UNPKG

jose/CHANGELOG.md

Version:
18.6 kBMarkdownView Raw
1# Change Log
2
3All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
4
5## [1.22.2](https://github.com/panva/jose/compare/v1.22.1...v1.22.2) (2020-02-06)
6
7
8### Performance Improvements
9
10* various codepaths refactored ([3e3d7dd](https://github.com/panva/jose/commit/3e3d7dd38168159e188e54c48a9f83e3a02a8fe1))
11
12
13
14## [1.22.1](https://github.com/panva/jose/compare/v1.22.0...v1.22.1) (2020-02-03)
15
16
17### Bug Fixes
18
19* actually remove the base64url proper encoding check ([eae01b5](https://github.com/panva/jose/commit/eae01b57ab9f33e8c621ffcd2a77d513a51d22b2))
20
21
22
23# [1.22.0](https://github.com/panva/jose/compare/v1.21.1...v1.22.0) (2020-01-29)
24
25
26### Features
27
28* keystore filtering by JWK Key thumbprint ([a9f6f71](https://github.com/panva/jose/commit/a9f6f7135005d6231d6f42d95c02414139a89d17))
29
30
31### Performance Improvements
32
33* base64url decode, JWT.verify, JWK.Key instance re-use ([470b4c7](https://github.com/panva/jose/commit/470b4c73154e1fcf8b92726d521940e5e11c9d94))
34
35
36
37## [1.21.1](https://github.com/panva/jose/compare/v1.21.0...v1.21.1) (2020-01-25)
38
39
40### Bug Fixes
41
42* contactKDF iteration count fixed for key sizes larger than 256 bits ([70ff222](https://github.com/panva/jose/commit/70ff22227ad303e57228dc8351688531499a833a))
43
44
45
46# [1.21.0](https://github.com/panva/jose/compare/v1.20.0...v1.21.0) (2020-01-23)
47
48
49### Bug Fixes
50
51* **typescript:** don't expose non existant classes, fix decode key ([0f8bf88](https://github.com/panva/jose/commit/0f8bf886da1b5d02cd0d968d0ec02a58673df258))
52
53
54### Features
55
56* add opt-in support for Unsecured JWS algorithm "none" ([3a6d17f](https://github.com/panva/jose/commit/3a6d17fdd18d8bbd074c07c2dd08f0406c16a8f1))
57
58
59
60# [1.20.0](https://github.com/panva/jose/compare/v1.19.0...v1.20.0) (2020-01-16)
61
62
63### Features
64
65* add JWTExpired error and JWTClaimInvalid claim and reason props ([a0c0c7a](https://github.com/panva/jose/commit/a0c0c7ad70f42d9b23b3e71de43599a8ac6fe1ff)), closes [#62](https://github.com/panva/jose/issues/62)
66
67
68
69# [1.19.0](https://github.com/panva/jose/compare/v1.18.2...v1.19.0) (2020-01-13)
70
71
72### Features
73
74* exposed shorthands for JWT verification profiles ([b1864e3](https://github.com/panva/jose/commit/b1864e319d1a7a42eadfa0c4b0145952e7814726))
75
76
77
78## [1.18.2](https://github.com/panva/jose/compare/v1.18.1...v1.18.2) (2020-01-08)
79
80
81### Bug Fixes
82
83* ensure asn1.js version to remove Buffer deprecation notice ([13b1106](https://github.com/panva/jose/commit/13b1106048fdeae00b09d54f05245dded85b14a7))
84* expose JOSENotSupported key import errors on unsupported runtimes ([bc81e5d](https://github.com/panva/jose/commit/bc81e5dec2987f6ce6dc3fa5daa23dfe620c0a34))
85* typo in JOSENotSupported error when x509 certs are not supported ([bb58c9c](https://github.com/panva/jose/commit/bb58c9ce52e807ca4cfad6bcbf1ab96b91778b1f))
86
87
88
89## [1.18.1](https://github.com/panva/jose/compare/v1.18.0...v1.18.1) (2020-01-01)
90
91
92### Bug Fixes
93
94* force iat past check when maxTokenAge option is used + JWT refactor ([828ad5a](https://github.com/panva/jose/commit/828ad5a33dc0cc0049923b69f43f97463295456e))
95
96
97
98# [1.18.0](https://github.com/panva/jose/compare/v1.17.2...v1.18.0) (2019-12-31)
99
100
101### Features
102
103* add JWT validation profiles for Access Tokens and Logout Tokens ([7bb5c95](https://github.com/panva/jose/commit/7bb5c953a9c6d9bd915e8ebc0608bc0649427745))
104
105
106
107## [1.17.2](https://github.com/panva/jose/compare/v1.17.1...v1.17.2) (2019-12-17)
108
109
