Allows for simple validation of Sign in with Apple or google. In your routes, you can now do this:

public func registerFromSignInWithApple(req: Request) throws -> EventLoopFuture<User> {
    req.jwt.apple
        .verify(applicationIdentifier: "com.whoever.myapp")
        .map { (token: AppleIdentityToken) in
            let uniqueUserID = token.subject.value

            // Create the user in the database

            return user
    }
}

Provides a way that servers can download JWKS files in response to HTTP requests such that only one request will ever be performing a download at a time. If the remote server provides caching headers this ensures the downloads are cached appropriately.

final class RouteController {
    let apple: JWKSCache

    init(app: Application) {
        apple = .init(keyURL: "https://appleid.apple.com/auth/keys", client: app.client)
    }

    func signIn(_ req: Request) throws -> EventLoopFuture<Void> {
        apple.keys(on: req).flatMap { jwks in
            guard let key = jwks.find(identifier: "AIDOPK1", type: .rsa) else {
                return req.eventLoop.makeFailedFuture(Abort(.internalServerError))
            }

            // Use the key here
        }
    }
}

This package is now a Vapor + JWTKit integration.

import JWT
import Vapor

try app.jwt.signers.use(.es512(key: .generate()))

app.post("login") { req -> LoginResponse in
    let credentials = try req.content.decode(LoginCredentials.self)
    return try LoginResponse(
        token: req.jwt.sign(User(name: credentials.name))
    )
}

app.get("me") { req -> String in
    try req.jwt.verify(as: User.self).name
}

• Fixed warnings about public access modifier being redundant. (#108)

• Adds JWK signer support. (#106)

let json = """
{"kty":"RSA", ...}
"""
let signer = try JWTSigner.jwk(key: json)

• Fixed an intermittent verification failure with ECDSA signed tokens. (#103, #104)

• Fixed ECDSA signature encoding to follow spec. (#100, #102)

Fixed:

• Added jwtkit_ namespace to OpenSSL shim methods to avoid clashes (#101)

More information on Vapor 4 alpha releases:

https://medium.com/@codevapor/vapor-4-alpha-1-releases-begin-94a4bc79dd9a

API Docs:

https://api.vapor.codes/jwt-kit/master/JWTKit/index.html

JWT 3.0 is here 🎉 🔏 JSON Web Token signing and verification (HMAC, RSA)

Docs: https://docs.vapor.codes/3.0/jwt/getting-started/

API Docs: https://api.vapor.codes/jwt/latest/JWT

Fixed:

• Fixed a potential security issue that made JWT verification vulnerable to timing attacks. JWT verification will now always check all bytes, even if it has already detected a miss.

Fixed:

• Updated to latest crypto digest methods.

API Docs: https://api.vapor.codes/jwt/3.0.0-rc.2.1/JWT/

Milestone: 3.0.0-rc.2.1

New:

• Vapor is now running on Swift NIO!

Milestone

New:

• Added RS256, RS384, and RS512 signature support

import Crypto
import JWT

// create public and private key (only public required for verification)
let privateKey: Data = ...
let publicKey: Data = ...
let privateSigner = JWTSigner.rs256(key: .private2048(privateKey))
let publicSigner = JWTSigner.rs256(key: .public2048(publicKey))

// serialize jwt (requires private key)
let payload: TestPayload = ...
var jwt = JWT(payload: payload)
_ = try jwt.sign(using: publicSigner) // throws, can't sign w/ public signer
let data = try jwt.sign(using: privateSigner)

// parse jwt (public and private key work)
let parsed = try JWT<TestPayload>(from: data, verifiedUsing: publicSigner)
let parsed2 = try JWT<TestPayload>(from: data, verifiedUsing: privateSigner) // also works
print(parsed.payload)
print(parsed2.payload)

Milestone

New:

• Swift 4 support.

Milestone

Fixed:

• Publicize required KeyIDHeader initializer.

New:

• JWK support for RSA Keys
• StringBacked is now public
• Key ID header

Milestone

Fixed:

• Expose internal API to prevent compiler crash related to SR-2925.

Milestone

New:

• X509 certificate support.

Fixed:

• Worked around Swift Foundation date bug.
• Playgrounds file works again.

Fixed:

• Better JWT signing error.

Milestone

🎉

JWT 2.0 seeks to improve and simplify the great features of JWT.

Fixed:

• Crashes on Linux with Swift 3.1 (#41 -> #44)

Upgrading is highly recommended for Linux deployments.

To upgrade, do one of the following:

• Use swift package update; or
• Use vapor update (Toolbox ≥ 1.0.9 required); or
• Perform a complete clean (including Package.pins if exists) and build/regenerate again.

New:

• Updated readme

Fixed:

• Removed different encoding options
• Use bytes in the JWT

https://github.com/vapor/jwt/pull/39

Fixed:

• signature validation errors when parsing tokens from external sources
• default settings not using the Base64url encoding (as defined by RFC 7519)

Pull requests:

• #38

Fixed:

• Base64URL encoding by default

New:

• Added .rawToken

Fixed:

• Different order in JSON serialization will no longer cause issues with signature verification

Fixed:

• makeBytes() update