Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: auth0/node-jsonwebtoken
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v7.3.0
Choose a base ref
...
head repository: auth0/node-jsonwebtoken
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v7.4.0
Choose a head ref
  • 6 commits
  • 6 files changed
  • 4 contributors

Commits on Feb 20, 2017

  1. Update changelog

    @ziluvatar
    ziluvatar committed Feb 20, 2017
    Copy the full SHA
    636fbd0 View commit details

Commits on Mar 8, 2017

  1. Make Options object optional for callback-ish sign

    @ziluvatar
    ziluvatar committed Mar 8, 2017
    Copy the full SHA
    e202c4f View commit details

Commits on Mar 9, 2017

  1. Merge pull request #320 from ziluvatar/make-options-optional-on-async… 

    …-call

Make Options object optional for callback-ish sign
    @jfromaniello
    jfromaniello authored Mar 9, 2017
    Copy the full SHA
    2ec4960 View commit details

Commits on Mar 21, 2017

  1. Add docs about numeric date fields

    @ziluvatar
    ziluvatar committed Mar 21, 2017
    Copy the full SHA
    659f731 View commit details

Commits on Mar 22, 2017

  1. Merge pull request #328 from ziluvatar/npb-exp-iat-docs-numeric-date 

    Add docs about numeric date fields.
    @fiddur
    fiddur authored Mar 22, 2017

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    07a47a3 View commit details

Commits on Apr 24, 2017

  1. 7.4.0

    @ziluvatar
    ziluvatar committed Apr 24, 2017
    Copy the full SHA
    b0e443c View commit details
Showing with 35 additions and 5 deletions.
  1. +9 −0 CHANGELOG.md
  2. +3 −1 README.md
  3. +1 −1 package.json
  4. +6 −1 sign.js
  5. +8 −1 test/async_sign.tests.js
  6. +8 −1 test/jwt.hs.tests.js
9 changes: 9 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -4,6 +4,15 @@
All notable changes to this project will be documented in this file starting from version **v4.0.0**.
This project adheres to [Semantic Versioning](http://semver.org/).

## 7.3.0 - 2017-02-13

- Add more information to `maxAge` option in README ([1b0592e99cc8def293eed177e2575fa7f1cf7aa5](https://github.com/auth0/node-jsonwebtoken/commit/1b0592e99cc8def293eed177e2575fa7f1cf7aa5))
- Add `clockTimestamp` option to `verify()` you can set the current time in seconds with it (#274) ([8fdc1504f4325e7003894ffea078da9cba5208d9](https://github.com/auth0/node-jsonwebtoken/commit/8fdc1504f4325e7003894ffea078da9cba5208d9))
- Fix handling non string tokens on `verify()` input (#305) ([1b6ec8d466504f58c5a6e2dae3360c828bad92fb](https://github.com/auth0/node-jsonwebtoken/commit/1b6ec8d466504f58c5a6e2dae3360c828bad92fb)), closes [#305](https://github.com/auth0/node-jsonwebtoken/issues/305)
- Fixed a simple typo in docs (#287) ([a54240384e24e18c00e75884295306db311d0cb7](https://github.com/auth0/node-jsonwebtoken/commit/a54240384e24e18c00e75884295306db311d0cb7)), closes [#287](https://github.com/auth0/node-jsonwebtoken/issues/287)
- Raise jws.decode error to avoid confusion with "invalid token" error (#294) ([7f68fe06c88d5c5653785bd66bc68c5b20e1bd8e](https://github.com/auth0/node-jsonwebtoken/commit/7f68fe06c88d5c5653785bd66bc68c5b20e1bd8e))
- rauchg/ms.js changed to zeit/ms (#303) ([35d84152a6b716d757cb5b1dd3c79fe3a1bc0628](https://github.com/auth0/node-jsonwebtoken/commit/35d84152a6b716d757cb5b1dd3c79fe3a1bc0628))

## 7.2.1 - 2016-12-07

- add nsp check to find vulnerabilities on npm test ([4219c34b5346811c07f520f10516cc495bcc70dd](https://github.com/auth0/node-jsonwebtoken/commit/4219c34b5346811c07f520f10516cc495bcc70dd))
4 changes: 3 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
@@ -15,7 +15,7 @@ $ npm install jsonwebtoken

# Usage

### jwt.sign(payload, secretOrPrivateKey, options, [callback])
### jwt.sign(payload, secretOrPrivateKey, [options, callback])

(Asynchronous) If a callback is supplied, callback is called with the `err` or the JWT.

@@ -42,6 +42,8 @@ If `payload` is not a buffer or a string, it will be coerced into a string using

There are no default values for `expiresIn`, `notBefore`, `audience`, `subject`, `issuer`. These claims can also be provided in the payload directly with `exp`, `nbf`, `aud`, `sub` and `iss` respectively, but you can't include in both places.

Remember that `exp`, `nbf` and `iat` are **NumericDate**, see related [Token Expiration (exp claim)](#token-expiration-exp-claim)


The header can be customized via the `option.header` object.

2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "jsonwebtoken",
"version": "7.3.0",
"version": "7.4.0",
"description": "JSON Web Token implementation (symmetric and asymmetric)",
"main": "index.js",
"scripts": {
7 changes: 6 additions & 1 deletion sign.js
View file
Original file line number Diff line number Diff line change
@@ -43,7 +43,12 @@ var options_for_objects = [
];

module.exports = function (payload, secretOrPrivateKey, options, callback) {
options = options || {};
if (typeof options === 'function') {
callback = options;
options = {};
} else {
options = options || {};
}

var isObjectPayload = typeof payload === 'object' &&
!Buffer.isBuffer(payload);
9 changes: 8 additions & 1 deletion test/async_sign.tests.js
View file
Original file line number Diff line number Diff line change
@@ -18,13 +18,20 @@ describe('signing a token asynchronously', function() {
});
});

it('should work', function (done) {
it('should work with empty options', function (done) {
jwt.sign({abc: 1}, "secret", {}, function (err, res) {
expect(err).to.be.null();
done();
});
});

it('should work without options object at all', function (done) {
jwt.sign({abc: 1}, "secret", function (err, res) {
expect(err).to.be.null();
done();
});
});

it('should return error when secret is not a cert for RS256', function(done) {
//this throw an error because the secret is not a cert and RS256 requires a cert.
jwt.sign({ foo: 'bar' }, secret, { algorithm: 'RS256' }, function (err) {
9 changes: 8 additions & 1 deletion test/jwt.hs.tests.js
View file
Original file line number Diff line number Diff line change
@@ -15,7 +15,7 @@ describe('HS256', function() {
expect(token.split('.')).to.have.length(3);
});

it('should without options', function(done) {
it('should be able to validate without options', function(done) {
var callback = function(err, decoded) {
assert.ok(decoded.foo);
assert.equal('bar', decoded.foo);
@@ -77,6 +77,13 @@ describe('HS256', function() {
done();
});
});

it('should default to HS256 algorithm when no options are passed', function() {
var token = jwt.sign({ foo: 'bar' }, secret);
var verifiedToken = jwt.verify(token, secret);
assert.ok(verifiedToken.foo);
assert.equal('bar', verifiedToken.foo);
});
});

describe('should fail verification gracefully with trailing space in the jwt', function() {