Swiftpack.co - Package - vapor/jwt

JWTKit

Documentation Team Chat MIT License Continuous Integration Swift 5.2


Original author

Github

link
Stars: 262

Dependencies

Releases

JWT 4.0.0 - 2020-07-30 21:34:22

This patch was authored and released by @tanner0101.

Docs: https://docs.vapor.codes/4.0/jwt/

More information on Vapor 4 official release: https://forums.swift.org/t/vapor-4-official-release-begins/34802

Make JWT helpers extendable - 2020-07-30 16:36:19

This patch was authored and released by @tanner0101.

This change publicizes internal properties on JWT helpers to make them more easily extendable (#131, fixes #125).

// Custom extension
extension Request.JWT {
    // Methods now have access to the request
    func myVerifier() {
        print(self._request) // Current request
    }
}

// Usage
req.jwt.myVerifier()

The property names have been prefixed with _ to prevent autocomplete from suggesting things like:

req.jwt.request

⚠️ Note: Application.JWT and Request.JWT's initializers have been removed. These were redundant and can be declared much more concisely:

- Application.JWT(application: app)
+ app.jwt
- Request.JWT(request: req)
+ req.jwt

Add Microsoft JWT helpers - 2020-07-30 16:17:59

This patch was authored and released by @tanner0101.

Adds new helper methods for verifying Microsoft JWTs (#130, #121).

// Configure your Microsoft application identifier.
app.jwt.microsoft.applicationIdentifier = "..."

// Fetch and verify Microsoft identity token from Bearer header.
// Microsoft's JWKS is downloaded and cached automatically.
req.jwt.microsoft.verify().map { token in
    print(token) // MicrosoftIdentityToken
}

Added a public initializer to Request.JWT - 2020-05-24 23:05:54

This patch was authored and released by @grosch.

People couldn't make their own verifiers since request was internal.

Update to Vapor 4 GM - 2020-04-09 17:58:53

This patch was authored by @gwynne and released by @tanner0101.

Updated for final Vapor 4.0.0 release, with (improved) tests passing (#119).

Updates audience claim check for apple/google - 2020-03-17 02:54:57

This patch was authored by @grosch and released by @gwynne.

Updated based on the recent changes to JWT-Kit

Make HMAC signers thread safe - 2020-03-12 18:51:36

Makes HMAC JWT signers (hs256, hs384, hs512) thread safe (#117).

Release Candidate 1 - 2020-03-01 22:24:21

Upgrades to Swift 5.2.

Release candidates represent the final shift toward focusing on bug fixes and documentation. Breaking changes will only be accepted for critical issues. We expect a final release of this package shortly after Swift 5.2's release date.

Beta 3 - 2020-02-27 01:09:25

This patch was authored and released by @gwynne.
  • Update OS version requirement for compatibility with latest Vapor beta.
  • Major beta version bumped due to the OS version requirement being a breaking change. No changes have been made to JWT itself.

Adds JWT validation for Apple and Google - 2020-02-19 02:04:26

Allows for simple validation of Sign in with Apple or google. In your routes, you can now do this:

public func registerFromSignInWithApple(req: Request) throws -> EventLoopFuture<User> {
    req.jwt.apple
        .verify(applicationIdentifier: "com.whoever.myapp")
        .map { (token: AppleIdentityToken) in
            let uniqueUserID = token.subject.value

            // Create the user in the database

            return user
    }
}

Add JWKSCache helper for storing JWKS - 2020-02-14 19:55:14

Provides a way that servers can download JWKS files in response to HTTP requests such that only one request will ever be performing a download at a time. If the remote server provides caching headers this ensures the downloads are cached appropriately.

final class RouteController {
    let apple: JWKSCache

    init(app: Application) {
        apple = .init(keyURL: "https://appleid.apple.com/auth/keys", client: app.client)
    }

    func signIn(_ req: Request) throws -> EventLoopFuture<Void> {
        apple.keys(on: req).flatMap { jwks in
            guard let key = jwks.find(identifier: "AIDOPK1", type: .rsa) else {
                return req.eventLoop.makeFailedFuture(Abort(.internalServerError))
            }

            // Use the key here
        }
    }
}

JWT 4.0.0 Beta 2 - 2019-12-09 16:55:00

This package is now a Vapor + JWTKit integration.

