Versions <=8.5.1 of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function (referring to the secretOrPublicKey argument from the readme link) will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens.
Am I affected?
You will be affected if your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function.
Versions <=8.5.1 of jsonwebtoken library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm.
Am I affected?
You are affected if you are using an algorithm and a key type other than the combinations mentioned below
Key type
algorithm
ec
ES256, ES384, ES512
rsa
RS256, RS384, RS512, PS256, PS384, PS512
rsa-pss
PS256, PS384, PS512
And for Elliptic Curve algorithms:
alg
Curve
ES256
prime256v1
ES384
secp384r1
ES512
secp521r1
How do I fix it?
Update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, If you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the allowInvalidAsymmetricKeyTypes option to true in the sign() and/or verify() functions.
Will the fix impact my users?
There will be no impact, if you update to version 9.0.0 and you already use a valid secure combination of key type and algorithm. Otherwise, use the allowInvalidAsymmetricKeyTypes option to true in the sign() and verify() functions to continue usage of invalid key type/algorithm combination in 9.0.0 for legacy compatibility.
In versions <=8.5.1 of jsonwebtoken library, lack of algorithm definition and a falsy secret or key in the jwt.verify() function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification.
Am I affected?
You will be affected if all the following are true in the jwt.verify() function:
a token with no signature is received
no algorithms are specified
a falsy (e.g. null, false, undefined) secret or key is passed
How do I fix it?
Update to version 9.0.0 which removes the default support for the none algorithm in the jwt.verify() method.
Will the fix impact my users?
There will be no impact, if you update to version 9.0.0 and you don’t need to allow for the none algorithm. If you need 'none' algorithm, you have to explicitly specify that in jwt.verify() options.
Release Notes
auth0/node-jsonwebtoken (jsonwebtoken)
### [`v9.0.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#900---2022-12-21)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.5.1...v9.0.0)
**Breaking changes: See [Migration from v8 to v9](https://redirect.github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9)**
##### Breaking changes
- Removed support for Node versions 11 and below.
- The verify() function no longer accepts unsigned tokens by default. (\[[`8345030`](https://redirect.github.com/auth0/node-jsonwebtoken/commit/834503079514b72264fd13023a3b8d648afd6a16)]https://github.com/auth0/node-jsonwebtoken/commit/834503079514b72264fd13023a3b8d648afd6a16)
- RSA key size must be 2048 bits or greater. (\[[`ecdf6cc`](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ecdf6cc6073ea13a7e71df5fad043550f08d0fa6)]https://github.com/auth0/node-jsonwebtoken/commit/ecdf6cc6073ea13a7e71df5fad043550f08d0fa6)
- Key types must be valid for the signing / verification algorithm
##### Security fixes
- security: fixes `Arbitrary File Write via verify function` - CVE-2022-23529
- security: fixes `Insecure default algorithm in jwt.verify() could lead to signature validation bypass` - CVE-2022-23540
- security: fixes `Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC` - CVE-2022-23541
- security: fixes `Unrestricted key type could lead to legacy keys usage` - CVE-2022-23539
### [`v8.5.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#851---2019-03-18)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.5.0...v8.5.1)
##### Bug fix
- fix: ensure correct PS signing and verification ([#585](https://redirect.github.com/auth0/node-jsonwebtoken/issues/585)) ([e5874ae428ffc0465e6bd4e660f89f78b56a74a6](https://redirect.github.com/auth0/node-jsonwebtoken/commit/e5874ae428ffc0465e6bd4e660f89f78b56a74a6)), closes [#585](https://redirect.github.com/auth0/node-jsonwebtoken/issues/585)
##### Docs
- README: fix markdown for algorithms table ([84e03ef70f9c44a3aef95a1dc122c8238854f683](https://redirect.github.com/auth0/node-jsonwebtoken/commit/84e03ef70f9c44a3aef95a1dc122c8238854f683))
### [`v8.5.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#850---2019-02-20)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.4.0...v8.5.0)
##### New Functionality
- feat: add PS JWA support for applicable node versions ([#573](https://redirect.github.com/auth0/node-jsonwebtoken/issues/573)) ([eefb9d9c6eec54718fa6e41306bda84788df7bec](https://redirect.github.com/auth0/node-jsonwebtoken/commit/eefb9d9c6eec54718fa6e41306bda84788df7bec)), closes [#573](https://redirect.github.com/auth0/node-jsonwebtoken/issues/573)
- Add complete option in jwt.verify ([#522](https://redirect.github.com/auth0/node-jsonwebtoken/issues/522)) ([8737789dd330cf9e7870f4df97fd52479adbac22](https://redirect.github.com/auth0/node-jsonwebtoken/commit/8737789dd330cf9e7870f4df97fd52479adbac22)), closes [#522](https://redirect.github.com/auth0/node-jsonwebtoken/issues/522)
##### Test Improvements
- Add tests for private claims in the payload ([#555](https://redirect.github.com/auth0/node-jsonwebtoken/issues/555)) ([5147852896755dc1291825e2e40556f964411fb2](https://redirect.github.com/auth0/node-jsonwebtoken/commit/5147852896755dc1291825e2e40556f964411fb2)), closes [#555](https://redirect.github.com/auth0/node-jsonwebtoken/issues/555)
- Force use_strict during testing ([#577](https://redirect.github.com/auth0/node-jsonwebtoken/issues/577)) ([7b60c127ceade36c33ff33be066e435802001c94](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7b60c127ceade36c33ff33be066e435802001c94)), closes [#577](https://redirect.github.com/auth0/node-jsonwebtoken/issues/577)
- Refactor tests related to jti and jwtid ([#544](https://redirect.github.com/auth0/node-jsonwebtoken/issues/544)) ([7eebbc75ab89e01af5dacf2aae90fe05a13a1454](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7eebbc75ab89e01af5dacf2aae90fe05a13a1454)), closes [#544](https://redirect.github.com/auth0/node-jsonwebtoken/issues/544)
- ci: remove nsp from tests ([#569](https://redirect.github.com/auth0/node-jsonwebtoken/issues/569)) ([da8f55c3c7b4dd0bfc07a2df228500fdd050242a](https://redirect.github.com/auth0/node-jsonwebtoken/commit/da8f55c3c7b4dd0bfc07a2df228500fdd050242a)), closes [#569](https://redirect.github.com/auth0/node-jsonwebtoken/issues/569)
##### Docs
- Fix 'cert' token which isn't a cert ([#554](https://redirect.github.com/auth0/node-jsonwebtoken/issues/554)) ([0c24fe68cd2866cea6322016bf993cd897fefc98](https://redirect.github.com/auth0/node-jsonwebtoken/commit/0c24fe68cd2866cea6322016bf993cd897fefc98)), closes [#554](https://redirect.github.com/auth0/node-jsonwebtoken/issues/554)
### [`v8.4.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#840---2018-11-14)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.3.0...v8.4.0)
##### New Functionality
- Add verify option for nonce validation ([#540](https://redirect.github.com/auth0/node-jsonwebtoken/issues/540)) ([e7938f06fdf2ed3aa88745b72b8ae4ee66c2d0d0](https://redirect.github.com/auth0/node-jsonwebtoken/commit/e7938f06fdf2ed3aa88745b72b8ae4ee66c2d0d0)), closes [#540](https://redirect.github.com/auth0/node-jsonwebtoken/issues/540)
##### Bug Fixes
- Updating Node version in Engines spec in package.json ([#528](https://redirect.github.com/auth0/node-jsonwebtoken/issues/528)) ([cfd1079305170a897dee6a5f55039783e6ee2711](https://redirect.github.com/auth0/node-jsonwebtoken/commit/cfd1079305170a897dee6a5f55039783e6ee2711)), closes [#528](https://redirect.github.com/auth0/node-jsonwebtoken/issues/528) [#509](https://redirect.github.com/auth0/node-jsonwebtoken/issues/509)
- Fixed error message when empty string passed as expiresIn or notBefore option ([#531](https://redirect.github.com/auth0/node-jsonwebtoken/issues/531)) ([7f9604ac98d4d0ff8d873c3d2b2ea64bd285cb76](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7f9604ac98d4d0ff8d873c3d2b2ea64bd285cb76)), closes [#531](https://redirect.github.com/auth0/node-jsonwebtoken/issues/531)
##### Docs
- Update README.md ([#527](https://redirect.github.com/auth0/node-jsonwebtoken/issues/527)) ([b76f2a80f5229ee5cde321dd2ff14aa5df16d283](https://redirect.github.com/auth0/node-jsonwebtoken/commit/b76f2a80f5229ee5cde321dd2ff14aa5df16d283)), closes [#527](https://redirect.github.com/auth0/node-jsonwebtoken/issues/527)
- Update README.md ([#538](https://redirect.github.com/auth0/node-jsonwebtoken/issues/538)) ([1956c4006472fd285b8a85074257cbdbe9131cbf](https://redirect.github.com/auth0/node-jsonwebtoken/commit/1956c4006472fd285b8a85074257cbdbe9131cbf)), closes [#538](https://redirect.github.com/auth0/node-jsonwebtoken/issues/538)
- Edited the README.md to make certain parts of the document for the api easier to read, emphasizing the examples. ([#548](https://redirect.github.com/auth0/node-jsonwebtoken/issues/548)) ([dc89a641293d42f72ecfc623ce2eabc33954cb9d](https://redirect.github.com/auth0/node-jsonwebtoken/commit/dc89a641293d42f72ecfc623ce2eabc33954cb9d)), closes [#548](https://redirect.github.com/auth0/node-jsonwebtoken/issues/548)
- Document NotBeforeError ([#529](https://redirect.github.com/auth0/node-jsonwebtoken/issues/529)) ([29cd654b956529e939ae8f8c30b9da7063aad501](https://redirect.github.com/auth0/node-jsonwebtoken/commit/29cd654b956529e939ae8f8c30b9da7063aad501)), closes [#529](https://redirect.github.com/auth0/node-jsonwebtoken/issues/529)
##### Test Improvements
- Use lolex for faking date in tests ([#491](https://redirect.github.com/auth0/node-jsonwebtoken/issues/491)) ([677ead6d64482f2067b11437dda07309abe73cfa](https://redirect.github.com/auth0/node-jsonwebtoken/commit/677ead6d64482f2067b11437dda07309abe73cfa)), closes [#491](https://redirect.github.com/auth0/node-jsonwebtoken/issues/491)
- Update dependencies used for running tests ([#518](https://redirect.github.com/auth0/node-jsonwebtoken/issues/518)) ([5498bdc4865ffb2ba2fd44d889fad7e83873bb33](https://redirect.github.com/auth0/node-jsonwebtoken/commit/5498bdc4865ffb2ba2fd44d889fad7e83873bb33)), closes [#518](https://redirect.github.com/auth0/node-jsonwebtoken/issues/518)
- Minor test refactoring for recently added tests ([#504](https://redirect.github.com/auth0/node-jsonwebtoken/issues/504)) ([e2860a9d2a412627d79741a95bc7159971b923b9](https://redirect.github.com/auth0/node-jsonwebtoken/commit/e2860a9d2a412627d79741a95bc7159971b923b9)), closes [#504](https://redirect.github.com/auth0/node-jsonwebtoken/issues/504)
- Create and implement async/sync test helpers ([#523](https://redirect.github.com/auth0/node-jsonwebtoken/issues/523)) ([683d8a9b31ad6327948f84268bd2c8e4350779d1](https://redirect.github.com/auth0/node-jsonwebtoken/commit/683d8a9b31ad6327948f84268bd2c8e4350779d1)), closes [#523](https://redirect.github.com/auth0/node-jsonwebtoken/issues/523)
- Refactor tests related to audience and aud ([#503](https://redirect.github.com/auth0/node-jsonwebtoken/issues/503)) ([53d405e0223cce7c83cb51ecf290ca6bec1e9679](https://redirect.github.com/auth0/node-jsonwebtoken/commit/53d405e0223cce7c83cb51ecf290ca6bec1e9679)), closes [#503](https://redirect.github.com/auth0/node-jsonwebtoken/issues/503)
- Refactor tests related to expiresIn and exp ([#501](https://redirect.github.com/auth0/node-jsonwebtoken/issues/501)) ([72f0d9e5b11a99082250665d1200c58182903fa6](https://redirect.github.com/auth0/node-jsonwebtoken/commit/72f0d9e5b11a99082250665d1200c58182903fa6)), closes [#501](https://redirect.github.com/auth0/node-jsonwebtoken/issues/501)
- Refactor tests related to iat and maxAge ([#507](https://redirect.github.com/auth0/node-jsonwebtoken/issues/507)) ([877bd57ab2aca9b7d230805b21f921baed3da169](https://redirect.github.com/auth0/node-jsonwebtoken/commit/877bd57ab2aca9b7d230805b21f921baed3da169)), closes [#507](https://redirect.github.com/auth0/node-jsonwebtoken/issues/507)
- Refactor tests related to iss and issuer ([#543](https://redirect.github.com/auth0/node-jsonwebtoken/issues/543)) ([0906a3fa80f52f959ac1b6343d3024ce5c7e9dea](https://redirect.github.com/auth0/node-jsonwebtoken/commit/0906a3fa80f52f959ac1b6343d3024ce5c7e9dea)), closes [#543](https://redirect.github.com/auth0/node-jsonwebtoken/issues/543)
- Refactor tests related to kid and keyid ([#545](https://redirect.github.com/auth0/node-jsonwebtoken/issues/545)) ([88645427a0adb420bd3e149199a2a6bf1e17277e](https://redirect.github.com/auth0/node-jsonwebtoken/commit/88645427a0adb420bd3e149199a2a6bf1e17277e)), closes [#545](https://redirect.github.com/auth0/node-jsonwebtoken/issues/545)
