JWTKit is no longer Boring!

If you follow the Swift forums carefully you might have noticed the announcement that Swift 5.10 will be the last release before Swift 6. This provides Vapor a timeline for a future Vapor 5 release and we can start planning as to what that will look like.

A large part of that will be updating and migrating all of our packages to take advantage of modern Swift language features and design patterns, foremost among which is structured concurrency. The first package to be updated is JWTKit, which has been in the works for a while now.

→ blog.vapor.codes/posts/jwtkit-v5/

The Swift Server Workgroup announced that Swift 5.10 will be the final release before Swift 6, prompting Vapor to plan Vapor 5, with JWTKit v5 as the first package to adopt modern Swift features like full Sendable compliance and Swift 6’s strict concurrency mode.

JWTKit v5 replaces its BoringSSL dependency with SwiftCrypto, reducing compile times and enhancing safety, and introduces RSA-PSS signing while nesting RSA types in an Insecure namespace to discourage use.

The API shifts to an actor-based JWTKeyCollection, requiring async calls for signing and verifying, and supports custom headers with dynamic member lookup and customisable parsing/serialising.