3.1.2 (2020-11-24)

Fixes

• handle globalThis undefined in legacy browsers (b83c59b)

3.1.1 (2020-11-24)

Fixes

• global detection in a browser worker runtime (56ff8fa)

3.1.0 (2020-11-22)

Features

• added "KeyLike to JWK" module (7a8418e), closes #109
• allow compact verify/decrypt tokens to be uint8array encoded (e39c3db)
• allow http.Agent and https.Agent passed in remote JWK Set (38494a8)

3.0.2 (2020-11-15)

Fixes

• build: publish esm submodules (7b6364f), closes #104

3.0.1 (2020-11-15)

Fixes

• typescript: fix compiling by adding .d.ts files for runtime modules (d9cb573)

3.0.0 (2020-11-14)

⚠ BREAKING CHANGES

• Revised, Promise-based API
• No dependencies
• Browser support (using Web Cryptography API)
• Support for verification using a remote JWKS endpoint

Features

• Revised API, No dependencies, Browser Support, Promises (357fe0b)

2.0.3 (2020-10-29)

Fixes

• allow stubbing of the JWT.decode function (6c3b92f)

2.0.2 (2020-09-14)

Fixes

• esm: include esm files in the published package (1956746)

2.0.1 (2020-09-10)

Fixes

• allow plugins such as jose-chacha to work in newer node runtime (30f1dc2)

2.0.0 (2020-09-08)

⚠ BREAKING CHANGES

• the JWE.decrypt option algorithms was removed and replaced with contentEncryptionAlgorithms (handles enc allowlist) and keyManagementAlgorithms (handles alg allowlist)
• the JWT.verify profile option was removed, use e.g. JWT.IdToken.verify instead.
• removed the maxAuthAge JWT.verify option, this option is now only present at the specific JWT profile APIs where the auth_time property applies.
• removed the nonce JWT.verify option, this option is now only present at the specific JWT profile APIs where the nonce property applies.
• the acr, amr, nonce and azp claim value types will only be checked when verifying a specific JWT profile using its dedicated API.
• using the draft implementing APIs will emit a one-time warning per process using process.emitWarning
• JWT.sign function options no longer accept a nonce property. To create a JWT with a nonce just pass the value to the payload.
• due to added ESM module support Node.js version with ESM implementation bugs are no longer supported, this only affects early v13.x versions. The resulting Node.js semver range is >=10.13.0 < 13 || >=13.7.0
• deprecated method JWK.importKey was removed
• deprecated method JWKS.KeyStore.fromJWKS was removed
• the use of unregistered curve name P-256K for secp256k1 was removed
• jose.JWE.Encrypt constructor aad and unprotectedHeader arguments swapped places
• jose.JWE.encrypt.flattened header (unprotectedHeader) and aad arguments swapped places
• jose.JWE.encrypt.general header (unprotectedHeader) and aad arguments swapped places
• JWS.verify returned payloads are now always buffers
• JWS.verify options encoding and parse were removed

Features

• added support for ESM (ECMAScript modules) (1aa9035)
• decrypt allowlists for both key management and content encryption (30e5c46)

Fixes

• typescript: allow Buffer when verifying detached signature (cadbd04)
• typescript: properly type all decode/verify/decrypt fn options (4c23bd6)

Refactor

• encrypt APIs unprotectedHeader and aad arguments swapped (70bd4ae)
• move JWT profile specifics outside of generic JWT (fd69d7f)
• removed nonce option from JWT.sign (c4267cc)
• removed deprecated methods and utilities (6c35c51)
• removed payload parsing from JWS.verify (ba5c897)