- Refactor tests related to notBefore and nbf ([#497](https://redirect.github.com/auth0/node-jsonwebtoken/issues/497)) ([39adf87a6faef3df984140f88e6724ddd709fd89](https://redirect.github.com/auth0/node-jsonwebtoken/commit/39adf87a6faef3df984140f88e6724ddd709fd89)), closes [#497](https://redirect.github.com/auth0/node-jsonwebtoken/issues/497)
- Refactor tests related to subject and sub ([#505](https://redirect.github.com/auth0/node-jsonwebtoken/issues/505)) ([5a7fa23c0b4ac6c25304dab8767ef840b43a0eca](https://redirect.github.com/auth0/node-jsonwebtoken/commit/5a7fa23c0b4ac6c25304dab8767ef840b43a0eca)), closes [#505](https://redirect.github.com/auth0/node-jsonwebtoken/issues/505)
- Implement async/sync tests for exp claim ([#536](https://redirect.github.com/auth0/node-jsonwebtoken/issues/536)) ([9ae3f207ac64b7450ea0a3434418f5ca58d8125e](https://redirect.github.com/auth0/node-jsonwebtoken/commit/9ae3f207ac64b7450ea0a3434418f5ca58d8125e)), closes [#536](https://redirect.github.com/auth0/node-jsonwebtoken/issues/536)
- Implement async/sync tests for nbf claim ([#537](https://redirect.github.com/auth0/node-jsonwebtoken/issues/537)) ([88bc965061ed65299a395f42a100fb8f8c3c683e](https://redirect.github.com/auth0/node-jsonwebtoken/commit/88bc965061ed65299a395f42a100fb8f8c3c683e)), closes [#537](https://redirect.github.com/auth0/node-jsonwebtoken/issues/537)
- Implement async/sync tests for sub claim ([#534](https://redirect.github.com/auth0/node-jsonwebtoken/issues/534)) ([342b07bb105a35739eb91265ba5b9dd33c300fc6](https://redirect.github.com/auth0/node-jsonwebtoken/commit/342b07bb105a35739eb91265ba5b9dd33c300fc6)), closes [#534](https://redirect.github.com/auth0/node-jsonwebtoken/issues/534)
- Implement async/sync tests for the aud claim ([#535](https://redirect.github.com/auth0/node-jsonwebtoken/issues/535)) ([1c8ff5a68e6da73af2809c9d87faaf78602c99bb](https://redirect.github.com/auth0/node-jsonwebtoken/commit/1c8ff5a68e6da73af2809c9d87faaf78602c99bb)), closes [#535](https://redirect.github.com/auth0/node-jsonwebtoken/issues/535)
##### CI
- Added Istanbul to check test-coverage ([#468](https://redirect.github.com/auth0/node-jsonwebtoken/issues/468)) ([9676a8306428a045e34c3987bd0680fb952b44e3](https://redirect.github.com/auth0/node-jsonwebtoken/commit/9676a8306428a045e34c3987bd0680fb952b44e3)), closes [#468](https://redirect.github.com/auth0/node-jsonwebtoken/issues/468)
- Complete ESLint conversion and cleanup ([#490](https://redirect.github.com/auth0/node-jsonwebtoken/issues/490)) ([cb1d2e1e40547f7ecf29fa6635041df6cbba7f40](https://redirect.github.com/auth0/node-jsonwebtoken/commit/cb1d2e1e40547f7ecf29fa6635041df6cbba7f40)), closes [#490](https://redirect.github.com/auth0/node-jsonwebtoken/issues/490)
- Make code-coverage mandatory when running tests ([#495](https://redirect.github.com/auth0/node-jsonwebtoken/issues/495)) ([fb0084a78535bfea8d0087c0870e7e3614a2cbe5](https://redirect.github.com/auth0/node-jsonwebtoken/commit/fb0084a78535bfea8d0087c0870e7e3614a2cbe5)), closes [#495](https://redirect.github.com/auth0/node-jsonwebtoken/issues/495)
### [`v8.3.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#830---2018-06-11)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.2.2...v8.3.0)
- docs: add some clarifications ([#473](https://redirect.github.com/auth0/node-jsonwebtoken/issues/473)) ([cd33cc81f06068b9df6c224d300dc6f70d8904ab](https://redirect.github.com/auth0/node-jsonwebtoken/commit/cd33cc81f06068b9df6c224d300dc6f70d8904ab)), closes [#473](https://redirect.github.com/auth0/node-jsonwebtoken/issues/473)
- ci: fix ci execution, remove not needed script ([#472](https://redirect.github.com/auth0/node-jsonwebtoken/issues/472)) ([c8ff7b2c3ffcd954a64a0273c20a7d1b22339aa5](https://redirect.github.com/auth0/node-jsonwebtoken/commit/c8ff7b2c3ffcd954a64a0273c20a7d1b22339aa5)), closes [#472](https://redirect.github.com/auth0/node-jsonwebtoken/issues/472)
- new feature: Secret callback revisited ([#480](https://redirect.github.com/auth0/node-jsonwebtoken/issues/480)) ([d01cc7bcbdeb606d997a580f967b3169fcc622ba](https://redirect.github.com/auth0/node-jsonwebtoken/commit/d01cc7bcbdeb606d997a580f967b3169fcc622ba)), closes [#480](https://redirect.github.com/auth0/node-jsonwebtoken/issues/480)
- docs:Update README.md ([#461](https://redirect.github.com/auth0/node-jsonwebtoken/issues/461)) ([f0e0954505f274da95a8d9603598e455b4d2c894](https://redirect.github.com/auth0/node-jsonwebtoken/commit/f0e0954505f274da95a8d9603598e455b4d2c894)), closes [#461](https://redirect.github.com/auth0/node-jsonwebtoken/issues/461)
### [`v8.2.2`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#822---2018-05-30)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.2.1...v8.2.2)
- security: deps: jws@3.1.5 ([#477](https://redirect.github.com/auth0/node-jsonwebtoken/issues/477)) ([ebde9b7cc75cb7ab5176de7ebc4a1d6a8f05bd51](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ebde9b7cc75cb7ab5176de7ebc4a1d6a8f05bd51)), closes [#465](https://redirect.github.com/auth0/node-jsonwebtoken/issues/465)
- docs: add some clarifications ([#473](https://redirect.github.com/auth0/node-jsonwebtoken/issues/473)) ([cd33cc81f06068b9df6c224d300dc6f70d8904ab](https://redirect.github.com/auth0/node-jsonwebtoken/commit/cd33cc81f06068b9df6c224d300dc6f70d8904ab)), closes [#473](https://redirect.github.com/auth0/node-jsonwebtoken/issues/473)
- ci: fix ci execution, remove not needed script ([#472](https://redirect.github.com/auth0/node-jsonwebtoken/issues/472)) ([c8ff7b2c3ffcd954a64a0273c20a7d1b22339aa5](https://redirect.github.com/auth0/node-jsonwebtoken/commit/c8ff7b2c3ffcd954a64a0273c20a7d1b22339aa5)), closes [#472](https://redirect.github.com/auth0/node-jsonwebtoken/issues/472)
- docs: Update README.md ([#461](https://redirect.github.com/auth0/node-jsonwebtoken/issues/461)) ([f0e0954505f274da95a8d9603598e455b4d2c894](https://redirect.github.com/auth0/node-jsonwebtoken/commit/f0e0954505f274da95a8d9603598e455b4d2c894)), closes [#461](https://redirect.github.com/auth0/node-jsonwebtoken/issues/461)
### [`v8.2.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#821---2018-04-05)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.2.0...v8.2.1)
- bug fix: Check payload is not null when decoded. ([#444](https://redirect.github.com/auth0/node-jsonwebtoken/issues/444)) ([1232ae9352ce5fd1ca6c593291ce6ad0834a1ff5](https://redirect.github.com/auth0/node-jsonwebtoken/commit/1232ae9352ce5fd1ca6c593291ce6ad0834a1ff5))
- docs: Clarify that buffer/string payloads must be JSON ([#442](https://redirect.github.com/auth0/node-jsonwebtoken/issues/442)) ([e8ac1be7565a3fd986d40cb5e31a9f6c4d9aed1b](https://redirect.github.com/auth0/node-jsonwebtoken/commit/e8ac1be7565a3fd986d40cb5e31a9f6c4d9aed1b))
### [`v8.2.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#820---2018-03-02)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.1.1...v8.2.0)
- Add a new mutatePayload option ([#446](https://redirect.github.com/auth0/node-jsonwebtoken/issues/446)) ([d6d7c5e5103f05a92d3633ac190d3025a0455be0](https://redirect.github.com/auth0/node-jsonwebtoken/commit/d6d7c5e5103f05a92d3633ac190d3025a0455be0))
### [`v8.1.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#811---2018-01-22)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.1.0...v8.1.1)
- ci: add newer node versions to build matrix ([#428](https://redirect.github.com/auth0/node-jsonwebtoken/issues/428)) ([83f3eee44e122da06f812d7da4ace1fa26c24d9d](https://redirect.github.com/auth0/node-jsonwebtoken/commit/83f3eee44e122da06f812d7da4ace1fa26c24d9d))
- deps: Bump ms version to add support for negative numbers ([#438](https://redirect.github.com/auth0/node-jsonwebtoken/issues/438)) ([25e0e624545eaef76f3c324a134bf103bc394724](https://redirect.github.com/auth0/node-jsonwebtoken/commit/25e0e624545eaef76f3c324a134bf103bc394724))
- docs: Minor typo ([#424](https://redirect.github.com/auth0/node-jsonwebtoken/issues/424)) ([dddcb73ac05de11b81feeb629f6cf78dd03d2047](https://redirect.github.com/auth0/node-jsonwebtoken/commit/dddcb73ac05de11b81feeb629f6cf78dd03d2047))
- bug fix: Not Before (nbf) calculated based on iat/timestamp ([#437](https://redirect.github.com/auth0/node-jsonwebtoken/issues/437)) ([2764a64908d97c043d62eba0bf6c600674f9a6d6](https://redirect.github.com/auth0/node-jsonwebtoken/commit/2764a64908d97c043d62eba0bf6c600674f9a6d6)), closes [#435](https://redirect.github.com/auth0/node-jsonwebtoken/issues/435)
### [`v8.1.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#810---2017-10-09)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.0.1...v8.1.0)
- [#402](https://redirect.github.com/auth0/node-jsonwebtoken/issues/402): Don't fail if captureStackTrace is not a function ([#410](https://redirect.github.com/auth0/node-jsonwebtoken/issues/410)) ([77ee965d9081faaf21650f266399f203f69533c5](https://redirect.github.com/auth0/node-jsonwebtoken/commit/77ee965d9081faaf21650f266399f203f69533c5))
- [#403](https://redirect.github.com/auth0/node-jsonwebtoken/issues/403): Clarify error wording for "Expected object" error. ([#409](https://redirect.github.com/auth0/node-jsonwebtoken/issues/409)) ([bb27eb346f0ff675a320b2de16b391a7cfeadc58](https://redirect.github.com/auth0/node-jsonwebtoken/commit/bb27eb346f0ff675a320b2de16b391a7cfeadc58))
- Enhance audience check to verify against regular expressions ([#398](https://redirect.github.com/auth0/node-jsonwebtoken/issues/398)) ([81501a17da230af7b74a3f7535ab5cd3a19c8315](https://redirect.github.com/auth0/node-jsonwebtoken/commit/81501a17da230af7b74a3f7535ab5cd3a19c8315))
### [`v8.0.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#801---2017-09-12)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.0.0...v8.0.1)
- Remove `lodash.isarray` dependency ([#394](https://redirect.github.com/auth0/node-jsonwebtoken/issues/394)) ([7508e8957cb1c778f72fa9a363a7b135b3c9c36d](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7508e8957cb1c778f72fa9a363a7b135b3c9c36d))
### [`v8.0.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#800---2017-09-06)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.4.3...v8.0.0)
**Breaking changes: See [Migration notes from v7](https://redirect.github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v7-to-v8)**
- docs: readme, migration notes ([12cd8f7f47224f904f6b8f39d1dee73775de4f6f](https://redirect.github.com/auth0/node-jsonwebtoken/commit/12cd8f7f47224f904f6b8f39d1dee73775de4f6f))
- verify: remove process.nextTick ([#302](https://redirect.github.com/auth0/node-jsonwebtoken/issues/302)) ([3305cf04e3f674b9fb7e27c9b14ddd159650ff82](https://redirect.github.com/auth0/node-jsonwebtoken/commit/3305cf04e3f674b9fb7e27c9b14ddd159650ff82))
- Reduce size of NPM package ([#347](https://redirect.github.com/auth0/node-jsonwebtoken/issues/347)) ([0be5409ac6592eeaae373dce91ec992fa101bd8a](https://redirect.github.com/auth0/node-jsonwebtoken/commit/0be5409ac6592eeaae373dce91ec992fa101bd8a))
- Remove joi to shrink module size ([#348](https://redirect.github.com/auth0/node-jsonwebtoken/issues/348)) ([2e7e68dbd59e845cdd940afae0a296f48438445f](https://redirect.github.com/auth0/node-jsonwebtoken/commit/2e7e68dbd59e845cdd940afae0a296f48438445f))
- maxAge: Add validation to timespan result ([66a4f8b996c8357727ce62a84605a005b2f5eb18](https://redirect.github.com/auth0/node-jsonwebtoken/commit/66a4f8b996c8357727ce62a84605a005b2f5eb18))
### [`v7.4.3`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#743---2017-08-17)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.4.2...v7.4.3)
- Fix breaking change on 7.4.2 for empty secret + "none" algorithm (sync code style) ([PR 386](https://redirect.github.com/auth0/node-jsonwebtoken/pull/386))
### [`v7.4.2`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#742---2017-08-04)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.4.1...v7.4.2)
- bugfix: sign: add check to be sure secret has a value ([c584d1cbc34b788977b36f17cd57ab2212f1230e](https://redirect.github.com/auth0/node-jsonwebtoken/commit/c584d1cbc34b788977b36f17cd57ab2212f1230e))
- docs: about refreshing tokens ([016fc10b847bfbb76b82171cb530f32d7da2001b](https://redirect.github.com/auth0/node-jsonwebtoken/commit/016fc10b847bfbb76b82171cb530f32d7da2001b))
- docs: verifying with base64 encoded secrets ([c25e9906801f89605080cc71b3ee23a5e45a5811](https://redirect.github.com/auth0/node-jsonwebtoken/commit/c25e9906801f89605080cc71b3ee23a5e45a5811))
- tests: Add tests for ES256 ([89900ea00735f76b04f437c9f542285b420fa9cb](https://redirect.github.com/auth0/node-jsonwebtoken/commit/89900ea00735f76b04f437c9f542285b420fa9cb))