110### Bug Fixes
111
112* skip validating iat is in the past when exp is present ([0ed5025](https://github.com/panva/jose/commit/0ed5025de30a754de95ae2587ce0f4573909b006))
113
114
115
116## [1.17.1](https://github.com/panva/jose/compare/v1.17.0...v1.17.1) (2019-12-10)
117
118
119### Bug Fixes
120
121* properly fail to import unsupported openssh keys ([bee5744](https://github.com/panva/jose/commit/bee574457f29597ccab09d51ac61b85dd7a7146a))
122
123
124
125# [1.17.0](https://github.com/panva/jose/compare/v1.16.2...v1.17.0) (2019-12-10)
126
127
128### Features
129
130* importing a certificate populates x5c and x5t thumbprints ([25a7a71](https://github.com/panva/jose/commit/25a7a71915c4f7514536cec9e7e162d0ad3b670c)), closes [#59](https://github.com/panva/jose/issues/59)
131
132
133
134## [1.16.2](https://github.com/panva/jose/compare/v1.16.1...v1.16.2) (2019-12-05)
135
136
137### Bug Fixes
138
139* handle Unencoded Payload (b64:false) with arbitrary buffer payloads ([daabedc](https://github.com/panva/jose/commit/daabedc776617f4fde427b3a5e79d8c176293132)), closes [#57](https://github.com/panva/jose/issues/57)
140
141
142
143## [1.16.1](https://github.com/panva/jose/compare/v1.16.0...v1.16.1) (2019-12-05)
144
145
146### Bug Fixes
147
148* allow PBES2 for the correct JWK `use` values ([f0d7194](https://github.com/panva/jose/commit/f0d719416ec9ca041ea88b8a983b5d899a6aa107))
149
150
151
152# [1.16.0](https://github.com/panva/jose/compare/v1.15.1...v1.16.0) (2019-12-04)
153
154
155### Features
156
157* two official jose plugins/extensions for those living on the edge ([5b27c97](https://github.com/panva/jose/commit/5b27c97ac8836ffa9f3880e009c8db5afbfbaa2c)), closes [#56](https://github.com/panva/jose/issues/56)
158
159
160
161## [1.15.1](https://github.com/panva/jose/compare/v1.15.0...v1.15.1) (2019-11-30)
162
163
164### Bug Fixes
165
166* **typescript:** export Key Input types ([0277fcd](https://github.com/panva/jose/commit/0277fcd1896af497e79190212b0719f7e62366c1))
167
168
169
170# [1.15.0](https://github.com/panva/jose/compare/v1.14.0...v1.15.0) (2019-11-27)
171
172
173### Bug Fixes
174
175* default JWT.sign `kid` option value is false for HMAC signatures ([ce77388](https://github.com/panva/jose/commit/ce7738825403f8cdb8f99cb51c096baf0dfa3af7))
176
177
178### Features
179
180* allow JWK.asKey inputs for sign/verify/encrypt/decrypt operations ([5e1009a](https://github.com/panva/jose/commit/5e1009a63e4bc829009cc46d6295c00f8431024c))
181
182
183
184# [1.14.0](https://github.com/panva/jose/compare/v1.13.0...v1.14.0) (2019-11-26)
185
186
187### Features
188
189* allow JWKS.KeyStore .all and .get to filter for key curves ([ea60338](https://github.com/panva/jose/commit/ea60338ca6f58f2626992a38da76812477ce4540))
190
191
192
193# [1.13.0](https://github.com/panva/jose/compare/v1.12.1...v1.13.0) (2019-11-23)
194
195
196### Features
197
198* return the CEK from JWE.decrypt operation with { complete: true } ([c3eb845](https://github.com/panva/jose/commit/c3eb8450b98b2f5ecc127d69afe85a7ae2cc5aaa))
199
200
201
202## [1.12.1](https://github.com/panva/jose/compare/v1.12.0...v1.12.1) (2019-11-14)
203
204
205
206# [1.12.0](https://github.com/panva/jose/compare/v1.11.0...v1.12.0) (2019-11-05)
207
208
209### Features
210
211* add JWS.verify encoding and parsing options ([6bb66d4](https://github.com/panva/jose/commit/6bb66d4f0b4c96f2da8ac5f14fda6bc4f53f2994))
212
213
214
215# [1.11.0](https://github.com/panva/jose/compare/v1.10.2...v1.11.0) (2019-11-03)
216
217
218### Features
219
220* expose crypto.KeyObject instances in supported runtimes ([8ea9683](https://github.com/panva/jose/commit/8ea968312e97ed0f992fab909a20e7993159ec45))
