honeymoose
/
jjwt
mirror of https://github.com/jwtk/jjwt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • d41d5bda8a
         Merge a940383960 into 5812f63a76 Pieter Van Eeckhout 2024-09-11 19:28:15 +0000
  • a940383960
         Update ClaimsMutator.java Pieter Van Eeckhout 2024-09-11 21:28:12 +0200
  • 9cbbbe7335
         Merge branch 'master' into 235-Java8_time_formats Pieter Van Eeckhout 2024-09-05 08:15:33 +0200
  • 15e545d0eb
         Merge 14b26b277d into 5812f63a76 Micah Silverman 2024-07-27 07:21:31 -0400
  • 14b26b277d
         fix: pom.xml to reduce vulnerabilities snyk-fix-69bf47f58b79dec78bd03bc59829661e snyk-bot 2024-07-27 11:21:28 +0000
  • 8619fc625a
         Merge 1889d8b9bf into 5812f63a76 Brian Demers 2024-07-25 15:11:26 -0400
  • e389800bda
         Merge 4a76b69d59 into 5812f63a76 Pieter Van Eeckhout 2024-07-24 10:44:01 +0530
  • 1ba3bd9592
         Merge fbeb7adf61 into 5812f63a76 Benjamin Marwell 2024-07-18 18:10:43 +0000
  • fbeb7adf61 [#519] Add src/main/java9/module-info.java files and a simple IT. Benjamin Marwell 2022-04-19 22:04:44 +0200
  • 5812f63a76
         0.12.6 release (#951) master Les Hazlewood 2024-06-21 13:12:01 -0700
  • 5c07a6826d [maven-release-plugin] prepare for next development iteration Les Hazlewood 2024-06-21 12:46:15 -0700
  • 0df975627c [maven-release-plugin] prepare release 0.12.6 0.12.6 Les Hazlewood 2024-06-21 12:46:13 -0700
  • aacdfdc32f - Updated README.adoc `:project-version:` to be `0.12.6`. - Updated CHANGELOG.md change notes to link to the BC upgrade PR. Les Hazlewood 2024-06-21 11:52:11 -0700
  • d14f27b624
         Bump org.bouncycastle:bcprov-jdk18on from 1.76 to 1.78 (#941) dependabot[bot] 2024-06-17 12:51:20 -0700
  • d249a166bf Upgrade BouncyCastle to 1.78 Les Hazlewood 2024-06-17 12:39:40 -0700
  • 8f39babc54 Merge remote-tracking branch 'origin/master' into dependabot/maven/org.bouncycastle-bcprov-jdk18on-1.78 Les Hazlewood 2024-06-17 12:37:24 -0700
  • 0c2d96c2d0
         Fixes #949 (#950) Les Hazlewood 2024-06-17 12:25:09 -0700
  • e24cae07ae Fixes #949 Les Hazlewood 2024-06-17 12:13:25 -0700
  • ecf0f152c1 Fixes #949 Les Hazlewood 2024-06-17 12:08:34 -0700
  • 533ce4078e Fixes #949 Les Hazlewood 2024-06-16 16:09:29 -0700
  • 39249dcf82 Merge branch 'master' into issue-949 Les Hazlewood 2024-06-16 16:08:00 -0700
  • a7de55435b
         Fixes #947 (#948) Les Hazlewood 2024-06-16 16:05:45 -0700
  • df14b55a6f Fixes #949 Les Hazlewood 2024-06-16 16:00:14 -0700
  • 578c369641 Fixes #947 Les Hazlewood 2024-06-16 13:01:48 -0700
  • 9039b47b4f
         Add upper bound to JCL exclusion rule Brian Demers 2024-05-29 14:41:07 -0400
  • 754324879d
         Bump org.bouncycastle:bcpkix-jdk18on from 1.76 to 1.78 (#943) dependabot[bot] 2024-05-15 11:03:42 -0700
  • 7bc29352e6
         Bump org.bouncycastle:bcpkix-jdk18on from 1.76 to 1.78 dependabot[bot] 2024-05-14 22:19:17 +0000
  • 5bcf2de6f8
         Bump org.bouncycastle:bcprov-jdk18on from 1.76 to 1.78 dependabot[bot] 2024-05-03 20:35:49 +0000
  • 3489fdb19b
         JWE arbitrary content compression (#937) Mikko Nylén 2024-04-25 05:52:25 +0300
  • 6d88e342b6 Fix name for JWE payload Mikko Nylén 2024-04-25 05:41:29 +0300
  • 9e94665324 Preserve the content name Mikko Nylén 2024-04-24 09:24:35 +0300
  • 22b946fafc Refactor duplicate payload -> input stream logic from sign()/encrypt() Mikko Nylén 2024-04-23 05:04:19 +0300