- docs: document keyid as option ([#361](https://redirect.github.com/auth0/node-jsonwebtoken/issues/361)) ([00086c2c006d7fc1a47bae02fa87d194d79aa558](https://redirect.github.com/auth0/node-jsonwebtoken/commit/00086c2c006d7fc1a47bae02fa87d194d79aa558))
- docs: readme: Using private key with passpharase ([#353](https://redirect.github.com/auth0/node-jsonwebtoken/issues/353)) ([27a7f1d4f35b662426ff0270526d48658da4c8b7](https://redirect.github.com/auth0/node-jsonwebtoken/commit/27a7f1d4f35b662426ff0270526d48658da4c8b7))
### [`v7.4.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#741---2017-05-17)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.4.0...v7.4.1)
- bump ms to v2 due a ReDoS vulnerability ([#352](https://redirect.github.com/auth0/node-jsonwebtoken/issues/352)) ([adcfd6ae4088c838769d169f8cd9154265aa13e0](https://redirect.github.com/auth0/node-jsonwebtoken/commit/adcfd6ae4088c838769d169f8cd9154265aa13e0))
### [`v7.4.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#740---2017-04-24)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.3.0...v7.4.0)
- Add docs about numeric date fields ([659f73119900a4d837650d9b3f5af4e64a2f843b](https://redirect.github.com/auth0/node-jsonwebtoken/commit/659f73119900a4d837650d9b3f5af4e64a2f843b))
- Make Options object optional for callback-ish sign ([e202c4fd00c35a24e9ab606eab89186ade13d0cc](https://redirect.github.com/auth0/node-jsonwebtoken/commit/e202c4fd00c35a24e9ab606eab89186ade13d0cc))
### [`v7.3.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#730---2017-02-13)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.2.1...v7.3.0)
- Add more information to `maxAge` option in README ([1b0592e99cc8def293eed177e2575fa7f1cf7aa5](https://redirect.github.com/auth0/node-jsonwebtoken/commit/1b0592e99cc8def293eed177e2575fa7f1cf7aa5))
- Add `clockTimestamp` option to `verify()` you can set the current time in seconds with it ([#274](https://redirect.github.com/auth0/node-jsonwebtoken/issues/274)) ([8fdc1504f4325e7003894ffea078da9cba5208d9](https://redirect.github.com/auth0/node-jsonwebtoken/commit/8fdc1504f4325e7003894ffea078da9cba5208d9))
- Fix handling non string tokens on `verify()` input ([#305](https://redirect.github.com/auth0/node-jsonwebtoken/issues/305)) ([1b6ec8d466504f58c5a6e2dae3360c828bad92fb](https://redirect.github.com/auth0/node-jsonwebtoken/commit/1b6ec8d466504f58c5a6e2dae3360c828bad92fb)), closes [#305](https://redirect.github.com/auth0/node-jsonwebtoken/issues/305)
- Fixed a simple typo in docs ([#287](https://redirect.github.com/auth0/node-jsonwebtoken/issues/287)) ([a54240384e24e18c00e75884295306db311d0cb7](https://redirect.github.com/auth0/node-jsonwebtoken/commit/a54240384e24e18c00e75884295306db311d0cb7)), closes [#287](https://redirect.github.com/auth0/node-jsonwebtoken/issues/287)
- Raise jws.decode error to avoid confusion with "invalid token" error ([#294](https://redirect.github.com/auth0/node-jsonwebtoken/issues/294)) ([7f68fe06c88d5c5653785bd66bc68c5b20e1bd8e](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7f68fe06c88d5c5653785bd66bc68c5b20e1bd8e))
- rauchg/ms.js changed to zeit/ms ([#303](https://redirect.github.com/auth0/node-jsonwebtoken/issues/303)) ([35d84152a6b716d757cb5b1dd3c79fe3a1bc0628](https://redirect.github.com/auth0/node-jsonwebtoken/commit/35d84152a6b716d757cb5b1dd3c79fe3a1bc0628))
### [`v7.2.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#721---2016-12-07)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.2.0...v7.2.1)
- add nsp check to find vulnerabilities on npm test ([4219c34b5346811c07f520f10516cc495bcc70dd](https://redirect.github.com/auth0/node-jsonwebtoken/commit/4219c34b5346811c07f520f10516cc495bcc70dd))
- revert to joi@^6 to keep ES5 compatibility ([51d4796c07344bf817687f7ccfeef78f00bf5b4f](https://redirect.github.com/auth0/node-jsonwebtoken/commit/51d4796c07344bf817687f7ccfeef78f00bf5b4f))
### [`v7.2.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#720---2016-12-06)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.10...v7.2.0)
- improve the documentation for expiration ([771e0b5f9bed90771fb79140eb38e51a3ecac8f0](https://redirect.github.com/auth0/node-jsonwebtoken/commit/771e0b5f9bed90771fb79140eb38e51a3ecac8f0))
- Restructured a sentence ([ccc7610187a862f7a50177eadc9152eef26cd065](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ccc7610187a862f7a50177eadc9152eef26cd065))
- Allow `keyid` on `sign`. ([b412be91b89acb3a742bb609d3b54e47e1dfc441](https://redirect.github.com/auth0/node-jsonwebtoken/commit/b412be91b89acb3a742bb609d3b54e47e1dfc441))
- upgrade joi ([715e3d928023d414d45c6dc3f096a7c8448139ae](https://redirect.github.com/auth0/node-jsonwebtoken/commit/715e3d928023d414d45c6dc3f096a7c8448139ae))
- upgrade to latest nodes and Travis infrastructure ([3febcc1dd23ecdec1abbf89313959941d15eb47a](https://redirect.github.com/auth0/node-jsonwebtoken/commit/3febcc1dd23ecdec1abbf89313959941d15eb47a))
### [`v7.1.10`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#7110---2016-12-06)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.9...v7.1.10)
- Bump node-jws version number ([07813dd7194630c9f452684279178af76464a759](https://redirect.github.com/auth0/node-jsonwebtoken/commit/07813dd7194630c9f452684279178af76464a759))
- improve the documentation for expiration ([771e0b5f9bed90771fb79140eb38e51a3ecac8f0](https://redirect.github.com/auth0/node-jsonwebtoken/commit/771e0b5f9bed90771fb79140eb38e51a3ecac8f0))
### [`v7.1.9`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#719---2016-08-11)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.8...v7.1.9)
- Revert "Merge branch 'venatir-master'" ([d06359ef3b4e619680e043ee7c16adda16598f52](https://redirect.github.com/auth0/node-jsonwebtoken/commit/d06359ef3b4e619680e043ee7c16adda16598f52))
### [`v7.1.8`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#718---2016-08-10)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.7...v7.1.8)
- Fixed tests, however typ: 'JWT' should not be in the options at all, so please review other tests ([01903bcdc61b4ed429acbbd1fe0ffe0db364473b](https://redirect.github.com/auth0/node-jsonwebtoken/commit/01903bcdc61b4ed429acbbd1fe0ffe0db364473b))
- Removing unnecessary extra decoding. jwtString is already verified as valid and signature checked ([55d5834f7b637011e1d8b927ff78a92a5fd521cf](https://redirect.github.com/auth0/node-jsonwebtoken/commit/55d5834f7b637011e1d8b927ff78a92a5fd521cf))
- update changelog ([5117aacd0118a10331889a64e61d8186112d8a23](https://redirect.github.com/auth0/node-jsonwebtoken/commit/5117aacd0118a10331889a64e61d8186112d8a23))
### [`v7.1.7`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#717---2016-07-29)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.6...v7.1.7)
- Use lodash.once instead of unlicensed/unmaintained cb ([3ac95ad93ef3068a64e03d8d14deff231b1ed529](https://redirect.github.com/auth0/node-jsonwebtoken/commit/3ac95ad93ef3068a64e03d8d14deff231b1ed529))
### [`v7.1.6`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#716---2016-07-15)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.5...v7.1.6)
- fix issue with buffer payload. closes [#216](https://redirect.github.com/auth0/node-jsonwebtoken/issues/216) ([6b50ff324b4dfd2cb0e49b666f14a6672d015b22](https://redirect.github.com/auth0/node-jsonwebtoken/commit/6b50ff324b4dfd2cb0e49b666f14a6672d015b22)), closes [#216](https://redirect.github.com/auth0/node-jsonwebtoken/issues/216)
### [`v7.1.5`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#715---2016-07-15)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.3...v7.1.5)
- update jws in package.json ([b6260951eefc68aae5f4ede359210761f901ff7a](https://redirect.github.com/auth0/node-jsonwebtoken/commit/b6260951eefc68aae5f4ede359210761f901ff7a))
### [`v7.1.3`](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.1...v7.1.3)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.1...v7.1.3)
### [`v7.1.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#7110---2016-12-06)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.0...v7.1.1)
- Bump node-jws version number ([07813dd7194630c9f452684279178af76464a759](https://redirect.github.com/auth0/node-jsonwebtoken/commit/07813dd7194630c9f452684279178af76464a759))
- improve the documentation for expiration ([771e0b5f9bed90771fb79140eb38e51a3ecac8f0](https://redirect.github.com/auth0/node-jsonwebtoken/commit/771e0b5f9bed90771fb79140eb38e51a3ecac8f0))
### [`v7.1.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#710---2016-07-12)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.0.1...v7.1.0)
- Exp calculated based on iat. fix [#217](https://redirect.github.com/auth0/node-jsonwebtoken/issues/217) ([757a16e0e35ad19f9e456820f55d5d9f3fc76aee](https://redirect.github.com/auth0/node-jsonwebtoken/commit/757a16e0e35ad19f9e456820f55d5d9f3fc76aee)), closes [#217](https://redirect.github.com/auth0/node-jsonwebtoken/issues/217)
### [`v7.0.1`](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.0.0...v7.0.1)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.0.0...v7.0.1)
### [`v7.0.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#700---2016-05-19)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v6.2.0...v7.0.0)
- change jwt.sign to return errors on callback instead of throwing errors ([1e46c5a42aa3dab8478efa4081d8f8f5c5485d56](https://redirect.github.com/auth0/node-jsonwebtoken/commit/1e46c5a42aa3dab8478efa4081d8f8f5c5485d56))
### [`v6.2.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#620---2016-04-29)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v6.1.2...v6.2.0)
- add support for `options.clockTolerance` to `jwt.verify` ([65ddea934f226bf06bc9d6a55be9587515cfc38d](https://redirect.github.com/auth0/node-jsonwebtoken/commit/65ddea934f226bf06bc9d6a55be9587515cfc38d))
### [`v6.1.2`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#612---2016-04-29)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v6.1.1...v6.1.2)
- fix sign method for node.js 0.12. closes [#193](https://redirect.github.com/auth0/node-jsonwebtoken/issues/193) ([9c38374142d3929be3c9314b5e9bc5d963c5955f](https://redirect.github.com/auth0/node-jsonwebtoken/commit/9c38374142d3929be3c9314b5e9bc5d963c5955f)), closes [#193](https://redirect.github.com/auth0/node-jsonwebtoken/issues/193)
- improve async test ([7b0981380ddc40a5f1208df520631785b5ffb85a](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7b0981380ddc40a5f1208df520631785b5ffb85a))
### [`v6.1.1`](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v6.1.0...v6.1.1)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v6.1.0...v6.1.1)
### [`v6.1.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#610---2016-04-27)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v6.0.1...v6.1.0)
- verify unsigned tokens ([ec880791c10ed5ef7c8df7bf28ebb95c810479ed](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ec880791c10ed5ef7c8df7bf28ebb95c810479ed))
### [`v6.0.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#601---2016-04-27)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v6.0.0...v6.0.1)
This was an immediate change after publishing 6.0.0.
- throw error on invalid options when the payload is not an object ([304f1b33075f79ed66f784e27dc4f5307aa39e27](https://redirect.github.com/auth0/node-jsonwebtoken/commit/304f1b33075f79ed66f784e27dc4f5307aa39e27))
### [`v6.0.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#600---2016-04-27)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.7.0...v6.0.0)
- Change .sign to standard async callback ([50873c7d45d2733244d5da8afef3d1872e657a60](https://redirect.github.com/auth0/node-jsonwebtoken/commit/50873c7d45d2733244d5da8afef3d1872e657a60))
- Improved the options for the `sign` method ([53c3987b3cc34e95eb396b26fc9b051276e2f6f9](https://redirect.github.com/auth0/node-jsonwebtoken/commit/53c3987b3cc34e95eb396b26fc9b051276e2f6f9))
- throw error on invalid options like `expiresIn` when the payload is not an object ([304f1b33075f79ed66f784e27dc4f5307aa39e27](https://redirect.github.com/auth0/node-jsonwebtoken/commit/304f1b33075f79ed66f784e27dc4f5307aa39e27))
- `expiresInMinutes` and `expiresInSeconds` are deprecated and no longer supported.
- `notBeforeInMinutes` and `notBeforeInSeconds` are deprecated and no longer supported.
- `options` are strongly validated.
- `options.expiresIn`, `options.notBefore`, `options.audience`, `options.issuer`, `options.subject` and `options.jwtid` are mutually exclusive with `payload.exp`, `payload.nbf`, `payload.aud`, `payload.iss`
- `options.algorithm` is properly validated.
- `options.headers` is renamed to `options.header`.