221
222
223
224## [1.10.2](https://github.com/panva/jose/compare/v1.10.1...v1.10.2) (2019-10-29)
225
226
227### Bug Fixes
228
229* only use secp256k1 keys for signing/verification ([9588223](https://github.com/panva/jose/commit/95882232d6d409a321b6a8c168f5b78ebbdabf95))
230
231
232
233## [1.10.1](https://github.com/panva/jose/compare/v1.10.0...v1.10.1) (2019-10-04)
234
235
236### Bug Fixes
237
238* throw proper error when runtime doesn't support OKP ([0a16efb](https://github.com/panva/jose/commit/0a16efb)), closes [#48](https://github.com/panva/jose/issues/48)
239
240
241
242# [1.10.0](https://github.com/panva/jose/compare/v1.9.2...v1.10.0) (2019-10-01)
243
244
245### Features
246
247* rename package ([26f4cf2](https://github.com/panva/jose/commit/26f4cf2))
248
249
250
251## [1.9.2](https://github.com/panva/jose/compare/v1.9.1...v1.9.2) (2019-09-16)
252
253
254### Bug Fixes
255
256* keystore.toJWKS(true) does not throw on public keys ([81abdfa](https://github.com/panva/jose/commit/81abdfa)), closes [#42](https://github.com/panva/jose/issues/42)
257
258
259
260## [1.9.1](https://github.com/panva/jose/compare/v1.9.0...v1.9.1) (2019-09-10)
261
262
263
264# [1.9.0](https://github.com/panva/jose/compare/v1.8.0...v1.9.0) (2019-08-24)
265
266
267### Features
268
269* allow JWKS.asKeyStore to swallow errors ([78398d3](https://github.com/panva/jose/commit/78398d3))
270
271
272
273# [1.8.0](https://github.com/panva/jose/compare/v1.7.0...v1.8.0) (2019-08-22)
274
275
276### Features
277
278* added Node.js lts/dubnium support for runtime supported features ([67a8601](https://github.com/panva/jose/commit/67a8601))
279
280
281
282# [1.7.0](https://github.com/panva/jose/compare/v1.6.1...v1.7.0) (2019-08-20)
283
284
285### Features
286
287* add RSA-OAEP-256 support (when a node version supports it) ([28d7cf8](https://github.com/panva/jose/commit/28d7cf8)), closes [#29](https://github.com/panva/jose/issues/29)
288
289
290
291## [1.6.1](https://github.com/panva/jose/compare/v1.6.0...v1.6.1) (2019-07-29)
292
293
294### Bug Fixes
295
296* properly pad calculated RSA primes ([dd121ce](https://github.com/panva/jose/commit/dd121ce))
297
298
299
300# [1.6.0](https://github.com/panva/jose/compare/v1.5.2...v1.6.0) (2019-07-27)
301
302
303### Bug Fixes
304
305* use the correct ECPrivateKey version when importing EC JWK ([24acd20](https://github.com/panva/jose/commit/24acd20))
306
307
308### Features
309
310* electron v6.x support ([e7ad82c](https://github.com/panva/jose/commit/e7ad82c))
311
312
313
314## [1.5.2](https://github.com/panva/jose/compare/v1.5.1...v1.5.2) (2019-07-27)
315
316
317### Bug Fixes
318
319* importing x5c in electron requires the input split ([181fd09](https://github.com/panva/jose/commit/181fd09))
320
321
322
323## [1.5.1](https://github.com/panva/jose/compare/v1.5.0...v1.5.1) (2019-07-27)
324
325
326### Bug Fixes
327
328* correctly pad integers when importing RSA JWK ([1dc7f35](https://github.com/panva/jose/commit/1dc7f35))
329
330
331
332# [1.5.0](https://github.com/panva/jose/compare/v1.4.1...v1.5.0) (2019-07-23)
333
334
335### Features
336
337* validate JWTs according to a JWT profile - ID Token ([6c98b61](https://github.com/panva/jose/commit/6c98b61))
338
339
340
341## [1.4.1](https://github.com/panva/jose/compare/v1.4.0...v1.4.1) (2019-07-14)
342
343
344### Bug Fixes
345
346* honour the JWT.sign `jti` option ([36c9ce2](https://github.com/panva/jose/commit/36c9ce2)), closes [#33](https://github.com/panva/jose/issues/33)
347
348
349
350# [1.4.0](https://github.com/panva/jose/compare/v1.3.0...v1.4.0) (2019-07-08)
351
352
353### Features
354
355* add secp256k1 EC Key curve and ES256K ([211d7af](https://github.com/panva/jose/commit/211d7af))
