gets the curve name from the key during signing and verification. This curve is used to determine how wide the R / S values should be.
Remove OpenSSL
BoolClaim handles strings
BoolClaim wasn't properly handling "true" and "false" as strings.
Apple/Google identity tokens
Adds commonly used AppleIdentityToken and GoogleIdentityToken structs. This includes code necessary to validate the apple/google provided identity data against their respective JWKS elements.
This patch also restructures the project a bit to move classes into their own files with hierarchical folders to make it easier to find the items you're looking for.
JWKS.find
Fix Payload Verification
JWT verification using JWTSigner and JWTSigners now correctly invokes JWTPayload's optional verify method. (#6)
JWTKit 4.0.0 Beta 2.1
- Replaced all
fatalErrors with Swift errors.
JWTKit 4.0.0 Beta 2
- Separated from vapor/jwt into new repo
- Removed
JWTtype and split functionality intoJWTSignerandJWTSigners - New internal
JWTParserandJWTSerializertypes to reduce code dupe