- update CHANGELOG to reflect most of the changes. closes [#136](https://redirect.github.com/auth0/node-jsonwebtoken/issues/136) ([b87a1a8d2e2533fbfab518765a54f00077918eb7](https://redirect.github.com/auth0/node-jsonwebtoken/commit/b87a1a8d2e2533fbfab518765a54f00077918eb7)), closes [#136](https://redirect.github.com/auth0/node-jsonwebtoken/issues/136)
- update readme ([53a88ecf4494e30e1d62a1cf3cc354650349f486](https://redirect.github.com/auth0/node-jsonwebtoken/commit/53a88ecf4494e30e1d62a1cf3cc354650349f486))
### [`v5.7.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#570---2016-02-16)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.6.2...v5.7.0)
- add support for validating multiples issuers. closes [#163](https://redirect.github.com/auth0/node-jsonwebtoken/issues/163) ([39d9309ae05648dbd72e5fd1993df064ad0e8fa5](https://redirect.github.com/auth0/node-jsonwebtoken/commit/39d9309ae05648dbd72e5fd1993df064ad0e8fa5)), closes [#163](https://redirect.github.com/auth0/node-jsonwebtoken/issues/163)
### [`v5.6.2`](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.6.0...v5.6.2)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.6.0...v5.6.2)
### [`v5.6.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#560---2016-02-16)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.5.4...v5.6.0)
- added missing validations of sub and jti ([a1affe960d0fc52e9042bcbdedb65734f8855580](https://redirect.github.com/auth0/node-jsonwebtoken/commit/a1affe960d0fc52e9042bcbdedb65734f8855580))
- Fix tests in jwt.rs.tests.js which causes 4 to fail ([8aedf2b1f575b0d9575c1fc9f2ac7bc868f75ff1](https://redirect.github.com/auth0/node-jsonwebtoken/commit/8aedf2b1f575b0d9575c1fc9f2ac7bc868f75ff1))
- Update README.md ([349b7cd00229789b138928ca060d3ef015aedaf9](https://redirect.github.com/auth0/node-jsonwebtoken/commit/349b7cd00229789b138928ca060d3ef015aedaf9))
### [`v5.5.4`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#554---2016-01-04)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.5.3...v5.5.4)
- minor ([46552e7c45025c76e3f647680d7539a66bfac612](https://redirect.github.com/auth0/node-jsonwebtoken/commit/46552e7c45025c76e3f647680d7539a66bfac612))
### [`v5.5.3`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#553---2016-01-04)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.5.2...v5.5.3)
- add a console.warn on invalid options for string payloads ([71200f14deba0533d3261266348338fac2d14661](https://redirect.github.com/auth0/node-jsonwebtoken/commit/71200f14deba0533d3261266348338fac2d14661))
- minor ([65b1f580382dc58dd3da6f47a52713776fd7cdf2](https://redirect.github.com/auth0/node-jsonwebtoken/commit/65b1f580382dc58dd3da6f47a52713776fd7cdf2))
### [`v5.5.2`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#552---2016-01-04)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.5.1...v5.5.2)
- fix signing method with sealed objects, do not modify the params object. closes [#147](https://redirect.github.com/auth0/node-jsonwebtoken/issues/147) ([be9c09af83b09c9e72da8b2c6166fa51d92aeab6](https://redirect.github.com/auth0/node-jsonwebtoken/commit/be9c09af83b09c9e72da8b2c6166fa51d92aeab6)), closes [#147](https://redirect.github.com/auth0/node-jsonwebtoken/issues/147)
### [`v5.5.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#551---2016-01-04)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.5.0...v5.5.1)
- fix nbf verification. fix [#152](https://redirect.github.com/auth0/node-jsonwebtoken/issues/152) ([786d37b299c67771b5e71a2ca476666ab0f97d98](https://redirect.github.com/auth0/node-jsonwebtoken/commit/786d37b299c67771b5e71a2ca476666ab0f97d98)), closes [#152](https://redirect.github.com/auth0/node-jsonwebtoken/issues/152)
### [`v5.5.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#550---2015-12-28)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/eb272d6da05b7d19d24a5e749cf026ac2b413abf...v5.5.0)
- improvements to nbf and jti claims ([46372e928f6d2e7398f9b88022ca617d2a3b0699](https://redirect.github.com/auth0/node-jsonwebtoken/commit/46372e928f6d2e7398f9b88022ca617d2a3b0699))
- Remove duplicate payload line (fix bug in IE strict mode) ([8163d698e0c5ad8c44817a5dcd42a15d7e9c6bc8](https://redirect.github.com/auth0/node-jsonwebtoken/commit/8163d698e0c5ad8c44817a5dcd42a15d7e9c6bc8))
- Remove duplicate require('ms') line ([7c00bcbcbf8f7503a1070b394a165eccd41de66f](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7c00bcbcbf8f7503a1070b394a165eccd41de66f))
- Update README to reflect addition of async sign ([d661d4b6f68eb417834c99b36769444723041ccf](https://redirect.github.com/auth0/node-jsonwebtoken/commit/d661d4b6f68eb417834c99b36769444723041ccf))
### [`v5.4.1`](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.4.0...eb272d6da05b7d19d24a5e749cf026ac2b413abf)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.4.0...eb272d6da05b7d19d24a5e749cf026ac2b413abf)
### [`v5.4.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#540---2015-10-02)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.3.1...v5.4.0)
- deprecate expireInMinutes and expireInSeconds - in favor of expiresIn ([39ecc6f8f310f8462e082f1d53de0b4222b29b6f](https://redirect.github.com/auth0/node-jsonwebtoken/commit/39ecc6f8f310f8462e082f1d53de0b4222b29b6f))
### [`v5.3.1`](https://redirect.github.com/auth0/node-jsonwebtoken/compare/7e8292e768bd3865d10dad333e6bb750a64dda7e...v5.3.1)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/7e8292e768bd3865d10dad333e6bb750a64dda7e...v5.3.1)
### [`v5.2.0`](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.1.0...7e8292e768bd3865d10dad333e6bb750a64dda7e)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.1.0...7e8292e768bd3865d10dad333e6bb750a64dda7e)
### [`v5.1.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#510---2015-10-02)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.0.5...v5.1.0)
- added async signing ([9414fbcb15a1f9cf4fe147d070e9424c547dabba](https://redirect.github.com/auth0/node-jsonwebtoken/commit/9414fbcb15a1f9cf4fe147d070e9424c547dabba))
- Update README.md ([40b2aaaa843442dfb8ee7b574f0a788177e7c904](https://redirect.github.com/auth0/node-jsonwebtoken/commit/40b2aaaa843442dfb8ee7b574f0a788177e7c904))
### [`v5.0.5`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#505---2015-08-19)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.0.4...v5.0.5)
- add ms dep to package.json ([f13b3fb7f29dff787e7c91ebe2eb5adeeb05f251](https://redirect.github.com/auth0/node-jsonwebtoken/commit/f13b3fb7f29dff787e7c91ebe2eb5adeeb05f251))
- add note to explain, related to [#96](https://redirect.github.com/auth0/node-jsonwebtoken/issues/96) [#101](https://redirect.github.com/auth0/node-jsonwebtoken/issues/101) [#6](https://redirect.github.com/auth0/node-jsonwebtoken/issues/6) ([dd8969e0e6ed0bcb9cae905d2b1a96476bd85da3](https://redirect.github.com/auth0/node-jsonwebtoken/commit/dd8969e0e6ed0bcb9cae905d2b1a96476bd85da3))
- add tests for options.headers ([7787dd74e705787c39a871ca29c75a2e0a3948ac](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7787dd74e705787c39a871ca29c75a2e0a3948ac))
- add tests for verify expires ([d7c5793d98c300603440ab460c11665f661ad3a0](https://redirect.github.com/auth0/node-jsonwebtoken/commit/d7c5793d98c300603440ab460c11665f661ad3a0))
- add verify option maxAge (with tests) ([49d54e54f7e70b1c53a2e4ee67e116c907d75319](https://redirect.github.com/auth0/node-jsonwebtoken/commit/49d54e54f7e70b1c53a2e4ee67e116c907d75319))
- fix spelling error in error message ([8078b11b224fa05ac9003ca5aa2c85e9f0128cfb](https://redirect.github.com/auth0/node-jsonwebtoken/commit/8078b11b224fa05ac9003ca5aa2c85e9f0128cfb))
- Fix typo options.header is not a documented option + ([5feaa5b962ccbddeff054817a410f7b0c1e6ce7f](https://redirect.github.com/auth0/node-jsonwebtoken/commit/5feaa5b962ccbddeff054817a410f7b0c1e6ce7f))
- update JWT spec link. closes [#112](https://redirect.github.com/auth0/node-jsonwebtoken/issues/112) ([f5fa50f797456a12240589161835c7ea30807195](https://redirect.github.com/auth0/node-jsonwebtoken/commit/f5fa50f797456a12240589161835c7ea30807195)), closes [#112](https://redirect.github.com/auth0/node-jsonwebtoken/issues/112)
### [`v5.0.4`](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.0.3...v5.0.4)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.0.3...v5.0.4)
### [`v5.0.3`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#503---2015-07-15)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.0.2...v5.0.3)
- Added nbf support ([f26ba4e2fa197a20497632b63ffcd13ae93aacc4](https://redirect.github.com/auth0/node-jsonwebtoken/commit/f26ba4e2fa197a20497632b63ffcd13ae93aacc4))
- Added support for subject and jwt id ([ab76ec5bc554e2d1e25376ddb7cea711d86af651](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ab76ec5bc554e2d1e25376ddb7cea711d86af651))
- Fix `this` referring to the global object instead of `module.exports` in `verify()` ([93f554312e37129027fcf4916f48cb8d1b53588c](https://redirect.github.com/auth0/node-jsonwebtoken/commit/93f554312e37129027fcf4916f48cb8d1b53588c))
- Fix typo, line 139 README, complete option for .decode. ([59c110aeb8c7c1847ef2ffd77702d13627c89e10](https://redirect.github.com/auth0/node-jsonwebtoken/commit/59c110aeb8c7c1847ef2ffd77702d13627c89e10))
- minor ([61ff1172272b582902313e958058ff22413494af](https://redirect.github.com/auth0/node-jsonwebtoken/commit/61ff1172272b582902313e958058ff22413494af))
### [`v5.0.2`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#502---2015-06-15)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.0.1...v5.0.2)
- fix typo in docs . closes [#86](https://redirect.github.com/auth0/node-jsonwebtoken/issues/86) ([3d3413221f36acef4dfd1cbed87f1f3565cd6f84](https://redirect.github.com/auth0/node-jsonwebtoken/commit/3d3413221f36acef4dfd1cbed87f1f3565cd6f84)), closes [#86](https://redirect.github.com/auth0/node-jsonwebtoken/issues/86)
### [`v5.0.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#501---2015-05-15)
[Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.0.0...v5.0.1)
- Add option to return header and payload when decoding. ([7254e011b59f892d1947e6c11819281adac7069d](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7254e011b59f892d1947e6c11819281adac7069d))
- Avoid uncaught "SyntaxError: Unexpected token ͧ" error. ([0dc59cd6ee15d83a606acffa7909ee76176ae186](https://redirect.github.com/auth0/node-jsonwebtoken/commit/0dc59cd6ee15d83a606acffa7909ee76176ae186))
- Document complete option in README. ([ec32b20241a74d9681ea26e1a7024b4642468c00](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ec32b20241a74d9681ea26e1a7024b4642468c00))
- Fix example in README, silence verbose logging. ([ba3174d10033c41e9c211a38f1cc67f74fbd7f69](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ba3174d10033c41e9c211a38f1cc67f74fbd7f69))
- Fix link to auth0.com in README ([1b3c5ff72c9bc25e9271646e679f3080f2a042a0](https://redirect.github.com/auth0/node-jsonwebtoken/commit/1b3c5ff72c9bc25e9271646e679f3080f2a042a0))
- Immediate return if not decoded. ([851bda2b10168f3269c3da6e74d310742f31a193](https://redirect.github.com/auth0/node-jsonwebtoken/commit/851bda2b10168f3269c3da6e74d310742f31a193))
- Prevent throw on undefined/null secret ([0fdf78d4dbf609455f3277d6169a987aef0384d4](https://redirect.github.com/auth0/node-jsonwebtoken/commit/0fdf78d4dbf609455f3277d6169a987aef0384d4))
- Removed path from test ([d6240e24186732d368bffe21143becf44c38f0d6](https://redirect.github.com/auth0/node-jsonwebtoken/commit/d6240e24186732d368bffe21143becf44c38f0d6))
- Simplified checking for missing key ([f1cffd033bffc44f20558eda4a797c3fa2f4ee05](https://redirect.github.com/auth0/node-jsonwebtoken/commit/f1cffd033bffc44f20558eda4a797c3fa2f4ee05))
- Typo ([ffe68dbe0219bab535c1018448eb4c0b22f1f902](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ffe68dbe0219bab535c1018448eb4c0b22f1f902))
- Update CHANGELOG.md ([927cce0dad1bc9aad75aeef53e276cf4cfc0d776](https://redirect.github.com/auth0/node-jsonwebtoken/commit/927cce0dad1bc9aad75aeef53e276cf4cfc0d776))
- Update CHANGELOG.md ([6879e0fdde222995c70a3a69a4af94993d9c667e](https://redirect.github.com/auth0/node-jsonwebtoken/commit/6879e0fdde222995c70a3a69a4af94993d9c667e))
- Update CHANGELOG.md ([c5596c10e8705727fa13e0394184a606083078bc](https://redirect.github.com/auth0/node-jsonwebtoken/commit/c5596c10e8705727fa13e0394184a606083078bc))
- Update CHANGELOG.md ([07541f0315f26d179e1cde92732b6124d6869b6f](https://redirect.github.com/auth0/node-jsonwebtoken/commit/07541f0315f26d179e1cde92732b6124d6869b6f))
- Update CHANGELOG.md ([e6465d48ddd1dc2c3297229b28c78fd5490a2ba9](https://redirect.github.com/auth0/node-jsonwebtoken/commit/e6465d48ddd1dc2c3297229b28c78fd5490a2ba9))
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
^5.0.0->^9.0.0GitHub Vulnerability Alerts
CVE-2022-23541
Overview
Versions
<=8.5.1ofjsonwebtokenlibrary can be misconfigured so that passing a poorly implemented key retrieval function (referring to thesecretOrPublicKeyargument from the readme link) will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens.Am I affected?
