v0.14.0

What's Changed

• Check nonce in verification of key binding JWTs by @manpsarakis in #125
• Enforced validation of critical security claims (nbf, exp, aud) in both issuance and presentation verification to prevent bypass vulnerabilities. by @manpsarakis in #131
• Enhanced KB-JWT verification to properly validate audience (aud) and issued-at (iat) claims. by @manpsarakis in #133
• Added DigestCollector utility to ensure all disclosure digests within an SD-JWT payload are unique, preventing digest collisions. by @manpsarakis in #136
• Introduced DecoyConfiguration with per-object minimum decoy generation using cryptographically secure random number generation (SecureRandom). This replaces the previous global decoy limit for better privacy guarantees. by @manpsarakis in #136
• Fixed sd_hash computation to correctly use the SD-JWT's specified hash algorithm by @manpsarakis in #139
• KB-JWTs to use the same hash algorithm as the disclosures within by @manpsarakis in #140

Breaking Changes

• Enveloped format support has been removed. The library now exclusively supports the compact presentation format as per the latest SD-JWT specifications by @manpsarakis in #138

Full Changelog: v0.13.1...v0.14.0

v0.13.1

What's Changed

• Update README.md links by @manpsarakis in #122
• Update README links related to SD-JWT VC by @manpsarakis in #123
• make some metadata fields public by @aurimas-zarskis in #126

New Contributors

• @aurimas-zarskis made their first contribution in #126

Full Changelog: v0.13.0...v0.13.1

v0.13.0

What's Changed

• Fastlane updates for runner by @dtsiflit in #121
• Remove JSON pointers by @dtsiflit in #120

Breaking changes

• Removal of JSON pointers from the public API
• public typealias ClaimExtractorResult removes disclosuresPerClaim: case
• Removal of public typealias DisclosuresPerClaim = [JSONPointer: [Disclosure]]
• Removal of public func disclosedPaths() throws -> [JSONPointer] from public struct SignedSDJWT
• Removal of public func present(query: Set<JSONPointer>, visitor: ClaimVisitor? = ClaimVisitor()) throws -> SignedSDJWT? from public struct SignedSDJWT
• public enum ClaimPathError: Error removes invalidJsonPointerFormat case
• protocol ClaimVisitorType removes all functions except func call(path: ClaimPath?, disclosure: Disclosure, value: String?)

Full Changelog: v0.12.1...v0.13.0

v0.12.1

What's Changed

• Minimum version to iOS15 by @dtsiflit in #104
• Recreate claims upates. by @dtsiflit in #108
• Add Subresource Integrity (SRI) validation support for TypeMetadata by @manpsarakis in #110
• Add mandatory field to ClaimMetadata by @manpsarakis in #111
• Remove JSON Schema from Type Metadata by @manpsarakis in #112
• • Rename lang to locale in DisplayMetadata and ClaimDisplay by @manpsarakis in #115
• Adds support for background_image property in SimpleRenderingMethod by @manpsarakis in #116
• Exposes Type Metadata components

Breaking changes

• Minimum version to iOS15

• Implements validation rules for type metadata inheritance
  New: mandatory: Bool property in ClaimMetadata
  Child types cannot relax parent security constraints:

  • mandatory=true cannot be changed to false
  • sd=always or sd=never cannot be changed

• Aligns with SD-JWT VC draft 12 terminology

  • ClaimDisplay.lang → ClaimDisplay.locale
  • DisplayMetadata.lang → DisplayMetadata.locale

Removals

• Removed JSON schema validation from type metadata

Full Changelog: v0.10.0...v0.12.1

v.0.12.0

What's Changed

• Minimum version to iOS15 by @dtsiflit in #104
• Recreate claims upates. by @dtsiflit in #108
• Add Subresource Integrity (SRI) validation support for TypeMetadata by @manpsarakis in #110
• Add mandatory field to ClaimMetadata by @manpsarakis in #111
• Remove JSON Schema from Type Metadata by @manpsarakis in #112
• • Rename lang to locale in DisplayMetadata and ClaimDisplay by @manpsarakis in #115
• Adds support for background_image property in SimpleRenderingMethod by @manpsarakis in #116