  • 23d9a33ff6
         Allow using GenericSecret for HmacSHA* (#935) Mikko Nylén 2024-04-22 22:49:06 +0300
  • c83fbe9f41 Fix compression being omitted for JWEs with arbitrary content Mikko Nylén 2024-04-22 08:16:20 +0300
  • 1fa8ccbda9 Review fixes Mikko Nylén 2024-04-22 04:54:03 +0300
  • eb703c3abb Allow using GenericSecret for HmacSHA* Mikko Nylén 2024-04-16 07:14:57 +0300
  • c673b76ef5
         Update SECURITY.md Les Hazlewood 2024-04-02 19:23:24 -0400
  • 59196a7375
         Merge remote-tracking branch 'origin/master' into 235-Java8_time_formats pveeckhout 2024-02-17 00:55:43 +0100
  • 4a76b69d59
         Merge remote-tracking branch 'origin/master' into 60-convenience_expiration_setter_which_takes_a_duration pveeckhout 2024-02-17 00:46:53 +0100
  • bb46c633ee DEVE-142: fix jdk version Johan Roets 2024-02-14 11:52:34 +0200
  • e2e82ec181 DEVE-142: Create patched jjwt impl that allows 1024 keys Johan Roets 2024-02-13 19:59:43 +0200
  • 82562ed37f
         Move common GH Actions setup to seperate file Brian Demers 2024-02-07 18:07:38 -0500
  • 1889d8b9bf
         Updating build to be reproducible repro-jwe Brian Demers 2024-02-07 17:40:38 -0500
  • 26948610fb
         Use Acsiidoc as README format (#777) Brian Demers 2024-02-06 14:51:33 -0500
  • fb0747805b
         Fix README.adoc formatting Brian Demers 2024-02-05 20:48:06 -0500
  • 075df645ae
         Update Admonition caption in README.adoc Brian Demers 2024-02-05 17:36:11 -0500
  • 41c86e6132
         fixing note format Brian Demers 2024-02-02 19:37:28 -0600
  • 7361df512d
         fixing superscript formatting Brian Demers 2024-02-02 19:36:18 -0600
  • 5051eb3879
         fixing superscript formatting Brian Demers 2024-02-02 19:34:49 -0600
  • b5a22826c2
         minor formatting tweaks Brian Demers 2024-02-02 19:32:42 -0600
  • ec501a369c
         Replace custom formatting with adoc admonitions Brian Demers 2024-02-02 19:28:14 -0600
  • 6b2d45b820
         README formatting fix Brian Demers 2024-02-02 19:18:25 -0600
  • 00e587d061
         Using macro for README table subscript Brian Demers 2024-02-02 19:16:29 -0600
  • bf0d9ba379
         Add version variable to adoc README and styling Brian Demers 2024-02-02 18:56:04 -0600
  • 1dddd8d4c7
         Formatting README in asciidoc Brian Demers 2024-02-02 18:54:21 -0600
  • efffa86b8d
         Released 0.12.5 (#918) Les Hazlewood 2024-01-31 18:52:53 -0800
  • 2d77eb2c49 [maven-release-plugin] prepare for next development iteration Les Hazlewood 2024-01-31 18:41:49 -0800
  • 2399e2fdc5 [maven-release-plugin] prepare release 0.12.5 0.12.5 Les Hazlewood 2024-01-31 18:41:45 -0800
  • 8d3de65835 Preparing for 0.12.5 release Les Hazlewood 2024-01-31 18:32:47 -0800
  • a0a123e848
         PR #917 lhazlewood 2024-01-31 17:48:38 -0800
  • 5acdc49e29 * Ensured `NestedCollection`s do not need their `.and()` method called to apply collection changes. Instead, changes are applied immediately as they occur (via `.add`, `.remove`, etc), and `.and()` is now purely for returning to the parent builder if necessary/desired. * Updated associated JavaDoc with code examples to make the `.and()` method's purpose a little clearer. * Updated CHANGELOG.md Les Hazlewood 2024-01-30 18:08:03 -0800
  • afcd889832
         0.12.4 staging (#913) lhazlewood 2024-01-28 16:52:21 -0800