You will be affected if your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function.
How do I fix it?
Update to version 9.0.0.
Will the fix impact my users?
There is no impact for end users
CVE-2022-23539
Overview
Versions
<=8.5.1ofjsonwebtokenlibrary could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm.Am I affected?
You are affected if you are using an algorithm and a key type other than the combinations mentioned below
And for Elliptic Curve algorithms:
algHow do I fix it?
Update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, If you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the
allowInvalidAsymmetricKeyTypesoption totruein thesign()and/orverify()functions.Will the fix impact my users?
There will be no impact, if you update to version 9.0.0 and you already use a valid secure combination of key type and algorithm. Otherwise, use the
allowInvalidAsymmetricKeyTypesoption totruein thesign()andverify()functions to continue usage of invalid key type/algorithm combination in 9.0.0 for legacy compatibility.CVE-2022-23540
Overview
In versions <=8.5.1 of jsonwebtoken library, lack of algorithm definition and a falsy secret or key in the
jwt.verify()function can lead to signature validation bypass due to defaulting to thenonealgorithm for signature verification.Am I affected?
You will be affected if all the following are true in the
jwt.verify()function:How do I fix it?
Update to version 9.0.0 which removes the default support for the none algorithm in the
jwt.verify()method.Will the fix impact my users?
There will be no impact, if you update to version 9.0.0 and you don’t need to allow for the
nonealgorithm. If you need 'none' algorithm, you have to explicitly specify that injwt.verify()options.Release Notes
auth0/node-jsonwebtoken (jsonwebtoken)
### [`v9.0.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#900---2022-12-21) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.5.1...v9.0.0) **Breaking changes: See [Migration from v8 to v9](https://redirect.github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9)** ##### Breaking changes - Removed support for Node versions 11 and below. - The verify() function no longer accepts unsigned tokens by default. (\[[`8345030`](https://redirect.github.com/auth0/node-jsonwebtoken/commit/834503079514b72264fd13023a3b8d648afd6a16)]https://github.com/auth0/node-jsonwebtoken/commit/834503079514b72264fd13023a3b8d648afd6a16) - RSA key size must be 2048 bits or greater. (\[[`ecdf6cc`](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ecdf6cc6073ea13a7e71df5fad043550f08d0fa6)]https://github.com/auth0/node-jsonwebtoken/commit/ecdf6cc6073ea13a7e71df5fad043550f08d0fa6) - Key types must be valid for the signing / verification algorithm ##### Security fixes - security: fixes `Arbitrary File Write via verify function` - CVE-2022-23529 - security: fixes `Insecure default algorithm in jwt.verify() could lead to signature validation bypass` - CVE-2022-23540 - security: fixes `Insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC` - CVE-2022-23541 - security: fixes `Unrestricted key type could lead to legacy keys usage` - CVE-2022-23539 ### [`v8.5.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#851---2019-03-18) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.5.0...v8.5.1) ##### Bug fix - fix: ensure correct PS signing and verification ([#585](https://redirect.github.com/auth0/node-jsonwebtoken/issues/585)) ([e5874ae428ffc0465e6bd4e660f89f78b56a74a6](https://redirect.github.com/auth0/node-jsonwebtoken/commit/e5874ae428ffc0465e6bd4e660f89f78b56a74a6)), closes [#585](https://redirect.github.com/auth0/node-jsonwebtoken/issues/585) ##### Docs - README: fix markdown for algorithms table ([84e03ef70f9c44a3aef95a1dc122c8238854f683](https://redirect.github.com/auth0/node-jsonwebtoken/commit/84e03ef70f9c44a3aef95a1dc122c8238854f683)) ### [`v8.5.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#850---2019-02-20) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.4.0...v8.5.0) ##### New Functionality - feat: add PS JWA support for applicable node versions ([#573](https://redirect.github.com/auth0/node-jsonwebtoken/issues/573)) ([eefb9d9c6eec54718fa6e41306bda84788df7bec](https://redirect.github.com/auth0/node-jsonwebtoken/commit/eefb9d9c6eec54718fa6e41306bda84788df7bec)), closes [#573](https://redirect.github.com/auth0/node-jsonwebtoken/issues/573) - Add complete option in jwt.verify ([#522](https://redirect.github.com/auth0/node-jsonwebtoken/issues/522)) ([8737789dd330cf9e7870f4df97fd52479adbac22](https://redirect.github.com/auth0/node-jsonwebtoken/commit/8737789dd330cf9e7870f4df97fd52479adbac22)), closes [#522](https://redirect.github.com/auth0/node-jsonwebtoken/issues/522) ##### Test Improvements - Add tests for private claims in the payload ([#555](https://redirect.github.com/auth0/node-jsonwebtoken/issues/555)) ([5147852896755dc1291825e2e40556f964411fb2](https://redirect.github.com/auth0/node-jsonwebtoken/commit/5147852896755dc1291825e2e40556f964411fb2)), closes [#555](https://redirect.github.com/auth0/node-jsonwebtoken/issues/555) - Force use_strict during testing ([#577](https://redirect.github.com/auth0/node-jsonwebtoken/issues/577)) ([7b60c127ceade36c33ff33be066e435802001c94](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7b60c127ceade36c33ff33be066e435802001c94)), closes [#577](https://redirect.github.com/auth0/node-jsonwebtoken/issues/577) - Refactor tests related to jti and jwtid ([#544](https://redirect.github.com/auth0/node-jsonwebtoken/issues/544)) ([7eebbc75ab89e01af5dacf2aae90fe05a13a1454](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7eebbc75ab89e01af5dacf2aae90fe05a13a1454)), closes [#544](https://redirect.github.com/auth0/node-jsonwebtoken/issues/544) - ci: remove nsp from tests ([#569](https://redirect.github.com/auth0/node-jsonwebtoken/issues/569)) ([da8f55c3c7b4dd0bfc07a2df228500fdd050242a](https://redirect.github.com/auth0/node-jsonwebtoken/commit/da8f55c3c7b4dd0bfc07a2df228500fdd050242a)), closes [#569](https://redirect.github.com/auth0/node-jsonwebtoken/issues/569) ##### Docs - Fix 'cert' token which isn't a cert ([#554](https://redirect.github.com/auth0/node-jsonwebtoken/issues/554)) ([0c24fe68cd2866cea6322016bf993cd897fefc98](https://redirect.github.com/auth0/node-jsonwebtoken/commit/0c24fe68cd2866cea6322016bf993cd897fefc98)), closes [#554](https://redirect.github.com/auth0/node-jsonwebtoken/issues/554) ### [`v8.4.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#840---2018-11-14) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.3.0...v8.4.0) ##### New Functionality - Add verify option for nonce validation ([#540](https://redirect.github.com/auth0/node-jsonwebtoken/issues/540)) ([e7938f06fdf2ed3aa88745b72b8ae4ee66c2d0d0](https://redirect.github.com/auth0/node-jsonwebtoken/commit/e7938f06fdf2ed3aa88745b72b8ae4ee66c2d0d0)), closes [#540](https://redirect.github.com/auth0/node-jsonwebtoken/issues/540) ##### Bug Fixes - Updating Node version in Engines spec in package.json ([#528](https://redirect.github.com/auth0/node-jsonwebtoken/issues/528)) ([cfd1079305170a897dee6a5f55039783e6ee2711](https://redirect.github.com/auth0/node-jsonwebtoken/commit/cfd1079305170a897dee6a5f55039783e6ee2711)), closes [#528](https://redirect.github.com/auth0/node-jsonwebtoken/issues/528) [#509](https://redirect.github.com/auth0/node-jsonwebtoken/issues/509) - Fixed error message when empty string passed as expiresIn or notBefore option ([#531](https://redirect.github.com/auth0/node-jsonwebtoken/issues/531)) ([7f9604ac98d4d0ff8d873c3d2b2ea64bd285cb76](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7f9604ac98d4d0ff8d873c3d2b2ea64bd285cb76)), closes [#531](https://redirect.github.com/auth0/node-jsonwebtoken/issues/531) ##### Docs - Update README.md ([#527](https://redirect.github.com/auth0/node-jsonwebtoken/issues/527)) ([b76f2a80f5229ee5cde321dd2ff14aa5df16d283](https://redirect.github.com/auth0/node-jsonwebtoken/commit/b76f2a80f5229ee5cde321dd2ff14aa5df16d283)), closes [#527](https://redirect.github.com/auth0/node-jsonwebtoken/issues/527) - Update README.md ([#538](https://redirect.github.com/auth0/node-jsonwebtoken/issues/538)) ([1956c4006472fd285b8a85074257cbdbe9131cbf](https://redirect.github.com/auth0/node-jsonwebtoken/commit/1956c4006472fd285b8a85074257cbdbe9131cbf)), closes [#538](https://redirect.github.com/auth0/node-jsonwebtoken/issues/538) - Edited the README.md to make certain parts of the document for the api easier to read, emphasizing the examples. ([#548](https://redirect.github.com/auth0/node-jsonwebtoken/issues/548)) ([dc89a641293d42f72ecfc623ce2eabc33954cb9d](https://redirect.github.com/auth0/node-jsonwebtoken/commit/dc89a641293d42f72ecfc623ce2eabc33954cb9d)), closes [#548](https://redirect.github.com/auth0/node-jsonwebtoken/issues/548) - Document NotBeforeError ([#529](https://redirect.github.com/auth0/node-jsonwebtoken/issues/529)) ([29cd654b956529e939ae8f8c30b9da7063aad501](https://redirect.github.com/auth0/node-jsonwebtoken/commit/29cd654b956529e939ae8f8c30b9da7063aad501)), closes [#529](https://redirect.github.com/auth0/node-jsonwebtoken/issues/529) ##### Test Improvements - Use lolex for faking date in tests ([#491](https://redirect.github.com/auth0/node-jsonwebtoken/issues/491)) ([677ead6d64482f2067b11437dda07309abe73cfa](https://redirect.github.com/auth0/node-jsonwebtoken/commit/677ead6d64482f2067b11437dda07309abe73cfa)), closes [#491](https://redirect.github.com/auth0/node-jsonwebtoken/issues/491) - Update dependencies used for running tests ([#518](https://redirect.github.com/auth0/node-jsonwebtoken/issues/518)) ([5498bdc4865ffb2ba2fd44d889fad7e83873bb33](https://redirect.github.com/auth0/node-jsonwebtoken/commit/5498bdc4865ffb2ba2fd44d889fad7e83873bb33)), closes [#518](https://redirect.github.com/auth0/node-jsonwebtoken/issues/518) - Minor test refactoring for recently added tests ([#504](https://redirect.github.com/auth0/node-jsonwebtoken/issues/504)) ([e2860a9d2a412627d79741a95bc7159971b923b9](https://redirect.github.com/auth0/node-jsonwebtoken/commit/e2860a9d2a412627d79741a95bc7159971b923b9)), closes [#504](https://redirect.github.com/auth0/node-jsonwebtoken/issues/504) - Create and implement async/sync test helpers ([#523](https://redirect.github.com/auth0/node-jsonwebtoken/issues/523)) ([683d8a9b31ad6327948f84268bd2c8e4350779d1](https://redirect.github.com/auth0/node-jsonwebtoken/commit/683d8a9b31ad6327948f84268bd2c8e4350779d1)), closes [#523](https://redirect.github.com/auth0/node-jsonwebtoken/issues/523) - Refactor tests related to audience and aud ([#503](https://redirect.github.com/auth0/node-jsonwebtoken/issues/503)) ([53d405e0223cce7c83cb51ecf290ca6bec1e9679](https://redirect.github.com/auth0/node-jsonwebtoken/commit/53d405e0223cce7c83cb51ecf290ca6bec1e9679)), closes [#503](https://redirect.github.com/auth0/node-jsonwebtoken/issues/503) - Refactor tests related to expiresIn and exp ([#501](https://redirect.github.com/auth0/node-jsonwebtoken/issues/501)) ([72f0d9e5b11a99082250665d1200c58182903fa6](https://redirect.github.com/auth0/node-jsonwebtoken/commit/72f0d9e5b11a99082250665d1200c58182903fa6)), closes [#501](https://redirect.github.com/auth0/node-jsonwebtoken/issues/501) - Refactor tests related to iat and maxAge ([#507](https://redirect.github.com/auth0/node-jsonwebtoken/issues/507)) ([877bd57ab2aca9b7d230805b21f921baed3da169](https://redirect.github.com/auth0/node-jsonwebtoken/commit/877bd57ab2aca9b7d230805b21f921baed3da169)), closes [#507](https://redirect.github.com/auth0/node-jsonwebtoken/issues/507) - Refactor tests related to iss and issuer ([#543](https://redirect.github.com/auth0/node-jsonwebtoken/issues/543)) ([0906a3fa80f52f959ac1b6343d3024ce5c7e9dea](https://redirect.github.com/auth0/node-jsonwebtoken/commit/0906a3fa80f52f959ac1b6343d3024ce5c7e9dea)), closes [#543](https://redirect.github.com/auth0/node-jsonwebtoken/issues/543) - Refactor tests related to kid and keyid ([#545](https://redirect.github.com/auth0/node-jsonwebtoken/issues/545)) ([88645427a0adb420bd3e149199a2a6bf1e17277e](https://redirect.github.com/auth0/node-jsonwebtoken/commit/88645427a0adb420bd3e149199a2a6bf1e17277e)), closes [#545](https://redirect.github.com/auth0/node-jsonwebtoken/issues/545) - Refactor tests related to notBefore and nbf ([#497](https://redirect.github.com/auth0/node-jsonwebtoken/issues/497)) ([39adf87a6faef3df984140f88e6724ddd709fd89](https://redirect.github.com/auth0/node-jsonwebtoken/commit/39adf87a6faef3df984140f88e6724ddd709fd89)), closes [#497](https://redirect.github.com/auth0/node-jsonwebtoken/issues/497) - Refactor tests related to subject and sub ([#505](https://redirect.github.com/auth0/node-jsonwebtoken/issues/505)) ([5a7fa23c0b4ac6c25304dab8767ef840b43a0eca](https://redirect.github.com/auth0/node-jsonwebtoken/commit/5a7fa23c0b4ac6c25304dab8767ef840b43a0eca)), closes [#505](https://redirect.github.com/auth0/node-jsonwebtoken/issues/505) - Implement async/sync tests for exp claim ([#536](https://redirect.github.com/auth0/node-jsonwebtoken/issues/536)) ([9ae3f207ac64b7450ea0a3434418f5ca58d8125e](https://redirect.github.com/auth0/node-jsonwebtoken/commit/9ae3f207ac64b7450ea0a3434418f5ca58d8125e)), closes [#536](https://redirect.github.com/auth0/node-jsonwebtoken/issues/536) - Implement async/sync tests for nbf claim ([#537](https://redirect.github.com/auth0/node-jsonwebtoken/issues/537)) ([88bc965061ed65299a395f42a100fb8f8c3c683e](https://redirect.github.com/auth0/node-jsonwebtoken/commit/88bc965061ed65299a395f42a100fb8f8c3c683e)), closes [#537](https://redirect.github.com/auth0/node-jsonwebtoken/issues/537) - Implement async/sync tests for sub claim ([#534](https://redirect.github.com/auth0/node-jsonwebtoken/issues/534)) ([342b07bb105a35739eb91265ba5b9dd33c300fc6](https://redirect.github.com/auth0/node-jsonwebtoken/commit/342b07bb105a35739eb91265ba5b9dd33c300fc6)), closes [#534](https://redirect.github.com/auth0/node-jsonwebtoken/issues/534) - Implement async/sync tests for the aud claim ([#535](https://redirect.github.com/auth0/node-jsonwebtoken/issues/535)) ([1c8ff5a68e6da73af2809c9d87faaf78602c99bb](https://redirect.github.com/auth0/node-jsonwebtoken/commit/1c8ff5a68e6da73af2809c9d87faaf78602c99bb)), closes [#535](https://redirect.github.com/auth0/node-jsonwebtoken/issues/535) ##### CI - Added Istanbul to check test-coverage ([#468](https://redirect.github.com/auth0/node-jsonwebtoken/issues/468)) ([9676a8306428a045e34c3987bd0680fb952b44e3](https://redirect.github.com/auth0/node-jsonwebtoken/commit/9676a8306428a045e34c3987bd0680fb952b44e3)), closes [#468](https://redirect.github.com/auth0/node-jsonwebtoken/issues/468) - Complete ESLint conversion and cleanup ([#490](https://redirect.github.com/auth0/node-jsonwebtoken/issues/490)) ([cb1d2e1e40547f7ecf29fa6635041df6cbba7f40](https://redirect.github.com/auth0/node-jsonwebtoken/commit/cb1d2e1e40547f7ecf29fa6635041df6cbba7f40)), closes [#490](https://redirect.github.com/auth0/node-jsonwebtoken/issues/490) - Make code-coverage mandatory when running tests ([#495](https://redirect.github.com/auth0/node-jsonwebtoken/issues/495)) ([fb0084a78535bfea8d0087c0870e7e3614a2cbe5](https://redirect.github.com/auth0/node-jsonwebtoken/commit/fb0084a78535bfea8d0087c0870e7e3614a2cbe5)), closes [#495](https://redirect.github.com/auth0/node-jsonwebtoken/issues/495) ### [`v8.3.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#830---2018-06-11) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.2.2...v8.3.0) - docs: add some clarifications ([#473](https://redirect.github.com/auth0/node-jsonwebtoken/issues/473)) ([cd33cc81f06068b9df6c224d300dc6f70d8904ab](https://redirect.github.com/auth0/node-jsonwebtoken/commit/cd33cc81f06068b9df6c224d300dc6f70d8904ab)), closes [#473](https://redirect.github.com/auth0/node-jsonwebtoken/issues/473) - ci: fix ci execution, remove not needed script ([#472](https://redirect.github.com/auth0/node-jsonwebtoken/issues/472)) ([c8ff7b2c3ffcd954a64a0273c20a7d1b22339aa5](https://redirect.github.com/auth0/node-jsonwebtoken/commit/c8ff7b2c3ffcd954a64a0273c20a7d1b22339aa5)), closes [#472](https://redirect.github.com/auth0/node-jsonwebtoken/issues/472) - new feature: Secret callback revisited ([#480](https://redirect.github.com/auth0/node-jsonwebtoken/issues/480)) ([d01cc7bcbdeb606d997a580f967b3169fcc622ba](https://redirect.github.com/auth0/node-jsonwebtoken/commit/d01cc7bcbdeb606d997a580f967b3169fcc622ba)), closes [#480](https://redirect.github.com/auth0/node-jsonwebtoken/issues/480) - docs:Update README.md ([#461](https://redirect.github.com/auth0/node-jsonwebtoken/issues/461)) ([f0e0954505f274da95a8d9603598e455b4d2c894](https://redirect.github.com/auth0/node-jsonwebtoken/commit/f0e0954505f274da95a8d9603598e455b4d2c894)), closes [#461](https://redirect.github.com/auth0/node-jsonwebtoken/issues/461) ### [`v8.2.2`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#822---2018-05-30) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.2.1...v8.2.2) - security: deps: jws@3.1.5 ([#477](https://redirect.github.com/auth0/node-jsonwebtoken/issues/477)) ([ebde9b7cc75cb7ab5176de7ebc4a1d6a8f05bd51](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ebde9b7cc75cb7ab5176de7ebc4a1d6a8f05bd51)), closes [#465](https://redirect.github.com/auth0/node-jsonwebtoken/issues/465) - docs: add some clarifications ([#473](https://redirect.github.com/auth0/node-jsonwebtoken/issues/473)) ([cd33cc81f06068b9df6c224d300dc6f70d8904ab](https://redirect.github.com/auth0/node-jsonwebtoken/commit/cd33cc81f06068b9df6c224d300dc6f70d8904ab)), closes [#473](https://redirect.github.com/auth0/node-jsonwebtoken/issues/473) - ci: fix ci execution, remove not needed script ([#472](https://redirect.github.com/auth0/node-jsonwebtoken/issues/472)) ([c8ff7b2c3ffcd954a64a0273c20a7d1b22339aa5](https://redirect.github.com/auth0/node-jsonwebtoken/commit/c8ff7b2c3ffcd954a64a0273c20a7d1b22339aa5)), closes [#472](https://redirect.github.com/auth0/node-jsonwebtoken/issues/472) - docs: Update README.md ([#461](https://redirect.github.com/auth0/node-jsonwebtoken/issues/461)) ([f0e0954505f274da95a8d9603598e455b4d2c894](https://redirect.github.com/auth0/node-jsonwebtoken/commit/f0e0954505f274da95a8d9603598e455b4d2c894)), closes [#461](https://redirect.github.com/auth0/node-jsonwebtoken/issues/461) ### [`v8.2.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#821---2018-04-05) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.2.0...v8.2.1) - bug fix: Check payload is not null when decoded. ([#444](https://redirect.github.com/auth0/node-jsonwebtoken/issues/444)) ([1232ae9352ce5fd1ca6c593291ce6ad0834a1ff5](https://redirect.github.com/auth0/node-jsonwebtoken/commit/1232ae9352ce5fd1ca6c593291ce6ad0834a1ff5)) - docs: Clarify that buffer/string payloads must be JSON ([#442](https://redirect.github.com/auth0/node-jsonwebtoken/issues/442)) ([e8ac1be7565a3fd986d40cb5e31a9f6c4d9aed1b](https://redirect.github.com/auth0/node-jsonwebtoken/commit/e8ac1be7565a3fd986d40cb5e31a9f6c4d9aed1b)) ### [`v8.2.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#820---2018-03-02) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.1.1...v8.2.0) - Add a new mutatePayload option ([#446](https://redirect.github.com/auth0/node-jsonwebtoken/issues/446)) ([d6d7c5e5103f05a92d3633ac190d3025a0455be0](https://redirect.github.com/auth0/node-jsonwebtoken/commit/d6d7c5e5103f05a92d3633ac190d3025a0455be0)) ### [`v8.1.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#811---2018-01-22) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.1.0...v8.1.1) - ci: add newer node versions to build matrix ([#428](https://redirect.github.com/auth0/node-jsonwebtoken/issues/428)) ([83f3eee44e122da06f812d7da4ace1fa26c24d9d](https://redirect.github.com/auth0/node-jsonwebtoken/commit/83f3eee44e122da06f812d7da4ace1fa26c24d9d)) - deps: Bump ms version to add support for negative numbers ([#438](https://redirect.github.com/auth0/node-jsonwebtoken/issues/438)) ([25e0e624545eaef76f3c324a134bf103bc394724](https://redirect.github.com/auth0/node-jsonwebtoken/commit/25e0e624545eaef76f3c324a134bf103bc394724)) - docs: Minor typo ([#424](https://redirect.github.com/auth0/node-jsonwebtoken/issues/424)) ([dddcb73ac05de11b81feeb629f6cf78dd03d2047](https://redirect.github.com/auth0/node-jsonwebtoken/commit/dddcb73ac05de11b81feeb629f6cf78dd03d2047)) - bug fix: Not Before (nbf) calculated based on iat/timestamp ([#437](https://redirect.github.com/auth0/node-jsonwebtoken/issues/437)) ([2764a64908d97c043d62eba0bf6c600674f9a6d6](https://redirect.github.com/auth0/node-jsonwebtoken/commit/2764a64908d97c043d62eba0bf6c600674f9a6d6)), closes [#435](https://redirect.github.com/auth0/node-jsonwebtoken/issues/435) ### [`v8.1.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#810---2017-10-09) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.0.1...v8.1.0) - [#402](https://redirect.github.com/auth0/node-jsonwebtoken/issues/402): Don't fail if captureStackTrace is not a function ([#410](https://redirect.github.com/auth0/node-jsonwebtoken/issues/410)) ([77ee965d9081faaf21650f266399f203f69533c5](https://redirect.github.com/auth0/node-jsonwebtoken/commit/77ee965d9081faaf21650f266399f203f69533c5)) - [#403](https://redirect.github.com/auth0/node-jsonwebtoken/issues/403): Clarify error wording for "Expected object" error. ([#409](https://redirect.github.com/auth0/node-jsonwebtoken/issues/409)) ([bb27eb346f0ff675a320b2de16b391a7cfeadc58](https://redirect.github.com/auth0/node-jsonwebtoken/commit/bb27eb346f0ff675a320b2de16b391a7cfeadc58)) - Enhance audience check to verify against regular expressions ([#398](https://redirect.github.com/auth0/node-jsonwebtoken/issues/398)) ([81501a17da230af7b74a3f7535ab5cd3a19c8315](https://redirect.github.com/auth0/node-jsonwebtoken/commit/81501a17da230af7b74a3f7535ab5cd3a19c8315)) ### [`v8.0.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#801---2017-09-12) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v8.0.0...v8.0.1) - Remove `lodash.isarray` dependency ([#394](https://redirect.github.com/auth0/node-jsonwebtoken/issues/394)) ([7508e8957cb1c778f72fa9a363a7b135b3c9c36d](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7508e8957cb1c778f72fa9a363a7b135b3c9c36d)) ### [`v8.0.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#800---2017-09-06) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.4.3...v8.0.0) **Breaking changes: See [Migration notes from v7](https://redirect.github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v7-to-v8)** - docs: readme, migration notes ([12cd8f7f47224f904f6b8f39d1dee73775de4f6f](https://redirect.github.com/auth0/node-jsonwebtoken/commit/12cd8f7f47224f904f6b8f39d1dee73775de4f6f)) - verify: remove process.nextTick ([#302](https://redirect.github.com/auth0/node-jsonwebtoken/issues/302)) ([3305cf04e3f674b9fb7e27c9b14ddd159650ff82](https://redirect.github.com/auth0/node-jsonwebtoken/commit/3305cf04e3f674b9fb7e27c9b14ddd159650ff82)) - Reduce size of NPM package ([#347](https://redirect.github.com/auth0/node-jsonwebtoken/issues/347)) ([0be5409ac6592eeaae373dce91ec992fa101bd8a](https://redirect.github.com/auth0/node-jsonwebtoken/commit/0be5409ac6592eeaae373dce91ec992fa101bd8a)) - Remove joi to shrink module size ([#348](https://redirect.github.com/auth0/node-jsonwebtoken/issues/348)) ([2e7e68dbd59e845cdd940afae0a296f48438445f](https://redirect.github.com/auth0/node-jsonwebtoken/commit/2e7e68dbd59e845cdd940afae0a296f48438445f)) - maxAge: Add validation to timespan result ([66a4f8b996c8357727ce62a84605a005b2f5eb18](https://redirect.github.com/auth0/node-jsonwebtoken/commit/66a4f8b996c8357727ce62a84605a005b2f5eb18)) ### [`v7.4.3`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#743---2017-08-17) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.4.2...v7.4.3) - Fix breaking change on 7.4.2 for empty secret + "none" algorithm (sync code style) ([PR 386](https://redirect.github.com/auth0/node-jsonwebtoken/pull/386)) ### [`v7.4.2`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#742---2017-08-04) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.4.1...v7.4.2) - bugfix: sign: add check to be sure secret has a value ([c584d1cbc34b788977b36f17cd57ab2212f1230e](https://redirect.github.com/auth0/node-jsonwebtoken/commit/c584d1cbc34b788977b36f17cd57ab2212f1230e)) - docs: about refreshing tokens ([016fc10b847bfbb76b82171cb530f32d7da2001b](https://redirect.github.com/auth0/node-jsonwebtoken/commit/016fc10b847bfbb76b82171cb530f32d7da2001b)) - docs: verifying with base64 encoded secrets ([c25e9906801f89605080cc71b3ee23a5e45a5811](https://redirect.github.com/auth0/node-jsonwebtoken/commit/c25e9906801f89605080cc71b3ee23a5e45a5811)) - tests: Add tests for ES256 ([89900ea00735f76b04f437c9f542285b420fa9cb](https://redirect.github.com/auth0/node-jsonwebtoken/commit/89900ea00735f76b04f437c9f542285b420fa9cb)) - docs: document keyid as option ([#361](https://redirect.github.com/auth0/node-jsonwebtoken/issues/361)) ([00086c2c006d7fc1a47bae02fa87d194d79aa558](https://redirect.github.com/auth0/node-jsonwebtoken/commit/00086c2c006d7fc1a47bae02fa87d194d79aa558)) - docs: readme: Using private key with passpharase ([#353](https://redirect.github.com/auth0/node-jsonwebtoken/issues/353)) ([27a7f1d4f35b662426ff0270526d48658da4c8b7](https://redirect.github.com/auth0/node-jsonwebtoken/commit/27a7f1d4f35b662426ff0270526d48658da4c8b7)) ### [`v7.4.