What's New With 2.2.0


  • Feature : Migrated from the jwt to the jwtcfml (https://forgebox.io/view/jwt-cfml) library to expand encoding/decoding capabilities to support RS and ES algorithms:
    • HS256
    • HS384
    • HS512
    • RS256
    • RS384
    • RS512
    • ES256
    • ES384
    • ES512
  • Feature : Added a new convenience method on the JWT Service: isTokenInStorage( token ) to verify if a token still exists in the token storage
  • Feature : If no jwt secret is given in the settings, we will dynamically generate one that will last for the duration of the application scope.
  • Feature : New setting for jwt struct: issuer, you can now set the issuer of tokens string or if not set, then cbSecurity will use the home page URI as the issuer of authority string.
  • Feature : All tokens will be validated that the same iss (Issuer) has granted the token


  • Improve : Ability to have defaults for all JWT settings instead of always typing them in the configs
  • Improve : More formattting goodness!


  • Bug : Invalidation of tokens was not happening due to not using the actual key for the storage
Copy link
Edit on GitHub