Verifications not functioning in latest release

[tpickett66]

After updating an app to 1.5.2 we're seeing some test failures due to exceptions not being raised when issuer, audience, and subject claims are mismatched. I'll investigate further and add info as I find it.

[tpickett66]

Haha, after trying to reproduce the issue outside the app I'm not seeing it. Sorry for the false alarm.

[tpickett66]

As it turns out there was a change. The verification routines still work but only when all keys in the options hash are symbols, previously both symbol and string keys worked.

require 'jwt'

key = 'superSekretK3yz!'
config = {
  'iss' => 'foo'
}

payload = {
  foo: 'bar',
}

token = JWT.encode(config.merge(payload), key)
decoded = JWT.decode(token, key, true, {'iss' => 'other', 'verify_iss' => true}) # succeeds
decoded = JWT.decode(token, key, true, {'iss' => 'other', verify_iss: true}) # succeeds
decoded = JWT.decode(token, key, true, {iss: 'other', 'verify_iss' => true}) # succeeds
decoded = JWT.decode(token, key, true, {iss: 'other', verify_iss: true}) # fails to decode

Edit: Edited to add additional information and modify the repro script.

[tpickett66]

Looks using the above as the basis of a good/bad script for git bisect I landed on c490860 as the first commit with the changed behavior. Based on the commit message Change hash syntax it looks like the change was intentional :-(

[excpt]

Thanks for the feedback and your investigation results.
This is a nice solution for the string vs. hash situation.
Thanks for the contribution.