Skip to content

Commit

Permalink
List of deprecations
Browse files Browse the repository at this point in the history
  • Loading branch information
anakinj committed Oct 2, 2024
1 parent 8cc1fce commit fe5d51e
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 1 deletion.
22 changes: 22 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,27 @@
# Changelog

## Upcoming breaking changes

Notable changes in the upcoming **version 3.0**:

- The indirect dependency to [rbnacl](https://github.com/RubyCrypto/rbnacl) will be removed:
- Support for the nonstandard SHA512256 algorithm will be removed.
- Support for Ed25519 will be moved to a [separate gem](https://github.com/anakinj/jwt-eddsa) for better dependency handling.

- Base64 decoding will no longer fallback on the looser RFC 2045.

- Claim verification has been [split into separate classes](https://github.com/jwt/ruby-jwt/pull/605) and has [a new api](https://github.com/jwt/ruby-jwt/pull/626) and lead to the following deprecations:
- The `::JWT::ClaimsValidator` class will be removed in favor of the functionality provided by `::JWT::Claims`.
- The `::JWT::Claims::verify!` method will be removed in favor of `::JWT::Claims::verify_payload!`.
- The `::JWT::JWA.create` method will be removed. No recommended alternatives.
- The `::JWT::Verify` class will be removed in favor of the functionality provided by `::JWT::Claims`.
- Calling `::JWT::Claims::Numeric.new` with a payload will be removed in favor of `::JWT::Claims::verify_payload!(payload, :numeric)`
- Calling `::JWT::Claims::Numeric.verify!` with a payload will be removed in favor of `::JWT::Claims::verify_payload!(payload, :numeric)`

- The internal algorithms were [restructured](https://github.com/jwt/ruby-jwt/pull/607) to support extensions from separate libraries. The changes lead to a few deprecations and new requirements:
- The `sign` and `verify` static methods on all the algorithms (`::JWT::JWA`) will be removed.
- Custom algorithms are expected to include the `JWT::JWA::SigningAlgorithm` module.

## [v2.9.2](https://github.com/jwt/ruby-jwt/tree/v2.9.2) (NEXT)

[Full Changelog](https://github.com/jwt/ruby-jwt/compare/v2.9.1...main)
Expand Down
18 changes: 18 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -530,6 +530,24 @@ rescue JWT::InvalidSubError
end
```

### Standalone claim verification

The JWT claim verifications can be used to verify any Hash to include expected keys and values.

A few example on verifying the claims for a payload:
```ruby
JWT::Claims.verify_payload!({"exp" => Time.now.to_i + 10}, :numeric, :exp)
JWT::Claims.valid_payload?({"exp" => Time.now.to_i + 10}, :exp)
# => true
JWT::Claims.payload_errors({"exp" => Time.now.to_i - 10}, :exp)
# => [#<struct JWT::Claims::Error message="Signature has expired">]
JWT::Claims.verify_payload!({"exp" => Time.now.to_i - 10}, exp: { leeway: 11})

JWT::Claims.verify_payload!({"exp" => Time.now.to_i + 10, "sub" => "subject"}, :exp, sub: "subject")
```



### Finding a Key

To dynamically find the key for verifying the JWT signature, pass a block to the decode block. The block receives headers and the original payload as parameters. It should return with the key to verify the signature that was used to sign the JWT.
Expand Down
2 changes: 1 addition & 1 deletion lib/jwt/claims.rb
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ module Claims
class << self
# @deprecated Use {verify_payload!} instead. Will be removed in the next major version of ruby-jwt.
def verify!(payload, options)
Deprecations.warning('Calling ::JWT::Claims::verify! will be removed in the next major version of ruby-jwt')
Deprecations.warning('The ::JWT::Claims::verify! method is deprecated will be removed in the next major version of ruby-jwt')
DecodeVerifier.verify!(payload, options)
end

Expand Down

0 comments on commit fe5d51e

Please sign in to comment.