Today we bring you a minor release for cbSecurity packed with features! Version 2.2 brings a complete overhaul of our
jwt library and we have now switched over to the
jwtcfml (https://forgebox.io/view/jwt-cfml) library which has given us a huge boost in capabilities especially supporting
ES algorithms. Check out their ForgeBox entry page to see all the features we inherit by using it.
We have also focused on improving our JWT and API security on this release, so check out the release notes for all the goodness!
# Install install cbsecurity # Update update cbsecurity
Feature: Migrated from the jwt to the
jwtcfml(https://forgebox.io/view/jwt-cfml) library to expand encoding/decoding capabilities to support
Feature: Added a new convenience method on the JWT Service:
isTokenInStorage( token )to verify if a token still exists in the token storage
Feature: If no jwt secret is given in the settings, we will dynamically generate one that will last for the duration of the application scope.
Feature: New setting for
issuer, you can now set the issuer of tokens string or if not set, then cbSecurity will use the home page URI as the issuer of authority string.
Feature: All tokens will be validated that the same
iss(Issuer) has granted the token
Improve: Ability to have defaults for all JWT settings instead of always typing them in the configs
Improve: More cfformating goodness!
Bug: Invalidation of tokens was not happening due to not using the actual key for the storage