Changelog

6.10.0 (2023-11-28)

Features

allow typ header override (#546) (79cb30b)

6.9.0 (2023-10-04)

Features

add payload to jwt exception (#521) (175edf9)

6.8.1 (2023-07-14)

Bug Fixes

accept float claims but round down to ignore them (#492) (3936842)
different BeforeValidException messages for nbf and iat (#526) (0a53cf2)

6.8.0 (2023-06-14)

Features

add support for P-384 curve (#515) (5de4323)

Bug Fixes

handle invalid http responses (#508) (91c39c7)

6.7.0 (2023-06-14)

Features

add ed25519 support to JWK (public keys) (#452) (e53979a)

6.6.0 (2023-06-13)

Features

allow get headers when decoding token (#442) (fb85f47)

Bug Fixes

only check iat if nbf is not used (#493) (398ccd2)

6.5.0 (2023-05-12)

Bug Fixes

allow KID of '0' (#505) (9dc46a9)

Miscellaneous Chores

drop support for PHP 7.3 (#495)

6.4.0 (2023-02-08)

Features

add support for W3C ES256K (#462) (213924f)
improve caching by only decoding jwks when necessary (#486) (78d3ed1)

6.3.2 (2022-11-01)

Bug Fixes

check kid before using as array index (bad1b04)

6.3.1 (2022-11-01)

Bug Fixes

casing of GET for PSR compat (#451) (60b52b7)
string interpolation format for php 8.2 (#446) (2e07d8a)

6.3.0 / 2022-07-15

Added ES256 support to JWK parsing (#399)
Fixed potential caching error in CachedKeySet by caching jwks as strings (#435)

6.2.0 / 2022-05-14

Added CachedKeySet (#397)
Added $defaultAlg parameter to JWT::parseKey and JWT::parseKeySet (#426).

6.1.0 / 2022-03-23

Drop support for PHP 5.3, 5.4, 5.5, 5.6, and 7.0
Add parameter typing and return types where possible

6.0.0 / 2022-01-24

Backwards-Compatibility Breaking Changes: See the Release Notes for more information.
New Key object to prevent key/algorithm type confusion (#365)
Add JWK support (#273)
Add ES256 support (#256)
Add ES384 support (#324)
Add Ed25519 support (#343)

5.0.0 / 2017-06-26

Support RS384 and RS512. See #117. Thanks @joostfaassen!
Add an example for RS256 openssl. See #125. Thanks @akeeman!
Detect invalid Base64 encoding in signature. See #162. Thanks @psignoret!
Update JWT::verify to handle OpenSSL errors. See #159. Thanks @bshaffer!
Add array type hinting to decode method See #101. Thanks @hywak!
Add all JSON error types. See #110. Thanks @gbalduzzi!
Bugfix 'kid' not in given key list. See #129. Thanks @stampycode!
Miscellaneous cleanup, documentation and test fixes. See #107, #115, #160, #161, and #165. Thanks @akeeman, @chinedufn, and @bshaffer!

4.0.0 / 2016-07-17

Add support for late static binding. See #88 for details. Thanks to @chappy84!
Use static $timestamp instead of time() to improve unit testing. See #93 for details. Thanks to @josephmcdermott!
Fixes to exceptions classes. See #81 for details. Thanks to @Maks3w!
Fixes to PHPDoc. See #76 for details. Thanks to @akeeman!

3.0.0 / 2015-07-22

Minimum PHP version updated from 5.2.0 to 5.3.0.
Add \Firebase\JWT namespace. See #59 for details. Thanks to @Dashron!
Require a non-empty key to decode and verify a JWT. See #60 for details. Thanks to @sjones608!
Cleaner documentation blocks in the code. See #62 for details. Thanks to @johanderuijter!

2.2.0 / 2015-06-22

Add support for adding custom, optional JWT headers to JWT::encode(). See #53 for details. Thanks to @mcocaro!

2.1.0 / 2015-05-20

Add support for adding a leeway to JWT:decode() that accounts for clock skew between signing and verifying entities. Thanks to @lcabral!
Add support for passing an object implementing the ArrayAccess interface for $keys argument in JWT::decode(). Thanks to @aztech-dev!

2.0.0 / 2015-04-01

Note: It is strongly recommended that you update to > v2.0.0 to address known security vulnerabilities in prior versions when both symmetric and asymmetric keys are used together.
Update signature for JWT::decode(...) to require an array of supported algorithms to use when verifying token signatures.