v1.6.0

Changed

• Dropped support for python 2.6 and 3.3 #301
• An invalid signature now raises an InvalidSignatureError instead of DecodeError #316

Fixed

• Fix over-eager fallback to stdin #304

Added

• Audience parameter now supports iterables #306

v1.5.3

Changed

• Increase required version of the cryptography package to >=1.4.0.

Fixed

• Remove uses of deprecated functions from the cryptography package.
• Warn about missing algorithms param to decode() only when verify param is True #281

v1.5.2

Fixed

• Ensure correct arguments order in decode super call 7c1e61d

v1.5.1

Changed

• Change optparse for argparse. #238

Fixed

• Guard against PKCS1 PEM encododed public keys #277
• Add deprecation warning when decoding without specifying algorithms #277
• Improve deprecation messages #270
• PyJWT.decode: move verify param into options #271

Added

• Support for Python 3.6 #262
• Expose jwt.InvalidAlgorithmError #264

v1.5.0

Changed

• Add support for ECDSA public keys in RFC 4253 (OpenSSH) format #244
• Renamed commandline script jwt to jwt-cli to avoid issues with the script clobbering the jwt module in some circumstances. #187
• Better error messages when using an algorithm that requires the cryptography package, but it isn't available #230
• Tokens with future 'iat' values are no longer rejected #190
• Non-numeric 'iat' values now raise InvalidIssuedAtError instead of DecodeError
• Remove rejection of future 'iat' claims #252

Fixed

• Add back 'ES512' for backward compatibility (for now) #225
• Fix incorrectly named ECDSA algorithm #219
• Fix rpm build #196

Added

• Add JWK support for HMAC and RSA keys #202

v1.4.2

Bugfix release

v1.3.0

Fixed

• ECDSA (ES256, ES384, ES512) signatures are now being properly serialized [#158][
• RSA-PSS (PS256, PS384, PS512) signatures now use the proper salt length for PSS padding. [#163]

Added

• Added a new jwt.get_unverified_header() to parse and return the header portion of a token prior to signature verification.

Removed

• Python 3.2 is no longer a supported platform. This version of Python is rarely used. Users affected by this should upgrade to 3.3+.

v1.2.0

Fixed

• Added back verify_expiration= argument to jwt.decode() that was erroneously removed in 1.1.0.

Changed

• Refactored JWS-specific logic out of PyJWT and into PyJWS superclass. [#141]

Deprecated

• verify_expiration= argument to jwt.decode() is now deprecated and will be removed in a future version. Use the option= argument instead.

v1.1.0

Added

• Added support for PS256, PS384, and PS512 algorithms. [#132]
• Added flexible and complete verification options during decode. [#131]
• Added this CHANGELOG.md file.

Deprecated

• Deprecated usage of the .decode(..., verify=False) parameter.

Fixed

• Fixed command line encoding. [#128]

v1.0.1

Changelog

• [BUGFIX] Include jwt/contrib' andjwt/contrib/algorithms` when installing. Ref 882524d