jwt · anakinj · Dec 28, 2024 · Dec 28, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,7 @@
 - Remove deprecated claim verification methods [#654](https://github.com/jwt/ruby-jwt/pull/654) ([@anakinj](https://github.com/anakinj))
 - Remove dependency to rbnacl [#655](https://github.com/jwt/ruby-jwt/pull/655) ([@anakinj](https://github.com/anakinj))
 - Support only stricter base64 decoding (RFC 4648) [#658](https://github.com/jwt/ruby-jwt/pull/658) ([@anakinj](https://github.com/anakinj))
+- Custom algorithms are required to include `JWT::JWA::SigningAlgorithm` [#660](https://github.com/jwt/ruby-jwt/pull/560) ([@anakinj](https://github.com/anakinj))
 
 Take a look at the [upgrade guide](UPGRADING.md) for more details.
 

diff --git a/lib/jwt.rb b/lib/jwt.rb
@@ -5,7 +5,6 @@
 require 'jwt/json'
 require 'jwt/decode'
 require 'jwt/configuration'
-require 'jwt/deprecations'
 require 'jwt/encode'
 require 'jwt/error'
 require 'jwt/jwk'
@@ -44,8 +43,6 @@ def encode(payload, key, algorithm = 'HS256', header_fields = {})
   # @param options [Hash] additional options for decoding.
   # @return [Array<Hash>] the decoded payload and headers.
   def decode(jwt, key = nil, verify = true, options = {}, &keyfinder) # rubocop:disable Style/OptionalBooleanParameter
-    Deprecations.context do
-      Decode.new(jwt, key, verify, configuration.decode.to_h.merge(options), &keyfinder).decode_segments
-    end
+    Decode.new(jwt, key, verify, configuration.decode.to_h.merge(options), &keyfinder).decode_segments
   end
 end
diff --git a/lib/jwt/configuration/container.rb b/lib/jwt/configuration/container.rb
@@ -30,7 +30,6 @@ def initialize
       def reset!
         @decode                 = DecodeConfiguration.new
         @jwk                    = JwkConfiguration.new
-        @strict_base64_decoding = false
 
         self.deprecation_warnings = :once
       end

diff --git a/lib/jwt/deprecations.rb b/lib/jwt/deprecations.rb
diff --git a/lib/jwt/jwa.rb b/lib/jwt/jwa.rb
@@ -2,15 +2,13 @@
 
 require 'openssl'
 
-require_relative 'jwa/compat'
 require_relative 'jwa/signing_algorithm'
 require_relative 'jwa/ecdsa'
 require_relative 'jwa/hmac'
 require_relative 'jwa/none'
 require_relative 'jwa/ps'
 require_relative 'jwa/rsa'
 require_relative 'jwa/unsupported'
-require_relative 'jwa/wrapper'
 
 module JWT
   # The JWA module contains all supported algorithms.
@@ -20,10 +18,7 @@ class << self
       def resolve(algorithm)
         return find(algorithm) if algorithm.is_a?(String) || algorithm.is_a?(Symbol)
 
-        unless algorithm.is_a?(SigningAlgorithm)
-          Deprecations.warning('Custom algorithms are required to include JWT::JWA::SigningAlgorithm. Custom algorithms that do not include this module may stop working in the next major version of ruby-jwt.')
-          return Wrapper.new(algorithm)
-        end
+        raise ArgumentError, 'Custom algorithms are required to include JWT::JWA::SigningAlgorithm' unless algorithm.is_a?(SigningAlgorithm)
 
         algorithm
       end

diff --git a/lib/jwt/jwa/compat.rb b/lib/jwt/jwa/compat.rb
diff --git a/lib/jwt/jwa/signing_algorithm.rb b/lib/jwt/jwa/signing_algorithm.rb
@@ -14,7 +14,6 @@ def register_algorithm(algo)
 
       def self.included(klass)
         klass.extend(ClassMethods)
-        klass.include(JWT::JWA::Compat)
       end
 
       attr_reader :alg

diff --git a/lib/jwt/jwa/wrapper.rb b/lib/jwt/jwa/wrapper.rb
diff --git a/spec/jwt/jwa/ecdsa_spec.rb b/spec/jwt/jwa/ecdsa_spec.rb
@@ -31,12 +31,4 @@
       end
     end
   end
-
-  context 'backwards compatibility' do
-    it 'signs and verifies' do
-      key = OpenSSL::PKey::EC.generate('prime256v1')
-      signature = described_class.sign('ES256', 'data', key)
-      expect(described_class.verify('ES256', key, 'data', signature)).to be(true)
-    end
-  end
 end
diff --git a/spec/jwt/jwa/hmac_spec.rb b/spec/jwt/jwa/hmac_spec.rb
@@ -125,12 +125,4 @@
       it { is_expected.to be(false) }
     end
   end
-
-  context 'backwards compatibility' do
-    it 'signs and verifies' do
-      signature = described_class.sign('HS256', 'data', 'key')
-      expect(signature).to be_a(String)
-      expect(described_class.verify('HS256', 'key', 'data', signature)).to be(true)
-    end
-  end
 end
diff --git a/spec/jwt/jwa/ps_spec.rb b/spec/jwt/jwa/ps_spec.rb
@@ -69,11 +69,4 @@
       end
     end
   end
-
-  context 'backwards compatibility' do
-    it 'signs and verifies' do
-      signature = described_class.sign('PS256', 'data', rsa_key)
-      expect(described_class.verify('PS256', rsa_key, 'data', signature)).to be(true)
-    end
-  end
 end
diff --git a/spec/jwt/jwa/rsa_spec.rb b/spec/jwt/jwa/rsa_spec.rb
@@ -50,11 +50,4 @@
       end
     end
   end
-
-  context 'backwards compatibility' do
-    it 'signs and verifies' do
-      signature = described_class.sign('RS256', 'data', rsa_key)
-      expect(described_class.verify('RS256', rsa_key, 'data', signature)).to be(true)
-    end
-  end
 end
diff --git a/spec/jwt/jwt_spec.rb b/spec/jwt/jwt_spec.rb
@@ -899,9 +899,8 @@ def verify(*)
         end
       end
 
-      it 'emits a deprecation warning' do
-        expect { token }.to output(/.*Custom algorithms are required to include JWT::JWA::SigningAlgorithm.*/).to_stderr
-        expect(JWT.decode(token, 'secret', true, algorithm: custom_algorithm.new)).to eq([payload, { 'alg' => 'custom', 'foo' => 'bar' }])
+      it 'raises an error' do
+        expect { token }.to raise_error(ArgumentError, 'Custom algorithms are required to include JWT::JWA::SigningAlgorithm')
       end
     end