Breaking Changes ⚠️

• Update jsoncons trait to support v1 release by @dmazzella in #375

What's Changed

• Improve as_date narrowing conversion from C4244 warning by @ambiennt in #378
• update trait dependencies to support CMake v4 by @dmazzella in #379
• Fix linter error by @prince-chrismc in #381
• Update workflows for new GitHub Action Runner Images by @prince-chrismc in #382
• Support passing ssl library key handles to algorithms by @sandro97git in #369
• 👷 Update CMP0135 to new behaviour by @Thalhammer in #385
• Fix error in CMake config-file package by @eaaltonen in #387
• CMake: synchronize cmake_minimum_required from main CMakeLists.txt by @olifre in #398
• Reduce usage of std::time_t, std::chrono::system_clock::to_time_t and system_clock::from_time_t in order to get correct dates when working with a 32bit application by @MarchMore in #401
• Fix set_expires_in not accepting non-default Period by @bugdea1er in #402
• AppVeyor Warnings by @JurgenLB in #403

New Contributors

• @ambiennt made their first contribution in #378
• @dmazzella made their first contribution in #375
• @sandro97git made their first contribution in #369
• @eaaltonen made their first contribution in #387
• @olifre made their first contribution in #398
• @MarchMore made their first contribution in #401
• @JurgenLB made their first contribution in #403

Full Changelog: v0.7.1...v0.7.2

Improvements

• Remove duplicated key handlers by @prince-chrismc in #318 ⚠️ some exceptions no longer thrown with rsa_exception when using ecdsa algorithms
• Implemented JsonCPP Traits by @cjserio in #317
• Add helper for making RSA key from exponent and modulus by @prince-chrismc in #307
• Add set_expires_in and set_issued_now methods by @bugdea1er in #322
• Default constructor for jwks object by @justend29 in #346
• Add helper for making EC key from components by @tomhughes in #358
• Add testing with RSA keys encrypted with a passphrase by @prince-chrismc in #360
• Refactor base64 decoding to use a lookup table by @ItsAMeMarcel in #364

Bug Fixes

• Remove unused header by @ErwanLegrand in #329
• Fix compiler warning by @garethsb in #331
• Fix demo code in README.md by @Yurunsoft in #336
• Find nlohmann_json test dependency only when required by @justend29 in #342
• Fix build and tests for wolfSSL by @julek-wolfssl in #352
• Jsoncpp traits no longer uses deprecated Reader by @kiddigital in #357
• Update CMakeLists.txt by @dantti in #365
• Ensure array_type has front() method + fix array_type on jsoncpp by @omar-mohamed-khallaf in #361

Full Changelog: v0.7.0...v0.7.1

Breaking Changes ⚠️

Originally published in 0.7.0 Release Candidate 0

• Allow generic access to JWT header and payload (#251)
  • get_payload_claims() was replaced by get_payload_json()
• Removing extra exception aliases (#257)

Improvements

• Allow moving decoded_jwt (#225) @Ka0o0
• Add verify context trait template specialization (#229) @sirzooro
• Allow to retrieve list of claims (#231) @Ka0o0
• Use EVP_PKEY_up_ref if available (#238)
• Support for Base64url with case insensitive padding (#219)
• A NuGet package now exists (#262) @diogo-strube
• Helper functions for converting DER to PEM format (#283) @dennisyakovlev
• New docs for signing tokens (#316)

Bug fixes

• Fix build with OPENSSL_NO_DEPRECATED (#228) @janblome
• Fix as_date()'s std::bad_cast with decimal value (#240) @Prosperoh
• Do not embed nlohmann::json directly, use find_package / FetchContent (#250) @sjanel
• gcc-13 build (#287) @hlounent @vai-hanlo
• Replace deprecated wstring_convert (#290) @JonasBorchelt
• Corrected a few typos (#297) @criadoperez

Full Changelog: v0.6.0...v0.7.0

Breaking Changes ⚠️

• Allow generic access to JWT header and payload (#251)
  • get_payload_claims() was replaced by get_payload_json()
• Removing extra exception aliases (#257)

Improvements

• Allow moving decoded_jwt (#225) @Ka0o0
• Add verify context trait template specialization (#229) @sirzooro
• Allow to retrieve list of claims (#231) @Ka0o0
• Use EVP_PKEY_up_ref if available (#238)
• Support for Base64url with case insensitive padding (#219)

Bug fixes

• Fix build with OPENSSL_NO_DEPRECATED (#228) @janblome
• Fix as_date()'s std::bad_cast with decimal value (#240) @Prosperoh
• Do not embed nlohmann::json directly, use find_package / FetchContent (#250) @sjanel

Full Changelog: v0.6.0...v0.7.0-rc.0

New Features

• Preliminary JWKs support by @tchinmai7 💟
• Implemented the "alg" ES256K
• Adds support for Hunter Package Manager.
• Add support for Boost.JSON (standalone C++17 variant)
• Add WolfSSL v5.0.0 support
• The example traits are now included in the JWT-CPP headers so everyone can use them.