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#741---2017-05-17) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.4.0...v7.4.1) - bump ms to v2 due a ReDoS vulnerability ([#352](https://redirect.github.com/auth0/node-jsonwebtoken/issues/352)) ([adcfd6ae4088c838769d169f8cd9154265aa13e0](https://redirect.github.com/auth0/node-jsonwebtoken/commit/adcfd6ae4088c838769d169f8cd9154265aa13e0)) ### [`v7.4.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#740---2017-04-24) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.3.0...v7.4.0) - Add docs about numeric date fields ([659f73119900a4d837650d9b3f5af4e64a2f843b](https://redirect.github.com/auth0/node-jsonwebtoken/commit/659f73119900a4d837650d9b3f5af4e64a2f843b)) - Make Options object optional for callback-ish sign ([e202c4fd00c35a24e9ab606eab89186ade13d0cc](https://redirect.github.com/auth0/node-jsonwebtoken/commit/e202c4fd00c35a24e9ab606eab89186ade13d0cc)) ### [`v7.3.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#730---2017-02-13) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.2.1...v7.3.0) - Add more information to `maxAge` option in README ([1b0592e99cc8def293eed177e2575fa7f1cf7aa5](https://redirect.github.com/auth0/node-jsonwebtoken/commit/1b0592e99cc8def293eed177e2575fa7f1cf7aa5)) - Add `clockTimestamp` option to `verify()` you can set the current time in seconds with it ([#274](https://redirect.github.com/auth0/node-jsonwebtoken/issues/274)) ([8fdc1504f4325e7003894ffea078da9cba5208d9](https://redirect.github.com/auth0/node-jsonwebtoken/commit/8fdc1504f4325e7003894ffea078da9cba5208d9)) - Fix handling non string tokens on `verify()` input ([#305](https://redirect.github.com/auth0/node-jsonwebtoken/issues/305)) ([1b6ec8d466504f58c5a6e2dae3360c828bad92fb](https://redirect.github.com/auth0/node-jsonwebtoken/commit/1b6ec8d466504f58c5a6e2dae3360c828bad92fb)), closes [#305](https://redirect.github.com/auth0/node-jsonwebtoken/issues/305) - Fixed a simple typo in docs ([#287](https://redirect.github.com/auth0/node-jsonwebtoken/issues/287)) ([a54240384e24e18c00e75884295306db311d0cb7](https://redirect.github.com/auth0/node-jsonwebtoken/commit/a54240384e24e18c00e75884295306db311d0cb7)), closes [#287](https://redirect.github.com/auth0/node-jsonwebtoken/issues/287) - Raise jws.decode error to avoid confusion with "invalid token" error ([#294](https://redirect.github.com/auth0/node-jsonwebtoken/issues/294)) ([7f68fe06c88d5c5653785bd66bc68c5b20e1bd8e](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7f68fe06c88d5c5653785bd66bc68c5b20e1bd8e)) - rauchg/ms.js changed to zeit/ms ([#303](https://redirect.github.com/auth0/node-jsonwebtoken/issues/303)) ([35d84152a6b716d757cb5b1dd3c79fe3a1bc0628](https://redirect.github.com/auth0/node-jsonwebtoken/commit/35d84152a6b716d757cb5b1dd3c79fe3a1bc0628)) ### [`v7.2.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#721---2016-12-07) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.2.0...v7.2.1) - add nsp check to find vulnerabilities on npm test ([4219c34b5346811c07f520f10516cc495bcc70dd](https://redirect.github.com/auth0/node-jsonwebtoken/commit/4219c34b5346811c07f520f10516cc495bcc70dd)) - revert to joi@^6 to keep ES5 compatibility ([51d4796c07344bf817687f7ccfeef78f00bf5b4f](https://redirect.github.com/auth0/node-jsonwebtoken/commit/51d4796c07344bf817687f7ccfeef78f00bf5b4f)) ### [`v7.2.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#720---2016-12-06) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.10...v7.2.0) - improve the documentation for expiration ([771e0b5f9bed90771fb79140eb38e51a3ecac8f0](https://redirect.github.com/auth0/node-jsonwebtoken/commit/771e0b5f9bed90771fb79140eb38e51a3ecac8f0)) - Restructured a sentence ([ccc7610187a862f7a50177eadc9152eef26cd065](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ccc7610187a862f7a50177eadc9152eef26cd065)) - Allow `keyid` on `sign`. ([b412be91b89acb3a742bb609d3b54e47e1dfc441](https://redirect.github.com/auth0/node-jsonwebtoken/commit/b412be91b89acb3a742bb609d3b54e47e1dfc441)) - upgrade joi ([715e3d928023d414d45c6dc3f096a7c8448139ae](https://redirect.github.com/auth0/node-jsonwebtoken/commit/715e3d928023d414d45c6dc3f096a7c8448139ae)) - upgrade to latest nodes and Travis infrastructure ([3febcc1dd23ecdec1abbf89313959941d15eb47a](https://redirect.github.com/auth0/node-jsonwebtoken/commit/3febcc1dd23ecdec1abbf89313959941d15eb47a)) ### [`v7.1.10`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#7110---2016-12-06) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.9...v7.1.10) - Bump node-jws version number ([07813dd7194630c9f452684279178af76464a759](https://redirect.github.com/auth0/node-jsonwebtoken/commit/07813dd7194630c9f452684279178af76464a759)) - improve the documentation for expiration ([771e0b5f9bed90771fb79140eb38e51a3ecac8f0](https://redirect.github.com/auth0/node-jsonwebtoken/commit/771e0b5f9bed90771fb79140eb38e51a3ecac8f0)) ### [`v7.1.9`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#719---2016-08-11) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.8...v7.1.9) - Revert "Merge branch 'venatir-master'" ([d06359ef3b4e619680e043ee7c16adda16598f52](https://redirect.github.com/auth0/node-jsonwebtoken/commit/d06359ef3b4e619680e043ee7c16adda16598f52)) ### [`v7.1.8`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#718---2016-08-10) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.7...v7.1.8) - Fixed tests, however typ: 'JWT' should not be in the options at all, so please review other tests ([01903bcdc61b4ed429acbbd1fe0ffe0db364473b](https://redirect.github.com/auth0/node-jsonwebtoken/commit/01903bcdc61b4ed429acbbd1fe0ffe0db364473b)) - Removing unnecessary extra decoding. jwtString is already verified as valid and signature checked ([55d5834f7b637011e1d8b927ff78a92a5fd521cf](https://redirect.github.com/auth0/node-jsonwebtoken/commit/55d5834f7b637011e1d8b927ff78a92a5fd521cf)) - update changelog ([5117aacd0118a10331889a64e61d8186112d8a23](https://redirect.github.com/auth0/node-jsonwebtoken/commit/5117aacd0118a10331889a64e61d8186112d8a23)) ### [`v7.1.7`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#717---2016-07-29) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.6...v7.1.7) - Use lodash.once instead of unlicensed/unmaintained cb ([3ac95ad93ef3068a64e03d8d14deff231b1ed529](https://redirect.github.com/auth0/node-jsonwebtoken/commit/3ac95ad93ef3068a64e03d8d14deff231b1ed529)) ### [`v7.1.6`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#716---2016-07-15) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.5...v7.1.6) - fix issue with buffer payload. closes [#216](https://redirect.github.com/auth0/node-jsonwebtoken/issues/216) ([6b50ff324b4dfd2cb0e49b666f14a6672d015b22](https://redirect.github.com/auth0/node-jsonwebtoken/commit/6b50ff324b4dfd2cb0e49b666f14a6672d015b22)), closes [#216](https://redirect.github.com/auth0/node-jsonwebtoken/issues/216) ### [`v7.1.5`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#715---2016-07-15) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.3...v7.1.5) - update jws in package.json ([b6260951eefc68aae5f4ede359210761f901ff7a](https://redirect.github.com/auth0/node-jsonwebtoken/commit/b6260951eefc68aae5f4ede359210761f901ff7a)) ### [`v7.1.3`](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.1...v7.1.3) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.1...v7.1.3) ### [`v7.1.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#7110---2016-12-06) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.1.0...v7.1.1) - Bump node-jws version number ([07813dd7194630c9f452684279178af76464a759](https://redirect.github.com/auth0/node-jsonwebtoken/commit/07813dd7194630c9f452684279178af76464a759)) - improve the documentation for expiration ([771e0b5f9bed90771fb79140eb38e51a3ecac8f0](https://redirect.github.com/auth0/node-jsonwebtoken/commit/771e0b5f9bed90771fb79140eb38e51a3ecac8f0)) ### [`v7.1.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#710---2016-07-12) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.0.1...v7.1.0) - Exp calculated based on iat. fix [#217](https://redirect.github.com/auth0/node-jsonwebtoken/issues/217) ([757a16e0e35ad19f9e456820f55d5d9f3fc76aee](https://redirect.github.com/auth0/node-jsonwebtoken/commit/757a16e0e35ad19f9e456820f55d5d9f3fc76aee)), closes [#217](https://redirect.github.com/auth0/node-jsonwebtoken/issues/217) ### [`v7.0.1`](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.0.0...v7.0.1) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v7.0.0...v7.0.1) ### [`v7.0.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#700---2016-05-19) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v6.2.0...v7.0.0) - change jwt.sign to return errors on callback instead of throwing errors ([1e46c5a42aa3dab8478efa4081d8f8f5c5485d56](https://redirect.github.com/auth0/node-jsonwebtoken/commit/1e46c5a42aa3dab8478efa4081d8f8f5c5485d56)) ### [`v6.2.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#620---2016-04-29) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v6.1.2...v6.2.0) - add support for `options.clockTolerance` to `jwt.verify` ([65ddea934f226bf06bc9d6a55be9587515cfc38d](https://redirect.github.com/auth0/node-jsonwebtoken/commit/65ddea934f226bf06bc9d6a55be9587515cfc38d)) ### [`v6.1.2`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#612---2016-04-29) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v6.1.1...v6.1.2) - fix sign method for node.js 0.12. closes [#193](https://redirect.github.com/auth0/node-jsonwebtoken/issues/193) ([9c38374142d3929be3c9314b5e9bc5d963c5955f](https://redirect.github.com/auth0/node-jsonwebtoken/commit/9c38374142d3929be3c9314b5e9bc5d963c5955f)), closes [#193](https://redirect.github.com/auth0/node-jsonwebtoken/issues/193) - improve async test ([7b0981380ddc40a5f1208df520631785b5ffb85a](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7b0981380ddc40a5f1208df520631785b5ffb85a)) ### [`v6.1.1`](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v6.1.0...v6.1.1) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v6.1.0...v6.1.1) ### [`v6.1.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#610---2016-04-27) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v6.0.1...v6.1.0) - verify unsigned tokens ([ec880791c10ed5ef7c8df7bf28ebb95c810479ed](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ec880791c10ed5ef7c8df7bf28ebb95c810479ed)) ### [`v6.0.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#601---2016-04-27) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v6.0.0...v6.0.1) This was an immediate change after publishing 6.0.0. - throw error on invalid options when the payload is not an object ([304f1b33075f79ed66f784e27dc4f5307aa39e27](https://redirect.github.com/auth0/node-jsonwebtoken/commit/304f1b33075f79ed66f784e27dc4f5307aa39e27)) ### [`v6.0.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#600---2016-04-27) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.7.0...v6.0.0) - Change .sign to standard async callback ([50873c7d45d2733244d5da8afef3d1872e657a60](https://redirect.github.com/auth0/node-jsonwebtoken/commit/50873c7d45d2733244d5da8afef3d1872e657a60)) - Improved the options for the `sign` method ([53c3987b3cc34e95eb396b26fc9b051276e2f6f9](https://redirect.github.com/auth0/node-jsonwebtoken/commit/53c3987b3cc34e95eb396b26fc9b051276e2f6f9)) - throw error on invalid options like `expiresIn` when the payload is not an object ([304f1b33075f79ed66f784e27dc4f5307aa39e27](https://redirect.github.com/auth0/node-jsonwebtoken/commit/304f1b33075f79ed66f784e27dc4f5307aa39e27)) - `expiresInMinutes` and `expiresInSeconds` are deprecated and no longer supported. - `notBeforeInMinutes` and `notBeforeInSeconds` are deprecated and no longer supported. - `options` are strongly validated. - `options.expiresIn`, `options.notBefore`, `options.audience`, `options.issuer`, `options.subject` and `options.jwtid` are mutually exclusive with `payload.exp`, `payload.nbf`, `payload.aud`, `payload.iss` - `options.algorithm` is properly validated. - `options.headers` is renamed to `options.header`. - update CHANGELOG to reflect most of the changes. closes [#136](https://redirect.github.com/auth0/node-jsonwebtoken/issues/136) ([b87a1a8d2e2533fbfab518765a54f00077918eb7](https://redirect.github.com/auth0/node-jsonwebtoken/commit/b87a1a8d2e2533fbfab518765a54f00077918eb7)), closes [#136](https://redirect.github.com/auth0/node-jsonwebtoken/issues/136) - update readme ([53a88ecf4494e30e1d62a1cf3cc354650349f486](https://redirect.github.com/auth0/node-jsonwebtoken/commit/53a88ecf4494e30e1d62a1cf3cc354650349f486)) ### [`v5.7.