Breaking changes

• Minimum version to iOS15

• Implements validation rules for type metadata inheritance
  New: mandatory: Bool property in ClaimMetadata
  Child types cannot relax parent security constraints:

  • mandatory=true cannot be changed to false
  • sd=always or sd=never cannot be changed

• Aligns with SD-JWT VC draft 12 terminology

  • ClaimDisplay.lang → ClaimDisplay.locale
  • DisplayMetadata.lang → DisplayMetadata.locale

Removals

• Removed JSON schema validation from type metadata

Full Changelog: v0.10.0...v0.12.0

v0.10.0

What's Changed

• Overrides parent claim metadata with child's by @manpsarakis in #93
• Removes DID URL verification method by @manpsarakis in #94
• Validates against disclosing registered claims by @manpsarakis in #97
• Change SAST action workflow to use Swift version by @sstyliatis in #98
• Minor test fix by @dtsiflit in #100
• Remove unused code by @dtsiflit in #101
• Release/0.10.0 by @manpsarakis in #99

Breaking changes

• Removed all DID related functionality
  • didUrl case in SdJwtVcIssuerPublicKeySource
  • Removal of LookupPublicKeysFromDIDDocument protocol
  • Removed did from VerificationMethod

New Contributors

• @sstyliatis made their first contribution in #98

Full Changelog: v0.9.2...v0.10.0

v0.9.1

What's Changed

• Update dependencies versions by @goncalo-frade-iohk in #77
• Drop support for vc+sd-jwt SD-JWT VC media type by @mkoumtzis in #78
• .gitignore update by @dtsiflit in #79
• JWS JSON Serialization back to SD-JWT by @dtsiflit in #81
• Xcode 26 updates by @dtsiflit in #88
• SD JWT VC verifier updates by @dtsiflit in #89
• Added JWS JSON parsing example by @dtsiflit in #90

New Contributors

• @mkoumtzis made their first contribution in #78

Breaking changes

• Renamed X509CertificateTrust to X509SDJWTVCCertificateTrust

Full Changelog: v0.8.0...v0.9.1

v0.9.0

What's Changed

• Update dependencies versions by @goncalo-frade-iohk in #77
• Drop support for vc+sd-jwt SD-JWT VC media type by @mkoumtzis in #78
• .gitignore update by @dtsiflit in #79
• JWS JSON Serialization back to SD-JWT by @dtsiflit in #81
• Xcode 26 updates by @dtsiflit in #88
• SD JWT VC verifier updates by @dtsiflit in #89

New Contributors

• @mkoumtzis made their first contribution in #78

Breaking changes

• Renamed X509CertificateTrust to X509SDJWTVCCertificateTrust

Full Changelog: v0.8.0...v0.9.0

v0.6.1

What's Changed

• refactor: SD-JWT verification methods and simplify key resolution by @manpsarakis in #55
• Added presentation tests that use claim paths by @dtsiflit in #56
• End to end tests updates by @dtsiflit in #58
• Fixes combined SD-JWT parsing logic by @manpsarakis in #60

New Contributors

• @manpsarakis made their first contribution in #55

Full Changelog: v0.6.0...v0.6.1

v0.6.0

What's Changed

• SD-JWT-VC type metadata and claim path support by @dtsiflit in #51

Breaking changes

ClaimVisitor renamed to ClaimVisitorType
Visitor renamed to ClaimVisitor

disclosuresPerClaimPath added to ClaimExtractorResult

Now looks like this:

public typealias ClaimExtractorResult = (
digestsFoundOnPayload: [DigestType],
recreatedClaims: JSON,
disclosuresPerClaim: DisclosuresPerClaim?,
disclosuresPerClaimPath: DisclosuresPerClaimPath?
)

SDJWTError has new case error(String)

Full Changelog: v0.5.1...v0.6.0