  • 06fe85a685 [maven-release-plugin] prepare for next development iteration Les Hazlewood 2024-01-28 16:28:07 -0800
  • bf4168cdce [maven-release-plugin] prepare release 0.12.4 0.12.4 Les Hazlewood 2024-01-28 16:28:04 -0800
  • 5c6dec061f - Adding 0.12.4 release version references - Adding CI 'workflow_dispatch' event trigger - Changed git url from ssh to https Les Hazlewood 2024-01-28 15:13:27 -0800
  • dd10b12b53
         Added JWK Set documentation to README.mdJwkset doc (#912) lhazlewood 2024-01-28 14:49:01 -0800
  • b52561c65e Minor typo fix Les Hazlewood 2024-01-28 14:37:27 -0800
  • ae40ebce8c Added JWK Set documentation to README.md Les Hazlewood 2024-01-28 14:36:21 -0800
  • 6335381c97
         PBES2 decryption maximum iterations (#911) lhazlewood 2024-01-28 13:17:53 -0800
  • 34b8c3cb68 Ensured there is an upper bound (maximum) iterations enforced for PBES2 decryption to help mitigate potential DoS attacks. Many thanks to Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab for their work on this! Les Hazlewood 2024-01-28 12:56:26 -0800
  • f1b919a073 Ensured there is an upper bound (maximum) iterations enforced for PBES2 decryption to help mitigate potential DoS attacks. Many thanks to Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab for their work on this! Les Hazlewood 2024-01-28 12:54:08 -0800
  • 2884eb7952
         - Updating to GitHub latest actions/checkout and actions/setup-java script versions (#910) lhazlewood 2024-01-27 20:06:20 -0800
  • db4fdca0eb - Updating to GitHub latest actions/checkout and actions/setup-java script versions Les Hazlewood 2024-01-27 20:00:12 -0800
  • 628bd6f4e8 Secret JWK `k` values larger than HMAC-SHA minimums (#909) lhazlewood 2024-01-27 19:54:40 -0800
  • 6ac5cc751b - Ensured Secret JWK 'k' byte arrays for HMAC-SHA algorithms can be larger than the identified HS* algorithm. This is allowed per https://datatracker.ietf.org/doc/html/rfc7518#section-3.2: "A key of the same size as the hash output ... _or larger_ MUST be used with this algorithm" - Ensured that, when using the JwkBuilder, Secret JWK 'alg' values would automatically be set to 'HS256', 'HS384', or 'HS512' if the specified Java SecretKey algorithm name equals a JCA standard name (HmacSHA256, HmacSHA384, etc) or JCA standard HMAC-SHA OID. - Updated CHANGELOG.md accordingly. Les Hazlewood 2024-01-27 19:40:57 -0800
  • d9c030e474 - Ensured Secret JWK 'k' byte arrays for HMAC-SHA algorithms can be larger than the identified HS* algorithm. This is allowed per https://datatracker.ietf.org/doc/html/rfc7518#section-3.2: "A key of the same size as the hash output ... _or larger_ MUST be used with this algorithm" - Ensured that, when using the JwkBuilder, Secret JWK 'alg' values would automatically be set to 'HS256', 'HS384', or 'HS512' if the specified Java SecretKey algorithm name equals a JCA standard name (HmacSHA256, HmacSHA384, etc) or JCA standard HMAC-SHA OID. Les Hazlewood 2024-01-27 19:25:07 -0800
  • b12dabf100
         Fix small typos (#908) Renato Lochetti 2024-01-27 16:45:09 -0300
  • f6116bbdec
         Fix small typos Renato Lochetti 2024-01-27 18:23:05 +0000
  • 26f5dc3dbb
         Updating changelog with more information/clarity for the 0.12.4 release (#907) lhazlewood 2024-01-26 21:23:18 -0800
  • 25851e0688 Updating changelog with more information/clarity for the 0.12.4 release Les Hazlewood 2024-01-26 19:09:54 -0800
  • f61cfa875d
