v1.1.0

• Support for Reading PEM in PKCS8 unencrypted format.
• Support custom claims of type number array in JWT payload.
• More alternative interpretations of claims (like comma separated string for aud interpreted as array)
• Support for parsing Strings in the different Readers.
• Convert 'Java Objects' to JsonValue instances and vice versa.
• The exp, iat, and nbf claims can be set as LocalDateTime value using the JWTClaimsSet.Builder
• Support for setting 'crit' header values that are handled by application (understood by JWSVerifier implementations). Possibility to pass on these header clams to DefaultJWSVerifierFactory ad JWTDecoder.
• New method within the builder to define the expiration time as a duration from current time. Builder.expirationTime(Duration).
• Identify the SecretKey through the class KeyFamilyUtil.
• The reason for a Failed JWT token verification (signature, verifier, ...) can be found within MDC of SLF4J with key JWTValidationConstant.JWT_VERIFICATION_FAIL_REASON.
• Possibility to recreate the SecureRandom or developer can provide (implement the interface SecureRandomProvider) the instance that is retrieved by JCASupportConfiguration.getSecureRandom.
• Do not allow un-encoded payload for JWT ( https://datatracker.ietf.org/doc/html/rfc7797#section-7 [RFC-7797, Section 7])
• Define constants for Spec based values; see HeaderParameterNames, JWKIdentifiers, and JWTClaimNames (defined as PublicAPI)
• Support for the flattened JWS JSON Serialization syntax (besides the compact String serialisation).
  Added method to JWTEncoder and JWTDecoder to support this.
• Validations on Signatures using EC Curves to capture the CVE-2022-21449 (https://nvd.nist.gov/vuln/detail/cve-2022-21449)
• Important changes / new features from Nimbus Jose library (since JWT Support classes are based on the Nimbus Jose classes)
  • Limit size of parsed headers (plain, JWS, ...) to 20 000 characters. (JWTDecoder throws an InvalidJWTException)
  • Support for RSA-OAEP-384 and RSA-OAEP-512.
  • EC Curve P-256K renamed to SECP256K1
  • X509CertChainUtils.parse method for File (and String)
  • X509CertChainUtils.store method to add certificates to Java KeyStore.
  • b64 header parameter is now supported (no longer use header.parameter to specify this value)
  • Improved detection of missing values
  • Updates KeyUse.from(X509Certificate) to return null when the certificate public key use doesn't map to a single JWK use value.

v1.0.0

• RemoteKeyManager

• Support for Reading and Writing OCT JWK.

• Support OCT keys in various places

• PlainJWT support by JWTEncode and JWTDecoder.

• Support for storing EC Key in KeyStore format

• Support for reading public key from certificate of KeyStore format.

• Updated BouncyCastle to the latest version.

• Various small fixes and updates.

• Configuration of SecureRandom (JVM default or BouncyCastle defined one)

v0.9.1

• Improve usability KeyManager.
• Support for creating JWE (Encrypted JWT from Java Object and vice versa)
• Writing and Reading EC keys in JWK format.
• Support for AtbashKey by JWTEncoder and JWTDecoder.
• Support for jku header (JSON Key URL)
• discriminator object for SelectorCriteria

Breaking changes

. KeyManager.retrieveKeys has now SelectorCriteria as parameter.
. KeyUse references are removed leading to some removal of methods, constructors or changed number of parameters.

v0.9.0

• Support for reading and writing multiple formats (PEM, KeyStore, JWK and JWKSet)
• Concept of KeySelector and KeyManager (with SPI)
• Generating Cryptographic keys.
• Key for HMAC uses now standards (SecretKey and OCT JWK)

v0.5.0

First draft converting Java instances to /from JWT.