Improvements

• jwt::verifier has been refactored to accept a more generic "verification operation". There are no API breaks.
• Support for OpenSSL 3.0.0 has been confirmed. 🤗 Thanks to @kleinmrk
• Adjustments to the RSA implementation by @akyidrian for wider compatibility
• Bump tested SSL options
• Adding clang-tidy, cmake-format, and ASAN tests
• Minimal key usage in RSA examples
• Simplify reading of EC keys by @kleinmrk 😻

Breaking Changes ⚠️

• jwt::picojson_traits became jwt::traits::kazuho_picojson #193

Improvements

• Removed all deprecated OpenSSL v3.0.0 API calls @kleinmrk

Bug Fixes

• Fixes to_lower that was actually doing a to_upper.
• Allow relative paths when install CMake for Hunter
• Fix shadow variables @XyFreak

Full Changelog: v0.5.1...v0.6.0

New Features

• The example traits are now included in the JWT-CPP headers so everyone can use them.

Breaking Changes ⚠️

• jwt::picojson_traits became jwt::traits::kazuho_picojson #193

Improvements

• Removed all deprecated OpenSSL v3.0.0 API calls @kleinmrk

Bug Fixes

• Allow relative paths when install CMake for Hunter

Full Changelog: v0.6.0-rc.1...v0.6.0-rc.2

New Features

• Add support for Boost.JSON (standalone C++17 variant)
• Add WolfSSL v5.0.0 support

Improvements

• Bump tested SSL options
• Adding clang-tidy, cmake-format, and ASAN tests
• Minimal key usage in RSA examples
• Simplify reading of EC keys by @kleinmrk 😻

Bug Fixes

• Fix shadow variables @XyFreak

Full Changelog: v0.6.0-rc.0...v0.6.0-rc.1

New Features

• Preliminary JWKs support by @tchinmai7 💟
• Implemented the "alg" ES256K
• Adds support for Hunter Package Manager.

Improvements

• jwt::verifier has been refactored to accept a more generic "verification operation". There are no API breaks.
• Support for OpenSSL 3.0.0 has been confirmed. 🤗 Thanks to @kleinmrk
• Adjustments to the RSA implementation by @akyidrian for wider compatibility

Bug Fixes

• Fixes to_lower that was actually doing a to_upper.

Full Changelog: v0.5.1...v0.6.0-rc.1

Removed Warnings

This release addresses a few minor (but irritating) warnings #134 #140

📦 CMake Scripts

Special thanks to @sweco-nlahoo 🤗 for helping correct the installed config file location and providing consumers to override the default locations with JWT_CMAKE_FILES_INSTALL_DIR.

Full Changelog: v0.5.0...v0.5.1

⚠️ API breaks:

• decode_jwt now requires a template argument for traits
• builder now requires a template argument for traits
• builder.set_audience() takes array_type (previously was a set)
  • replace std::vector<std::string>{"*"} with std::vector<picojson::value>{ picojson::value("*") }

Generic basic_claim

Depending on your application needs you might choose one JSON library over another, there's a lot of great choices.

To freely choose whichever is best for your application define your own traits.

jwt::basic_claim<my_favorite_json_library_traits> claim(json::object({{"json", true},{"example", 0}}));

If you implement traits support for a library, please 🙏 submit a pull request to let us know!

EdDSA Support

Special thanks to @Sp3EdeR for their great work 🏆

With the additional algorithms, you can use the jwt::create() and jwt::verify() for handling your tokens

auto token = jwt::create().set_issuer("auth0").set_type("JWS").sign(
    jwt::algorithm::ed25519("", ed25519_priv_key, "", "")); // New algorithms have been added
// ...
auto decoded = jwt::decode(token);
jwt::verify().allow_algorithm(
    jwt::algorithm::ed25519(ed25519_pub_key, "", "", "")) // New algorithms have been added
   .verify(decoded);

Base64 DER encoded to PEM helper

Round of applause for @jbajwa for bringing more JOSE support to the library

When working with OAuth2 and OpenID, it's very common to obtain the public key for verifying tokens from JWK.
If the public key is exposed with the "x5c" you can use a helper to convert it to PEM which is consumed by the jwt::verifier

auto public_cert = jwt::helper::convert_base64_der_to_pem(x5c_base64_der, ec);
auto verify = jwt::verify().allow_algorithm(jwt::algorithm::rs256(public_cert, "", "", ""));

LibreSSL Support

Along with other freedom for JSON libraries there may be a motivating factor for your crypto needs, there for we have expanded support to include LibreSSL.

This can be configured through CMake

cmake .. -DJWT_SSL_LIBRARY:STRING="LibreSSL"

If you prefer the header only approach, make sure to define LIBRESSL_VERSION_NUMBER before including jwt.h

#include <tls.h>
#include "jwt-cpp/jwt.h"

📓 If you have both OpenSSL and LibreSSL installed, they may be in conflict which can produce compile or runtime errors

Numerous other contributions were submitted by @Zxey @sdmg15 @aboseley @mbaykara 👏 Thank you!

Full Changelog: v0.5.0-rc.0...v0.5.0