Release 2.0

Updates

• Bumping minimum PHP version to 8.2.
• Adding support for PHP 8.4.
• Adding class comments for exceptions and constructors of various classes.
• Refactoring retrieving of signer to a single private function.
• Bumping dev dependencies.
• Adding test coverage for error cases on signing and verifying with KeypairSigner.
• Adding #[SensitiveParameter] attribute in HmacSigner constructor.

Fixes

• Fixing potential issue with implicit casting of exp and nbf claims.

Release 1.1.1

Fixes

• Fixing header name for alg.

Release 1.1

Features

• Adding support for multiple keys using the kid header in JWT. See documentation for more info.

Release 1.0

Updates

• Adding a PSR-15 Middleware implementation that can be used in projects for validating incoming requests with JWTs. Supports JWT being passed in HTTP header.
• Explicit exceptions for encoding and decoding are now thrown instead of generic RuntimeException. See documentation for more information.
• Code cleanup, better typing, and leveraging PHP 8.x features (mostly constructor promotion).

Breaking changes

• KeypairSigner constructor signature now requires an instance of OpenSSLAsymmetricKey for the private and public keys. See documentation for more information.

Release 0.3

Fixes

• Strip padded "=" from base64 encoded strings.

Release 0.2

Updates

• Using PargonIE HiddenString library to store signing secrets.
• Dropping PHP 7.x support

Fixes

• Using base64 URL encoding and decoding.

Release 0.1

Initial release

• Simple token encoding and decoding
• Supports HMAC and asymmetric key signing
• Supports only a single signer