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#570---2016-02-16) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.6.2...v5.7.0) - add support for validating multiples issuers. closes [#163](https://redirect.github.com/auth0/node-jsonwebtoken/issues/163) ([39d9309ae05648dbd72e5fd1993df064ad0e8fa5](https://redirect.github.com/auth0/node-jsonwebtoken/commit/39d9309ae05648dbd72e5fd1993df064ad0e8fa5)), closes [#163](https://redirect.github.com/auth0/node-jsonwebtoken/issues/163) ### [`v5.6.2`](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.6.0...v5.6.2) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.6.0...v5.6.2) ### [`v5.6.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#560---2016-02-16) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.5.4...v5.6.0) - added missing validations of sub and jti ([a1affe960d0fc52e9042bcbdedb65734f8855580](https://redirect.github.com/auth0/node-jsonwebtoken/commit/a1affe960d0fc52e9042bcbdedb65734f8855580)) - Fix tests in jwt.rs.tests.js which causes 4 to fail ([8aedf2b1f575b0d9575c1fc9f2ac7bc868f75ff1](https://redirect.github.com/auth0/node-jsonwebtoken/commit/8aedf2b1f575b0d9575c1fc9f2ac7bc868f75ff1)) - Update README.md ([349b7cd00229789b138928ca060d3ef015aedaf9](https://redirect.github.com/auth0/node-jsonwebtoken/commit/349b7cd00229789b138928ca060d3ef015aedaf9)) ### [`v5.5.4`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#554---2016-01-04) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.5.3...v5.5.4) - minor ([46552e7c45025c76e3f647680d7539a66bfac612](https://redirect.github.com/auth0/node-jsonwebtoken/commit/46552e7c45025c76e3f647680d7539a66bfac612)) ### [`v5.5.3`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#553---2016-01-04) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.5.2...v5.5.3) - add a console.warn on invalid options for string payloads ([71200f14deba0533d3261266348338fac2d14661](https://redirect.github.com/auth0/node-jsonwebtoken/commit/71200f14deba0533d3261266348338fac2d14661)) - minor ([65b1f580382dc58dd3da6f47a52713776fd7cdf2](https://redirect.github.com/auth0/node-jsonwebtoken/commit/65b1f580382dc58dd3da6f47a52713776fd7cdf2)) ### [`v5.5.2`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#552---2016-01-04) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.5.1...v5.5.2) - fix signing method with sealed objects, do not modify the params object. closes [#147](https://redirect.github.com/auth0/node-jsonwebtoken/issues/147) ([be9c09af83b09c9e72da8b2c6166fa51d92aeab6](https://redirect.github.com/auth0/node-jsonwebtoken/commit/be9c09af83b09c9e72da8b2c6166fa51d92aeab6)), closes [#147](https://redirect.github.com/auth0/node-jsonwebtoken/issues/147) ### [`v5.5.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#551---2016-01-04) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.5.0...v5.5.1) - fix nbf verification. fix [#152](https://redirect.github.com/auth0/node-jsonwebtoken/issues/152) ([786d37b299c67771b5e71a2ca476666ab0f97d98](https://redirect.github.com/auth0/node-jsonwebtoken/commit/786d37b299c67771b5e71a2ca476666ab0f97d98)), closes [#152](https://redirect.github.com/auth0/node-jsonwebtoken/issues/152) ### [`v5.5.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#550---2015-12-28) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/eb272d6da05b7d19d24a5e749cf026ac2b413abf...v5.5.0) - improvements to nbf and jti claims ([46372e928f6d2e7398f9b88022ca617d2a3b0699](https://redirect.github.com/auth0/node-jsonwebtoken/commit/46372e928f6d2e7398f9b88022ca617d2a3b0699)) - Remove duplicate payload line (fix bug in IE strict mode) ([8163d698e0c5ad8c44817a5dcd42a15d7e9c6bc8](https://redirect.github.com/auth0/node-jsonwebtoken/commit/8163d698e0c5ad8c44817a5dcd42a15d7e9c6bc8)) - Remove duplicate require('ms') line ([7c00bcbcbf8f7503a1070b394a165eccd41de66f](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7c00bcbcbf8f7503a1070b394a165eccd41de66f)) - Update README to reflect addition of async sign ([d661d4b6f68eb417834c99b36769444723041ccf](https://redirect.github.com/auth0/node-jsonwebtoken/commit/d661d4b6f68eb417834c99b36769444723041ccf)) ### [`v5.4.1`](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.4.0...eb272d6da05b7d19d24a5e749cf026ac2b413abf) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.4.0...eb272d6da05b7d19d24a5e749cf026ac2b413abf) ### [`v5.4.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#540---2015-10-02) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.3.1...v5.4.0) - deprecate expireInMinutes and expireInSeconds - in favor of expiresIn ([39ecc6f8f310f8462e082f1d53de0b4222b29b6f](https://redirect.github.com/auth0/node-jsonwebtoken/commit/39ecc6f8f310f8462e082f1d53de0b4222b29b6f)) ### [`v5.3.1`](https://redirect.github.com/auth0/node-jsonwebtoken/compare/7e8292e768bd3865d10dad333e6bb750a64dda7e...v5.3.1) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/7e8292e768bd3865d10dad333e6bb750a64dda7e...v5.3.1) ### [`v5.2.0`](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.1.0...7e8292e768bd3865d10dad333e6bb750a64dda7e) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.1.0...7e8292e768bd3865d10dad333e6bb750a64dda7e) ### [`v5.1.0`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#510---2015-10-02) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.0.5...v5.1.0) - added async signing ([9414fbcb15a1f9cf4fe147d070e9424c547dabba](https://redirect.github.com/auth0/node-jsonwebtoken/commit/9414fbcb15a1f9cf4fe147d070e9424c547dabba)) - Update README.md ([40b2aaaa843442dfb8ee7b574f0a788177e7c904](https://redirect.github.com/auth0/node-jsonwebtoken/commit/40b2aaaa843442dfb8ee7b574f0a788177e7c904)) ### [`v5.0.5`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#505---2015-08-19) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.0.4...v5.0.5) - add ms dep to package.json ([f13b3fb7f29dff787e7c91ebe2eb5adeeb05f251](https://redirect.github.com/auth0/node-jsonwebtoken/commit/f13b3fb7f29dff787e7c91ebe2eb5adeeb05f251)) - add note to explain, related to [#96](https://redirect.github.com/auth0/node-jsonwebtoken/issues/96) [#101](https://redirect.github.com/auth0/node-jsonwebtoken/issues/101) [#6](https://redirect.github.com/auth0/node-jsonwebtoken/issues/6) ([dd8969e0e6ed0bcb9cae905d2b1a96476bd85da3](https://redirect.github.com/auth0/node-jsonwebtoken/commit/dd8969e0e6ed0bcb9cae905d2b1a96476bd85da3)) - add tests for options.headers ([7787dd74e705787c39a871ca29c75a2e0a3948ac](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7787dd74e705787c39a871ca29c75a2e0a3948ac)) - add tests for verify expires ([d7c5793d98c300603440ab460c11665f661ad3a0](https://redirect.github.com/auth0/node-jsonwebtoken/commit/d7c5793d98c300603440ab460c11665f661ad3a0)) - add verify option maxAge (with tests) ([49d54e54f7e70b1c53a2e4ee67e116c907d75319](https://redirect.github.com/auth0/node-jsonwebtoken/commit/49d54e54f7e70b1c53a2e4ee67e116c907d75319)) - fix spelling error in error message ([8078b11b224fa05ac9003ca5aa2c85e9f0128cfb](https://redirect.github.com/auth0/node-jsonwebtoken/commit/8078b11b224fa05ac9003ca5aa2c85e9f0128cfb)) - Fix typo options.header is not a documented option + ([5feaa5b962ccbddeff054817a410f7b0c1e6ce7f](https://redirect.github.com/auth0/node-jsonwebtoken/commit/5feaa5b962ccbddeff054817a410f7b0c1e6ce7f)) - update JWT spec link. closes [#112](https://redirect.github.com/auth0/node-jsonwebtoken/issues/112) ([f5fa50f797456a12240589161835c7ea30807195](https://redirect.github.com/auth0/node-jsonwebtoken/commit/f5fa50f797456a12240589161835c7ea30807195)), closes [#112](https://redirect.github.com/auth0/node-jsonwebtoken/issues/112) ### [`v5.0.4`](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.0.3...v5.0.4) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.0.3...v5.0.4) ### [`v5.0.3`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#503---2015-07-15) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.0.2...v5.0.3) - Added nbf support ([f26ba4e2fa197a20497632b63ffcd13ae93aacc4](https://redirect.github.com/auth0/node-jsonwebtoken/commit/f26ba4e2fa197a20497632b63ffcd13ae93aacc4)) - Added support for subject and jwt id ([ab76ec5bc554e2d1e25376ddb7cea711d86af651](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ab76ec5bc554e2d1e25376ddb7cea711d86af651)) - Fix `this` referring to the global object instead of `module.exports` in `verify()` ([93f554312e37129027fcf4916f48cb8d1b53588c](https://redirect.github.com/auth0/node-jsonwebtoken/commit/93f554312e37129027fcf4916f48cb8d1b53588c)) - Fix typo, line 139 README, complete option for .decode. ([59c110aeb8c7c1847ef2ffd77702d13627c89e10](https://redirect.github.com/auth0/node-jsonwebtoken/commit/59c110aeb8c7c1847ef2ffd77702d13627c89e10)) - minor ([61ff1172272b582902313e958058ff22413494af](https://redirect.github.com/auth0/node-jsonwebtoken/commit/61ff1172272b582902313e958058ff22413494af)) ### [`v5.0.2`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#502---2015-06-15) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.0.1...v5.0.2) - fix typo in docs . closes [#86](https://redirect.github.com/auth0/node-jsonwebtoken/issues/86) ([3d3413221f36acef4dfd1cbed87f1f3565cd6f84](https://redirect.github.com/auth0/node-jsonwebtoken/commit/3d3413221f36acef4dfd1cbed87f1f3565cd6f84)), closes [#86](https://redirect.github.com/auth0/node-jsonwebtoken/issues/86) ### [`v5.0.1`](https://redirect.github.com/auth0/node-jsonwebtoken/blob/HEAD/CHANGELOG.md#501---2015-05-15) [Compare Source](https://redirect.github.com/auth0/node-jsonwebtoken/compare/v5.0.0...v5.0.1) - Add option to return header and payload when decoding. ([7254e011b59f892d1947e6c11819281adac7069d](https://redirect.github.com/auth0/node-jsonwebtoken/commit/7254e011b59f892d1947e6c11819281adac7069d)) - Avoid uncaught "SyntaxError: Unexpected token ͧ" error. ([0dc59cd6ee15d83a606acffa7909ee76176ae186](https://redirect.github.com/auth0/node-jsonwebtoken/commit/0dc59cd6ee15d83a606acffa7909ee76176ae186)) - Document complete option in README. ([ec32b20241a74d9681ea26e1a7024b4642468c00](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ec32b20241a74d9681ea26e1a7024b4642468c00)) - Fix example in README, silence verbose logging. ([ba3174d10033c41e9c211a38f1cc67f74fbd7f69](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ba3174d10033c41e9c211a38f1cc67f74fbd7f69)) - Fix link to auth0.com in README ([1b3c5ff72c9bc25e9271646e679f3080f2a042a0](https://redirect.github.com/auth0/node-jsonwebtoken/commit/1b3c5ff72c9bc25e9271646e679f3080f2a042a0)) - Immediate return if not decoded. ([851bda2b10168f3269c3da6e74d310742f31a193](https://redirect.github.com/auth0/node-jsonwebtoken/commit/851bda2b10168f3269c3da6e74d310742f31a193)) - Prevent throw on undefined/null secret ([0fdf78d4dbf609455f3277d6169a987aef0384d4](https://redirect.github.com/auth0/node-jsonwebtoken/commit/0fdf78d4dbf609455f3277d6169a987aef0384d4)) - Removed path from test ([d6240e24186732d368bffe21143becf44c38f0d6](https://redirect.github.com/auth0/node-jsonwebtoken/commit/d6240e24186732d368bffe21143becf44c38f0d6)) - Simplified checking for missing key ([f1cffd033bffc44f20558eda4a797c3fa2f4ee05](https://redirect.github.com/auth0/node-jsonwebtoken/commit/f1cffd033bffc44f20558eda4a797c3fa2f4ee05)) - Typo ([ffe68dbe0219bab535c1018448eb4c0b22f1f902](https://redirect.github.com/auth0/node-jsonwebtoken/commit/ffe68dbe0219bab535c1018448eb4c0b22f1f902)) - Update CHANGELOG.md ([927cce0dad1bc9aad75aeef53e276cf4cfc0d776](https://redirect.github.com/auth0/node-jsonwebtoken/commit/927cce0dad1bc9aad75aeef53e276cf4cfc0d776)) - Update CHANGELOG.md ([6879e0fdde222995c70a3a69a4af94993d9c667e](https://redirect.github.com/auth0/node-jsonwebtoken/commit/6879e0fdde222995c70a3a69a4af94993d9c667e)) - Update CHANGELOG.md ([c5596c10e8705727fa13e0394184a606083078bc](https://redirect.github.com/auth0/node-jsonwebtoken/commit/c5596c10e8705727fa13e0394184a606083078bc)) - Update CHANGELOG.md ([07541f0315f26d179e1cde92732b6124d6869b6f](https://redirect.github.com/auth0/node-jsonwebtoken/commit/07541f0315f26d179e1cde92732b6124d6869b6f)) - Update CHANGELOG.md ([e6465d48ddd1dc2c3297229b28c78fd5490a2ba9](https://redirect.github.com/auth0/node-jsonwebtoken/commit/e6465d48ddd1dc2c3297229b28c78fd5490a2ba9))Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.