v0.11.0

• Compatibility with Plug 1.14 (#13)

v0.10.0

• Add header_name configuration option, to specify the HTTP request header that contains the signature
• Support multiple Authorization headers, selecting the first one with "Signature" scheme

This version required Elixir 1.10 or later.

v0.9.0

• Support Erlang/OTP 24.0 (thanks @cieniewski)
• Drop Elixir 1.6 support

v0.8.1

• Improved Phoenix Endpoint testing with PlugSignature.ConnTest

v0.8.0

• Automatically add Host header from PlugSignature.ConnTest.with_signature (becausePlug.Test and Phoenix.ConnTest do not set it by default)
• Deprecate PlugSignature.ConnTest.with_digest/2; use https://hex.pm/packages/plug_body_digest instead

v0.7.0

Reverts RSASSA-PSS parameter changes in v0.6.0. I believe the parameters used in the HTTP signatures compliance test suite are actually incorrect, and the draft itself does not specify any special values.

There is no reason to believe the authors of the spec intended to use a non-default hash function, especially since this would go against best practices mentioned in RFC8017 (referenced from the spec) and would hurt interoperability, as not all libraries allow the user to modify the PSS defaults.

Hopefully any ambiguity will be cleared up as the new draft-ietf-httpbis-message-signatures (see #1) matures.

v0.6.0

Compliance improvements after partial testing using http-signatures-test-suite. Note that some changes in RSA signature implementation and header handling may break compatibility with prior versions!

v0.5.0

Initial public release 🎉