- Secrets can be files for both encoding and decoding #130
- [BREAKING]
jwt-cliwill always validateexpunless you pass--ignore-exp#137 - Swapped out term-painter for bunt
2021-02-16
- [BREAKING] Remove the
prnoption as it's not included in the spec any longer #114 - [BREAKING] Avoid adding an
expclaim automatically. Instead, the--expflag must be present, with or without a value - Support adding
jtiwhen encoding - Add
no-iatflag to disable automaticiatclaim generation - Add an
--iso8601flag to represent date-based claims as ISO 8601 date strings. Only applies toiat,exp, andnbf
- Trim whitespace around a jwt before encoding #120
2020-12-24
- Default decoding to JSON when not in a TTY #100
2020-09-13
- Fix binary archives uploaded during release
2020-09-11
- When piping the output of
jwtto another command,jwtwon't add a trailing newline
- When verifying token without an
expclaim,jwtwon't print that the jwt is invalid
2020-04-17
- Durations (
exp, andnbf) can now be set with relative times #68
2020-03-14
- Re-release for cargo installers
2020-03-14
- Updated
jsonwebokento version 7, which now allows PEM secrets to be used- This requires the filename to end with
.pemto be detected correctly
- This requires the filename to end with
2020-02-02
- Prevent an invalid JWT token from causing a panic during
decode#51
2019-10-07
- 2.5.1 fixes a nasty bug where non-string JSON values would be dropped during encoding
2019-05-29
- Add support for ECDSA algorithms. For now, only ES256 and ES384 are supported. #12
2019-04-19
- Add support for stdin on
encodeanddecode. Instead of passing a JSON body or a JWT token, you can simply pass-. #10
- Updated the project to use rust 2018 edition
- Update dependencies
2019-01-10
- Adds the ability to include a private/public key from a file on the local filesystem using the
@shorthand #9
2018-11-28
- Add a missing
>to Aaron's entry in the contributors section ofCargo.toml
2018-11-18
- You can now use a fully qualified and valid JSON string as the entire payload body. Add it to the end of the command without a flag to use it. It can be combined with the
-Pand--payloadflags to enhance a JSON string.
2018-09-24
- A new output format has been added: JSON! Use the
--jsonor-jflags to output a pure JSON representation of the header and payload, which can be piped into other programs likejq[#6]
2018-04-28
- Updated to
jsonwebtokenversion 4 - JWTs without the
typheader can now be decoded
2017-09-05
Better stdout and stderr interop
- Errors are now printed to STDERR instead of STDOUT
- Proper exit codes should now be emitted.
0for successes,1for failures. - The output from the encode command is now just the token, which can be piped or stored in a shell
2017-07-13
The decoding and validation release!
- If the JWT you're decoding is invalid, it will still print out the head and claims objects
- Error messages are now red and bold for better visibility
- Secret is no longer required for decoding a JWT, but will be validated if one is provided
- Added info on how to install the binary through homebrew
- The proper version number is now displayed in the help commands (and
Cargo.tomlfile)
2017-07-03
The 1.0 release!
This is the initial non-beta, non-alpha release of jwt-cli!
- Everything is parsed by serde now. You can pass strings, numbers, arrays, objects, whatever. If serde can parse it, it's valid!
- Add jwt-cli to package managers!
2017-07-03
The forkless release!
- Swaps out my fork of
jsonwebtokenfor the master branch of keats'jsonwebtoken
- Allow for json payload items via
-P this=json(['arbitrary', 'data'])
2017-07-03
The iat and exp release!
iatis now automatically added to the claims objectexpis now automatically added to the claims object if not passed in directlyexpdefaults to 30 minutes from the time of creation
expandnbfare now parsed as numbers, not string
- Moves to my instance of
jsonwebtokenuntil some PRs are merged
- Allow for json payload items via
-P this=json(['arbitrary', 'data'])
2017-07-02
- Fix tests so that they pass
2017-07-02
Dependency updates
- Swaps out
rustc_serializeforserde - Updates
jsonwebtokenfrom version 1 to version 2. This allows for much more precise errors, and expands potential for validation.
- Automatically set
iatandexp - Default
expto 30 minutes from now - Allow for json payload items via
-P this=json(['arbitrary', 'data'])
2017-03-13
The whoopsies release!
While actually using the project, I found that payload claims were being nested into a root key. Whoops!
- The
generatecommand is nowencode
- When decoding, the
algorithmoption is no longer required (defaults to HS256) - Updated to rust 1.16
- Payload claims are no longer nested in a
_field0key
- Automatically set
iatandexp - Default
expto 30 minutes from now - Swap out rustc_serialize for serde
- These are all blocked by Keats/jsonwebtoken#19 :(
- Testing on Windows and Linux
2017-03-12
The rename release!
- Renamed the release binary to
jwt. During development, eitherjwtorjwt-cliis available.
- Testing on linux & windows (this was developed on macOS)
- Work on releasing 1.0.0 to homebrew and chocolatey.
2017-03-10
The testing release!
This adds a bunch of unit tests for almost all of the functions (println!
functions excluded) and fixes some tests found after writing them.
- The short forms for
payloadandprincipalhave how been switched for consistency - The long form of
expiresis nowexpfor consistency
- Shorthand payload options (
exp,aud, etc) no longer cause a panic - Windows builds now have a more readable name rather that the target triple
- The generate command output is now prettier
- Final preflight checks
- Investigation into release to OS package managers
- Name change?
2017-03-10
This adds documentation in the readme, as well as some github templates.
Additionally, the travis build config should be be fixed, and builds for macOS and linux should now be uploaded to the release.
Roadmap to 1.0.0:
- Unit tests
- Possible upstream patches to get more functionality
2017-03-09
This one's all about the formatting from decode! When you decode a JWT now, it looks spectacular, if I do say so myself. It's even colored and bold and other great stuff.
This also fixes the build script, so now macOS, Windows, and Linux binaries should all be present in the release.
Roadmap to 1.0.0:
- Unit tests
- Possible upstream patches to get more functionality
2017-03-08
This removes the builds for Windows GBU, *BSD, armv7, and aarch64. Sorry if you use those systems or architectures.
This also fixes some of the builds where it would find unreachable code. It's ok, I promise.
2017-03-07
This fixes the CI scripts, so now it should build and publish them correctly, I hope.
2017-03-07
Third prerelease.
Overall, this replaces frank_jwt with jsonwebtoken. What does that mean?
- You can now specify the
kidheader - You can now decode and display the header
- RSA signatures are no longer supported
There were also some other enhancements:
- If a decoded token is invalid, you can now get better context for the error
And here's a list of stuff that's still wacky:
- The decoded token output can be so much better
- RSA and ECDSA signing would be super neat
- JWS and JWE type tokens would be good to have as well
Finally, there should be builds available for linux, macOS, and windows thanks to some CI magic.
2017-03-06
Second prerelease!
This adds some new features:
- JWTs can now be decoded
- RSA support for encoding and decoding
What's still missing:
- Cannot decode the header (upstream issues)
- Cannot encode or decode ES tokens
- Custom
typandkidheader fields
2017-03-05
First prerelease! 0.1.0
This is the first prerelease of jwt. The name will change
eventually.
The following features are supported:
- encode a JWT
- provide a custom algorithm, payload, and secret
What's missing:
- can't change the
typor add akidto the header - only supports HMAC algorithms
- it hasn't been refactored
What I'm planning:
- support for all algorithms
- refactor to be even more functional
- submit an upstream patch to frank_jwt to allow custom
typandkidheaders