import JWT
import Vapor

try app.jwt.signers.use(.es512(key: .generate()))

app.post("login") { req -> LoginResponse in
    let credentials = try req.content.decode(LoginCredentials.self)
    return try LoginResponse(
        token: req.jwt.sign(User(name: credentials.name))
    )
}

app.get("me") { req -> String in
    try req.jwt.verify(as: User.self).name
}

JWT 3.1.1 - 2019-10-24 15:41:28

  • Fixed warnings about public access modifier being redundant. (#108)

JWT 3.1.0 - 2019-10-23 14:48:44

  • Adds JWK signer support. (#106)
let json = """
{"kty":"RSA", ...}
"""
let signer = try JWTSigner.jwk(key: json)

4.0.0 Alpha 1.3 - 2019-10-07 22:08:53

  • Fixed an intermittent verification failure with ECDSA signed tokens. (#103, #104)

JWTKit 4.0.0 Alpha 1.2 - 2019-08-29 22:48:36

  • Fixed ECDSA signature encoding to follow spec. (#100, #102)

JWTKit 4.0.0 Alpha 1.1 - 2019-08-15 04:27:14

Fixed:

  • Added jwtkit_ namespace to OpenSSL shim methods to avoid clashes (#101)

JWTKit 4.0.0 Alpha 1 - 2019-06-13 22:24:52

More information on Vapor 4 alpha releases:

https://medium.com/@codevapor/vapor-4-alpha-1-releases-begin-94a4bc79dd9a

API Docs:

https://api.vapor.codes/jwt-kit/master/JWTKit/index.html

JWT 3.0.0 - 2018-08-14 19:48:34

JWT 3.0 is here 🎉 🔏 JSON Web Token signing and verification (HMAC, RSA)

Docs: https://docs.vapor.codes/3.0/jwt/getting-started/

API Docs: https://api.vapor.codes/jwt/latest/JWT

JWT 3.0.0 RC 2.1.2 - 2018-05-31 16:22:35

Fixed:

  • Fixed a potential security issue that made JWT verification vulnerable to timing attacks. JWT verification will now always check all bytes, even if it has already detected a miss.

JWT 3.0.0 RC 2.1 - 2018-03-25 23:12:28

Fixed:

  • Updated to latest crypto digest methods.

API Docs: https://api.vapor.codes/jwt/3.0.0-rc.2.1/JWT/

Milestone: 3.0.0-rc.2.1

JWT 3.0.0 RC 2 - 2018-03-21 22:32:06

New:

  • Vapor is now running on Swift NIO!

Milestone

JWT 3.0.0 RC 1 - 2018-02-28 03:39:14

New:

  • Added RS256, RS384, and RS512 signature support
import Crypto
import JWT

// create public and private key (only public required for verification)
let privateKey: Data = ...
let publicKey: Data = ...
let privateSigner = JWTSigner.rs256(key: .private2048(privateKey))
let publicSigner = JWTSigner.rs256(key: .public2048(publicKey))

// serialize jwt (requires private key)
let payload: TestPayload = ...
var jwt = JWT(payload: payload)
_ = try jwt.sign(using: publicSigner) // throws, can't sign w/ public signer
let data = try jwt.sign(using: privateSigner)

// parse jwt (public and private key work)
let parsed = try JWT<TestPayload>(from: data, verifiedUsing: publicSigner)
let parsed2 = try JWT<TestPayload>(from: data, verifiedUsing: privateSigner) // also works
print(parsed.payload)
print(parsed2.payload)

Milestone

JWT 3.0.0 Beta 1.1 - 2018-02-15 02:46:52

JWT 3.0.0 Beta 1 - 2018-02-12 17:29:10

JWT 2.3.0 - 2017-09-13 20:49:30

New:

  • Swift 4 support.

Milestone

JWT 2.2.1 - 2017-07-20 00:04:25

Fixed:

  • Publicize required KeyIDHeader initializer.

JWT 2.2.0 - 2017-07-19 23:55:20

New:

  • JWK support for RSA Keys
  • StringBacked is now public
  • Key ID header

Milestone

JWT 2.1.1 - 2017-06-05 15:52:33

Fixed:

  • Expose internal API to prevent compiler crash related to SR-2925.

Milestone

JWT 2.1 - 2017-05-25 13:43:49

New:

  • X509 certificate support.

Fixed:

  • Worked around Swift Foundation date bug.
  • Playgrounds file works again.