v1.28.0

Features

• support for validating issuer from a list of values (#91) (ce6836a)

v1.27.3

Bug Fixes

• do not mutate unencoded payload when signing for multiple parties (1695423), closes #89
• ensure "b64" is the same for all recipients edge cases (d56ec9f)

v1.27.2

Bug Fixes

• handle private EC keys without public component (#86) (e8ad389), closes #85

v1.27.1

Bug Fixes

• allow any JSON numeric value for timestamp values (7ba4922)

v1.27.0

Features

• add opt-in objects to verify using embedded JWS Header public keys (7c1cab1)

v1.26.1

Bug Fixes

• typescript: types of key generate functions without overloads (7e60722), closes #80
• "typ" content-type validation, case insensitive and handled prefix (0691586)

v1.26.0

Features

• update JWT Profile for OAuth 2.0 Access Tokens to latest draft (8c0a8a9)

BREAKING CHANGES

• at+JWT JWT draft profile - in the draft's Section 2.2 the claims iat and jti are now REQUIRED (was RECOMMENDED).

---

Draft specification profiles are updated as minor versions of the library, therefore, since they may have breaking changes, use the ~ semver operator when using these and pay close attention to changelog and the drafts themselves.

v1.25.2

Bug Fixes

• build: don't publish junk files (6e98c1a)

v1.25.1

Bug Fixes

• use native openssl AES Key Wrap 🤦 (dcf8d75)

v1.25.0

Features

• update JWT Profile for OAuth 2.0 Access Tokens to latest draft (bc77a15)