5.1.0

• Added access to the JWT header in the JWT object.

5.0.0

Correct JWT header to be a String, Object map to support embedded JWK. This is a potentially a breaking change.

• Resolves #38
  Thanks to @tommed for opening the issue.

4.3.1

Modify JSONWebKeySetResponse to be public in support of JPMS.

• Resolves #36
• Thanks to @XakepSDK for raising the issue.

4.3.0

• Take PublicKey instead of RSAPublicKey or ECPublicKey on verifier methods and then validate the key to ensure the correct type.

• Support taking a PrivateKey object when building a signer in addition to a PEM.

  Resolves #35
  Thanks to @tommed for the request.

4.2.2

Bump optional dep bc-fips to 1.0.2.1 (1.0.2+P1)

4.2.0

• Upgraded Jackson Core to 2.12.2.
• Added additional methods for JSONWebKeySetHelper to modify the HTTP connection allowing you to modify timeout values.
• Resolves #31
  Thanks to @alienintheheights for the suggestion.
• Increased default timeouts in AbstractHttpHelper

4.1.0

• Upgraded Jackson Core to 2.12.1. This upgrade addresses CVE-2020-14060, CVE-2020-14061, CVE-2020-14062, CVE-2020-14195 and CVE-2020-24616 and CVE-2020-24750.

  See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14060
  See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14061
  See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14062
  See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14195
  See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24616
  See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24750

  Resolves #29
  Thanks to @rvillane for opening the issue.

• Initial support for OAuth2 Authorization Server Metadata.

  Resolves #23
  Thanks to @jamietanna for his contribution.

4.0.1

Changes in 4.0.1

• Added ability to provide your own HttpURLConnection to the JSONWebKeySetHelper helper methods.

  Thanks to @rsatrio for the PR. #27

4.0.0

Changes in 4.0.0

• Change the JWT header type from a enum to a string to support other JWT types. This is a breaking
  change so the major version has been incremented to version 4.0.0.

  Thanks to @rsatrio for the PR. See #26

3.6.0

Changes in 3.6.0

• Add the x5c to the JSON Web Key Builder
• When provided, use the x5c JSON Web Key property to verify the public key modulus and exponent.
• Improve KeyUtils.getKeyLength to report the correct key length for some EC keys.
• Add support for clock skew in the JWT Decoder. See JWTDecoder.withClockSkew.
• Add TimeMachineJWTDecoder to support adjusting 'now' which may be helpful in tests to verify old JWTs.