356
357
358
359# [1.3.0](https://github.com/panva/jose/compare/v1.0.2...c51dc28) (2019-06-21)
360
361
362### Features
363
364* compute private RSA key p, q, dp, dq, qi when omitted ([6e3d6fd](https://github.com/panva/jose/commit/6e3d6fd)), closes [#26](https://github.com/panva/jose/issues/26)
365* add support for JWK x5c, x5t and x5t#S256 ([9d46c48](https://github.com/panva/jose/commit/9d46c48))
366* instances of JWKS.KeyStore are now iterable (e.g. for ... of) ([2eae293](https://github.com/panva/jose/commit/2eae293))
367
368### Bug Fixes
369
370* limit calculation of missing RSA private components ([5b53cb0](https://github.com/panva/jose/commit/5b53cb0))
371* reject rsa keys without all factors and exponents with a specific message ([b0ff436](https://github.com/panva/jose/commit/b0ff436))
372
373### Deprecations
374
375- this deprecates the use of `JWK.importKey` in favor of
376`JWK.asKey`
377- this deprecates the use of `JWKS.KeyStore.fromJWKS` in favor of
378`JWKS.asKeyStore`
379
380Both `JWK.importKey` and `JWKS.KeyStore.fromJWKS` could have resulted
381in the process getting blocked when large bitsize RSA private keys
382were missing their components and could also result in an endless
383calculation loop when the private key's private exponent was outright
384invalid or tampered with.
385
386The new methods still allow to import private RSA keys with these
387optimization key parameters missing but it is disabled by default and one
388should choose to enable it when working with keys from trusted sources
389
390It is recommended not to use `jose` versions with this feature in
391its original on-by-default form - v1.1.0 and v1.2.0
392
393
394
395## [1.0.2](https://github.com/panva/jose/compare/v1.0.1...v1.0.2) (2019-05-13)
396
397
398### Bug Fixes
399
400* add missing keystore.toJWKS() .d.ts definition ([c7a8606](https://github.com/panva/jose/commit/c7a8606)), closes [#25](https://github.com/panva/jose/issues/25)
401
402
403
404## [1.0.1](https://github.com/panva/jose/compare/v1.0.0...v1.0.1) (2019-04-27)
405
406
407### Bug Fixes
408
409* oct key ts "k" type fix ([0750d2c](https://github.com/panva/jose/commit/0750d2c))
410
411
412
413<a name="1.0.0"></a>
414# [1.0.0](https://github.com/panva/jose/compare/v0.12.0...v1.0.0) (2019-04-23)
415
416
417### Bug Fixes
418
419* fail to import invalid PEM formatted strings and buffers ([857dc2b](https://github.com/panva/jose/commit/857dc2b))
420
421
422### Features
423
424* add JWK key_ops support, fix .algorithms() op returns ([23b874c](https://github.com/panva/jose/commit/23b874c))
425* add key.toPEM() export function with optional encryption ([1159b0d](https://github.com/panva/jose/commit/1159b0d))
426* add OKP Key and EdDSA sign/verify support ([2dbd3ed](https://github.com/panva/jose/commit/2dbd3ed)), closes [#12](https://github.com/panva/jose/issues/12)
427
428
429### BREAKING CHANGES
430
431* key.algorithms(op) un+wrapKey was split into correct
432wrapKey/unwrapKey/deriveKey returns
433* keystore.all and keystore.get `operation` option was
434removed, `key_ops: string[]` supersedes it
435* Node.js minimal version is now v12.0.0 due to its
436added EdDSA support (crypto.sign, crypto.verify and eddsa key objects)
437
438
439
440<a name="0.12.0"></a>
441# [0.12.0](https://github.com/panva/jose/compare/v0.11.5...v0.12.0) (2019-04-07)
442
443
444### Reverts
445
446* add EC P-256K JWK and ES256K sign/verify support ([e21fea1](https://github.com/panva/jose/commit/e21fea1))
447
448
449### BREAKING CHANGES
450
451* removing ES256K alg and EC P-256K crv support until the
452IETF WG decides on what the final names will be.
