Skip to content

Generic JSON and more algorithms
Compare
Choose a tag to compare
@prince-chrismc prince-chrismc released this 22 Feb 10:01
· 109 commits to master since this release
v0.5.0
b45bc99
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

⚠️ API breaks:

  • decode_jwt now requires a template argument for traits
  • builder now requires a template argument for traits
  • builder.set_audience() takes array_type (previously was a set)
    • replace std::vector<std::string>{"*"} with std::vector<picojson::value>{ picojson::value("*") }

Generic basic_claim

Depending on your application needs you might choose one JSON library over another, there's a lot of great choices.

To freely choose whichever is best for your application define your own traits.

jwt::basic_claim<my_favorite_json_library_traits> claim(json::object({{"json", true},{"example", 0}}));

If you implement traits support for a library, please 🙏 submit a pull request to let us know!

EdDSA Support

Special thanks to @Sp3EdeR for their great work 🏆

With the additional algorithms, you can use the jwt::create() and jwt::verify() for handling your tokens

auto token = jwt::create().set_issuer("auth0").set_type("JWS").sign(
    jwt::algorithm::ed25519("", ed25519_priv_key, "", "")); // New algorithms have been added
// ...
auto decoded = jwt::decode(token);
jwt::verify().allow_algorithm(
    jwt::algorithm::ed25519(ed25519_pub_key, "", "", "")) // New algorithms have been added
   .verify(decoded);

Base64 DER encoded to PEM helper

Round of applause for @jbajwa for bringing more JOSE support to the library

When working with OAuth2 and OpenID, it's very common to obtain the public key for verifying tokens from JWK.
If the public key is exposed with the "x5c" you can use a helper to convert it to PEM which is consumed by the jwt::verifier

auto public_cert = jwt::helper::convert_base64_der_to_pem(x5c_base64_der, ec);
auto verify = jwt::verify().allow_algorithm(jwt::algorithm::rs256(public_cert, "", "", ""));

LibreSSL Support

Along with other freedom for JSON libraries there may be a motivating factor for your crypto needs, there for we have expanded support to include LibreSSL.

This can be configured through CMake

cmake .. -DJWT_SSL_LIBRARY:STRING="LibreSSL"

If you prefer the header only approach, make sure to define LIBRESSL_VERSION_NUMBER before including jwt.h

#include <tls.h>
#include "jwt-cpp/jwt.h"

📓 If you have both OpenSSL and LibreSSL installed, they may be in conflict which can produce compile or runtime errors

Numerous other contributions were submitted by @Zxey @sdmg15 @aboseley @mbaykara 👏 Thank you!

Full Changelog: v0.5.0-rc.0...v0.5.0

Contributors

jbajwa, richardhozak, and 4 other contributors
Assets 2
Loading