         Test case change to reflect accurate assertion for Elliptic Curve 'd' values against the curve order (not the field size) per https://datatracker.ietf.org/doc/html/rfc7518#section-6.2.2.1 (#906) lhazlewood 2024-01-26 17:54:51 -0800
  • 50dd1177ff Test case change to reflect accurate assertion for Elliptic Curve 'd' values against the curve order (not the field size) per https://datatracker.ietf.org/doc/html/rfc7518#section-6.2.2.1 Les Hazlewood 2024-01-26 17:48:39 -0800
  • fd619e0a42
         disable FAIL_ON_UNKNOWN_PROPERTIES deserialization feature of Jackson by default (#896) Ahmad Amiri 2024-01-27 03:42:34 +0330
  • 503a95b82e disable FAIL_ON_UNKNOWN_PROPERTIES deserialization feature of Jackson by default amiriahmad72 2024-01-26 17:08:15 +0330
  • 07631914c3
         NIST Elliptic Curve JWKs: field element byte array padding (#903) lhazlewood 2024-01-25 21:31:36 -0800
  • 20ca08b54f Updated CHANGELOG.md Les Hazlewood 2024-01-25 21:22:18 -0800
  • 219c467e02 Updated CHANGELOG.md Les Hazlewood 2024-01-25 21:21:12 -0800
  • c20d49c1c5 Ensured NIST Elliptic Curve JWKs pre-pad their X, Y and D byte arrays with zero bytes before Base64URL-encoding if necessary per length requirements defined in: - https://datatracker.ietf.org/doc/html/rfc7518#section-6.2.1.2 - https://datatracker.ietf.org/doc/html/rfc7518#section-6.2.1.3 - https://datatracker.ietf.org/doc/html/rfc7518#section-6.2.2.1 Les Hazlewood 2024-01-25 21:00:45 -0800
  • 3e8f8a84f5
         Fix broken links in "Learn more" section (#898) Philzen 2024-01-23 21:47:28 +0100
  • 87ea8cfddf
         Fix broken links in "Learn more" section Philzen 2024-01-20 00:14:17 +0100
  • 86e06559bc
         - Ensures that Jackson duplicate property detection/rejection is enabled by default. (#895) lhazlewood 2024-01-17 16:45:30 -0800
  • d16e6be510 - Ensures that Jackson duplicate property detection/rejection is enabled by default. Les Hazlewood 2024-01-17 16:38:36 -0800
  • 3c441f661c
         Merge 761488a58b into d878404434 Ahmad Amiri 2024-01-17 23:19:20 +0000
  • 761488a58b disable FAIL_ON_UNKNOWN_PROPERTIES deserialization feature of Jackson by default amiriahmad72 2024-01-18 02:39:20 +0330
  • d878404434
         Thread-safe ServiceLoader usage lhazlewood 2024-01-17 13:35:20 -0800
  • dc2cdd9045 Blend of pre-0.11.0 behavior that cached implementation instances and post-0.11.0 behavior using the JDK ServiceLoader to find/create instances of an SPI interface. This change: Les Hazlewood 2024-01-16 18:36:09 -0800
  • 406f2f39df
         Ensured a single string `aud` (Audience) claim would be retained (without converting it to a `Set`) when copying/applying a source Claims instance to a destination Claims builder. Updated CHANGELOG.md accordingly. (#891) lhazlewood 2024-01-11 13:34:34 -0800
  • b040154790 Ensured a single string `aud` (Audience) claim would be retained (without converting it to a `Set`) when copying/applying a source Claims instance to a destination Claims builder. Updated CHANGELOG.md accordingly. Les Hazlewood 2024-01-11 13:25:07 -0800
  • a6a79508b0
         #60 Fix typo in JwtBuilder comments pveeckhout 2024-01-10 09:06:59 +0100
  • 5a4992b91a
         Merge remote-tracking branch 'origin/60-convenience_expiration_setter_which_takes_a_duration' into 60-convenience_expiration_setter_which_takes_a_duration pveeckhout 2024-01-10 09:02:56 +0100