Add support for Apple Silicon

This patch was authored by @0xTim and released by @tanner0101.

Adds support for Apple Silicon (#32).

Boring SSL update

This patch was authored by @0xTim and released by @tanner0101.

Brings in the latest version of BoringSSL (#31).

Add typ, cty fields in the JWT header

This patch was authored by @Maxim-Inv and released by @tanner0101.

Adds typ and cty fields to the JWT header (#25, fixes #5).

• Add typ header as parameter making "JWT" the default.

• Allow setting cty during JWT signing.

let signer = JWTSigner.hs256(key: keyData)`
let token = try signer.sign(payload, cty: "twilio-fpa;v=1")

Migrate HMAC to Crypto

This patch was authored and released by @0xTim.

Migrate all the HMAC code away from BoringSSL to Swift Crypto (#24).

Create a generic `JWTMultiValueClaim` protocol

This patch was authored and released by @gwynne.

• Allows much simpler implementation of JWT claims with multiple values.
• Switches to this implementation for AudienceClaim

Give `AudienceClaim` more powers

This patch was authored and released by @gwynne.

• Allow AudienceClaim to represent more than one audience, per RFC 7519 § 4.1.3
• Add verifyIntendedAudience(includes:) method for conveniently verifying that the audience is the intended one.
• Add unit tests for new functionality.

Because the Value type of AudienceClaim is now [String] instead of String, this change is API-breaking!

This would normally require a semver-major update, but as the package is still in RC, I think it can scrape past with a semver-minor, especially since the change is to obey spec.

Added the nonce_supported claim to AppleIdentityToken

The claim was missing.

This patch was authored and released by @grosch.

Release Candidate 1

Updates to Swift 5.2.

Release candidates represent the final shift toward focusing on bug fixes and documentation. Breaking changes will only be accepted for critical issues. We expect a final release of this package shortly after Swift 5.2's release date.

Fixes Codable support for LocaleClaim

Previously, LocaleClaims were not decoded from JWTs correctly. This patch fixes their behavior and adds tests to prevent regression.

Fix ECDSA signature size

Correctly serializes ECDSA signature R / S values according to elliptic curve.

Before this patch, the code assumes R / S values will be 32 bytes. This is true for P-256 and P-384 keys, but is not true for P-521 keys. P-521 keys result in 66 byte R / S values.

From https://tools.ietf.org/html/rfc7515#appendix-A.3:

Section on ES256

We need to split the 64 member octet sequence of the JWS Signature

Section on ES512

We need to split the 132-member octet sequence of the JWS Signature into two 66-octet sequences

Note that the curve name (i.e., P-521) is different than the JWT algorithm name (i.e., ES512). The 512 in ES512 refers to SHA512. Also note that P-521 != 512, that's not a typo.

In order to support the different key curves dynamically, the signer now gets the curve name from the key during signing and verification. This curve is used to determine how wide the R / S values should be.