4.1.2

INSTRUCTION file has been updated for the new way of generating the example keys with OpenSSL v3.

Thank you @mtangoo for reporting this!

4.1.1

Keys provided as Yii aliases are resolved even if they are a part of key configuration array and not only when provided as a string shortcut. Previously I stated in the example file that this is possible which was not true - so it is now. Thank you @spmaxinc for pointing that out.

4.1.0

Added new class JwtTools that allows to pick & choose JWT features to use without the requirement to configure a signer and the keys when not needed.

4.0.0

This release adds compatibility with lcobucci/jwt v5 and introduces the following BC breaks:

• Minimum required PHP version is 8.1
• Empty signer, key, and signature are not allowed anymore
• lcobucci/clock package is not provided by default anymore
• store configuration key has been removed since it can hold only one value anyway

3.4.0

• Added support for lcobucci/jwt 4.2.0 library
• Added BLAKE2B signer
• Added note for using unsafe signers

3.3.0

Added throwException option to JwtHttpBearerAuth.

Whether the filter should throw an exception i.e. if the token has an invalid format. If there are multiple auth filters (CompositeAuth) it can make sense to "silent fail" and pass the validation process to the next filter on the composite auth list. Default is true.

Thank you @nadar for this feature.

3.2.0

• Using local_file_reference (STORE_LOCAL_FILE_REFERENCE) as a key store option is now deprecated and will be removed in 4.0.0.
• Attempt to use empty string as a key configuration is now throwing exception.
• JwtHttpBearerAuth is not silencing JWT exceptions anymore allowing more developer friendly experience.

Thank you @koxu1996 for improvement suggestions.

3.1.0

• Added EdDSA signer
• Bumped minimum lcobucci/jwt version to 4.1.0

3.0.1

Yii-style array configuration for Signers and Constraints are now allowed.

2.1.0

Updated for compatibility with lcobucci/jwt 3.3 and 3.4.