453
454
455
456<a name="0.11.5"></a>
457## [0.11.5](https://github.com/panva/jose/compare/v0.11.4...v0.11.5) (2019-04-04)
458
459
460### Features
461
462* add key.secret<boolean> and key.type<string> for completeness ([2dd7053](https://github.com/panva/jose/commit/2dd7053))
463* add key.thumbprint always returning the JWK Thumbprint (RFC7638) ([65db7e0](https://github.com/panva/jose/commit/65db7e0))
464
465
466
467<a name="0.11.4"></a>
468## [0.11.4](https://github.com/panva/jose/compare/v0.11.3...v0.11.4) (2019-03-28)
469
470
471### Bug Fixes
472
473* properly restrict EC curves in generate(Sync) ([764b863](https://github.com/panva/jose/commit/764b863))
474* remove unintended exposure of private material via enumerables ([946d9df](https://github.com/panva/jose/commit/946d9df))
475
476
477
478<a name="0.11.3"></a>
479## [0.11.3](https://github.com/panva/jose/compare/v0.11.2...v0.11.3) (2019-03-27)
480
481
482### Bug Fixes
483
484* throw on unsupported EC curves ([cfa4222](https://github.com/panva/jose/commit/cfa4222))
485
486
487### Features
488
489* add EC P-256K JWK and ES256K sign/verify support ([2e33e1c](https://github.com/panva/jose/commit/2e33e1c))
490
491
492
493<a name="0.11.2"></a>
494## [0.11.2](https://github.com/panva/jose/compare/v0.11.1...v0.11.2) (2019-03-19)
495
496
497### Bug Fixes
498
499* internal symbol method is now really a symbol ([925d47c](https://github.com/panva/jose/commit/925d47c))
500* key.toJWK() fixed on windows ([57f1692](https://github.com/panva/jose/commit/57f1692)), closes [#17](https://github.com/panva/jose/issues/17)
501
502
503## [0.11.1](https://github.com/panva/jose/compare/v0.11.0...v0.11.1) (2019-03-17)
504
505
506### Bug Fixes
507
508* restrict RS key algorithms by the key's bit size ([9af295b](https://github.com/panva/jose/commit/9af295b))
509
510
511# [0.11.0](https://github.com/panva/jose/compare/v0.10.0...v0.11.0) (2019-03-16)
512
513
514### Bug Fixes
515
516* all JWA defined RSA operations require key of 2048 or more ([cc70c5d](https://github.com/panva/jose/commit/cc70c5d))
517* use correct salt length for RSASSA-PSS ([e936d54](https://github.com/panva/jose/commit/e936d54))
518
519
520### BREAKING CHANGES
521
522* all [JWA](https://tools.ietf.org/html/rfc7518) defined
523RSA based operations require key size of 2048 bits or more.
