Conversation
kridai
approved these changes
Apr 21, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Adds JDK 21 build/test support while keeping JDK 8 bytecode compatibility, and updates JWT-related APIs to use jjwt 0.12.x SecureDigestAlgorithm/Jwts.SIG.* instead of deprecated SignatureAlgorithm.
Changes:
- Add Maven profiles/properties to support testing on JDK 8 and JDK 11+ (incl. 21) with appropriate Surefire configuration.
- Migrate public JWT/validation APIs and usages from
SignatureAlgorithmtoSecureDigestAlgorithmwithJwts.SIG.*constants. - Replace deprecated
URLEncodedUtilswithURIBuilderinRequestValidatorand update docs/tests accordingly.
Reviewed changes
Copilot reviewed 15 out of 16 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| src/test/java/com/twilio/jwt/validation/ValidationTokenTest.java | Updates tests to use SecureDigestAlgorithm and Jwts.SIG.* constants. |
| src/test/java/com/twilio/http/RequestTest.java | Loosens URI error message assertion for cross-JDK variance. |
| src/test/java/com/twilio/compliance/ComplianceTest.java | Updates EqualsVerifier usage (suppresses BigDecimal equality warning). |
| src/main/java/com/twilio/security/RequestValidator.java | Switches query parsing from URLEncodedUtils to URIBuilder. |
| src/main/java/com/twilio/jwt/validation/ValidationToken.java | Updates supported algorithm handling and public API signatures to SecureDigestAlgorithm. |
| src/main/java/com/twilio/jwt/taskrouter/TaskRouterCapability.java | Replaces SignatureAlgorithm.HS256 with Jwts.SIG.HS256. |
| src/main/java/com/twilio/jwt/client/ClientCapability.java | Replaces SignatureAlgorithm.HS256 with Jwts.SIG.HS256. |
| src/main/java/com/twilio/jwt/accesstoken/AccessToken.java | Replaces SignatureAlgorithm.HS256 with Jwts.SIG.HS256. |
| src/main/java/com/twilio/jwt/Jwt.java | Refactors algorithm typing and signWith usage for jjwt 0.12.x APIs. |
| src/main/java/com/twilio/http/ValidationInterceptor.java | Updates constructor/API to accept SecureDigestAlgorithm and defaults to Jwts.SIG.RS256. |
| src/main/java/com/twilio/http/ValidationClient.java | Updates constructors/API to accept SecureDigestAlgorithm and defaults to Jwts.SIG.RS256. |
| src/main/java/com/twilio/example/ValidationExample.java | Updates example to use Jwts.SIG.PS256. |
| pom.xml | Adds JDK-specific profiles, upgrades plugin versions, and parameterizes dependency/plugin versions. |
| UPGRADE.md | Adds 11.x → 12.x upgrade notes and algorithm mapping guidance. |
| .gitignore | Ignores local Claude-related files. |
| .github/workflows/test-and-deploy.yml | Extends CI matrix to include Java 21. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| Request request = new Request(HttpMethod.DELETE, "http://{"); | ||
| ApiException e = assertThrows(ApiException.class, request::constructURL); | ||
| assertEquals("Bad URI: Illegal character in authority at index 7: http://{", e.getMessage()); | ||
| assertTrue(e.getMessage().startsWith("Bad UR")); |
Comment on lines
247
to
249
| public Builder algorithm(SecureDigestAlgorithm<? extends Key, ?> algorithm) { | ||
| if (!supportedAlgorithms.contains(algorithm)) { | ||
| throw new IllegalArgumentException("Not supported!"); |
| @@ -49,7 +50,7 @@ public ValidationInterceptor(String accountSid, String credentialSid, String sig | |||
| * @param algorithm Client validaiton algorithm | |||
Comment on lines
3
to
+6
| import io.jsonwebtoken.JwtBuilder; | ||
| import io.jsonwebtoken.Jwts; | ||
| import io.jsonwebtoken.SignatureAlgorithm; | ||
| import io.jsonwebtoken.security.MacAlgorithm; | ||
| import io.jsonwebtoken.security.SecureDigestAlgorithm; |
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Breaking Changes