524
525
526
527# [0.10.0](https://github.com/panva/jose/compare/v0.9.2...v0.10.0) (2019-03-12)
528
529
530### Bug Fixes
531
532* do not list "dir" under wrap/unwrapKey operations ([17b37d3](https://github.com/panva/jose/commit/17b37d3))
533
534
535### Features
536
537* keystore .all and .get operation option ([d349ba9](https://github.com/panva/jose/commit/d349ba9))
538
539
540### BREAKING CHANGES
541
542* "dir" is no longer returned as wrap/unwrapKey key
543operation
544
545
546
547## [0.9.2](https://github.com/panva/jose/compare/v0.9.1...v0.9.2) (2019-03-05)
548
549
550### Bug Fixes
551
552* "dir" is only available on keys with correct lengths ([6854860](https://github.com/panva/jose/commit/6854860))
553* do not 'in' operator when importing keys as string ([be3f4e4](https://github.com/panva/jose/commit/be3f4e4))
554
555
556
557## [0.9.1](https://github.com/panva/jose/compare/v0.9.0...v0.9.1) (2019-03-02)
558
559
560### Bug Fixes
561
562* only import RSA, EC and oct successfully ([e5e02fc](https://github.com/panva/jose/commit/e5e02fc))
563
564
565# 0.9.0 (2019-03-02)
566
567Initial release
568
569### Implemented Features
570
571- JSON Web Signature (JWS) - [RFC7515][spec-jws]
572- JSON Web Encryption (JWE) - [RFC7516][spec-jwe]
573- JSON Web Key (JWK) - [RFC7517][spec-jwk]
574- JSON Web Algorithms (JWA) - [RFC7518][spec-jwa]
575- JSON Web Token (JWT) - [RFC7519][spec-jwt]
576- JSON Web Key (JWK) Thumbprint - [RFC7638][spec-thumbprint]
577- JWS Unencoded Payload Option - [RFC7797][spec-b64]
578
579| JWK Key Types | Supported ||
580| -- | -- | -- |
581| RSA | ✓ | RSA |
582| Elliptic Curve | ✓ | EC |
583| Octet sequence | ✓ | oct |
584
585| Serialization | JWS Sign | JWS Verify | JWE Encrypt | JWE Decrypt |
586| -- | -- | -- | -- | -- |
587| Compact | ✓ | ✓ | ✓ | ✓ |
588| General JSON | ✓ | ✓ | ✓ | ✓ |
589| Flattened JSON  | ✓ | ✓ | ✓ | ✓ |
590
591| JWS Algorithms | Supported ||
592| -- | -- | -- |
593| RSASSA-PKCS1-v1_5 | ✓ | RS256, RS384, RS512 |
594| RSASSA-PSS | ✓ | PS256, PS384, PS512 |
595| ECDSA | ✓ | ES256, ES384, ES512 |
596| HMAC with SHA-2 | ✓ | HS256, HS384, HS512 |
597
598| JWE Key Management Algorithms | Supported ||
599| -- | -- | -- |
600| AES | ✓ | A128KW, A192KW, A256KW |
601| AES GCM | ✓ | A128GCMKW, A192GCMKW, A256GCMKW |
602| Direct Key Agreement | ✓ | dir |
603| RSAES OAEP | ✓<sup>*</sup> | RSA-OAEP <sub>(<sup>*</sup>RSA-OAEP-256 is not supported due to its lack of support in Node.js)</sub> |
604| RSAES-PKCS1-v1_5 | ✓ | RSA1_5 |
605| PBES2 | ✓ | PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW |
606| ECDH-ES | ✓ | ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW |
607
608| JWE Content Encryption Algorithms | Supported ||
609| -- | -- | -- |
610| AES GCM | ✓ | A128GCM, A192GCM, A256GCM |
611| AES_CBC_HMAC_SHA2 | ✓ |  A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 |
612
613[spec-b64]: https://tools.ietf.org/html/rfc7797
614[spec-jwa]: https://tools.ietf.org/html/rfc7518
615[spec-jwe]: https://tools.ietf.org/html/rfc7516
616[spec-jwk]: https://tools.ietf.org/html/rfc7517
617[spec-jws]: https://tools.ietf.org/html/rfc7515
618[spec-jwt]: https://tools.ietf.org/html/rfc7519
619[spec-thumbprint]: https://tools.ietf.org/html/rfc7638