@astronautlabs/jwt 0.0.12

package/src/engine.test.ts

@@ -0,0 +1,173 @@
+import { suite } from 'razmin';
+import { expect } from 'chai';
+import { JWTEngine, DecodeOptions } from './common';
+import * as RS256Fixtures from './fixtures/rs256.fixture';
+import * as RS512Fixtures from './fixtures/rs512.fixture';
+import * as ES256Fixtures from './fixtures/es256.fixture';
+import * as HS256Fixtures from './fixtures/hs256.fixture';
+import * as HS384Fixtures from './fixtures/hs384.fixture';
+import * as HS512Fixtures from './fixtures/hs512.fixture';
+
+export interface AlgorithmFixtures {
+    SAMPLE_PUBKEY : string;
+    SAMPLE_PRIVATEKEY : string;
+    SAMPLE_TOKEN : string;
+    SAMPLE_TOKEN_INVALID : string;
+    SAMPLE_PUBKEY_2 : string;
+    SAMPLE_PRIVATEKEY_2 : string;
+}
+
+const ALGORITHMS = {
+    HS256: HS256Fixtures,
+    HS384: HS384Fixtures,
+    HS512: HS512Fixtures,
+    RS256: RS256Fixtures,
+    RS512: RS512Fixtures,
+    ES256: ES256Fixtures,    
+};
+
+export function engineTest(subjectName : string, engine : JWTEngine) {
+    suite(describe => {
+        describe(subjectName, it => {
+            describe(': Validation', it => {
+                describe(': alg', it => {
+                    it('rejects tokens with the wrong algorithm', async () => {
+                        try {
+                            await engine.validate(HS256Fixtures.SAMPLE_TOKEN, { algorithm: 'RS256', secretOrKey: RS256Fixtures.SAMPLE_PUBKEY })
+                        } catch (e) {
+                            expect(e.message).to.contain('Token has incorrect algorithm');
+                            return;
+                        }
+
+                        throw new Error(`Should not accept token with incorrect algorithm`);
+                    });
+                });
+
+                describe(': exp', it => {
+                    it('rejects expired tokens by default', async () => {
+                        let options = { algorithm: 'HS256', secretOrKey: HS256Fixtures.SAMPLE_PUBKEY };
+                        let token = await engine.encode({ exp: (Date.now() - 1000) / 1000 }, options);
+
+                        try {
+                            await engine.validate(token.string, options)
+                        } catch (e) {
+                            expect(e.message).to.contain('Token is expired');
+                            return;
+                        }
+
+                        throw new Error(`Should not accept an expired token by default`);
+                    });
+
+                    it('rejects expired tokens with validate.exp=force', async () => {
+                        let options : DecodeOptions = { algorithm: 'HS256', secretOrKey: HS256Fixtures.SAMPLE_PUBKEY, validate: { exp: 'force' } };
+                        let token = await engine.encode({ exp: (Date.now() - 1000) / 1000 }, options);
+
+                        try {
+                            await engine.validate(token.string, options)
+                        } catch (e) {
+                            expect(e.message).to.contain('Token is expired');
+                            return;
+                        }
+
+                        throw new Error(`Should not accept an expired token with validate.exp=force`);
+                    });
+
+                    it('accepts fresh tokens with validate.exp=force', async () => {
+                        let options : DecodeOptions = { algorithm: 'HS256', secretOrKey: HS256Fixtures.SAMPLE_PUBKEY, validate: { exp: 'force' } };
+                        let token = await engine.encode({ sub: 'abcdef', exp: (Date.now() + 10000) / 1000 }, options);
+
+                        let validatedToken = await engine.validate(token.string, options)
+                        expect(validatedToken.claims.sub).to.equal('abcdef');
+                    });
+
+                    it('rejects tokens without exp claim when configured to do so', async () => {
+                        let options : DecodeOptions = { algorithm: 'HS256', secretOrKey: HS256Fixtures.SAMPLE_PUBKEY, validate: { exp: 'force' } };
+                        let token = await engine.encode({ sub: 'abcdef' }, options);
+
+                        try {
+                            await engine.validate(token.string, options)
+                        } catch (e) {
+                            expect(e.message).to.contain('Non-expiring tokens are not acceptable');
+                            return;
+                        }
+
+                        throw new Error(`Should not accept a token without exp claim when configured to require it`);
+                    });
+
+                    it('accepts expired tokens when configured to do so', async () => {
+                        let options : DecodeOptions = { algorithm: 'HS256', secretOrKey: HS256Fixtures.SAMPLE_PUBKEY, validate: { exp: 'ignore' } };
+                        let token = await engine.encode({ sub: 'abcdef', exp: (Date.now() - 1000) / 1000 }, options);
+                        let validatedToken = await engine.validate(token.string, options);
+                        expect(validatedToken.claims.sub).to.equal('abcdef');
+                    });
+                });
+            });
+
+            Object.keys(ALGORITHMS).forEach(alg => testAlgorithm(alg, ALGORITHMS[alg]));
+
+            function testAlgorithm(algorithm : string, fixtures : AlgorithmFixtures) {
+                describe(`: Algorithm=${algorithm}`, async () => {
+                    it('can verify a token', async () => {
+                        let token = await engine.validate(
+                            fixtures.SAMPLE_TOKEN, 
+                            { 
+                                algorithm, 
+                                secretOrKey: fixtures.SAMPLE_PUBKEY 
+                            }
+                        );
+                        expect(token.claims.sub).to.equal("1234567890");
+                        expect(token.claims.iat).to.equal(1516239022);
+                    });
+                    it('can detect a forged token', async () => {
+                        try {
+                            await engine.validate(fixtures.SAMPLE_TOKEN_INVALID, { 
+                                algorithm, 
+                                secretOrKey: fixtures.SAMPLE_PUBKEY 
+                            });
+                        } catch (e) {
+                            expect(e.message).to.contain('Invalid signature');
+                            return;
+                        }
+    
+                        throw new Error('Engine should have detected forgery');
+                    });
+                    it('fails to verify a token with wrong key', async () => {
+                        try {
+                            await engine.validate(fixtures.SAMPLE_TOKEN_INVALID, { 
+                                algorithm, 
+                                secretOrKey: fixtures.SAMPLE_PUBKEY_2
+                            });
+                        } catch (e) {
+                            expect(e.message).to.contain('Invalid signature');
+                            return;
+                        }
+    
+                        throw new Error('Engine should have failed to verify');
+                    });
+                    it('can sign a token', async () => {
+                        let token = await engine.encode({
+                            foo: 123,
+                            iat: 1598181440
+                        }, {
+                            algorithm,
+                            secretOrKey: fixtures.SAMPLE_PRIVATEKEY
+                        });
+    
+                        try {
+                            let validatedToken = await engine.validate(token.string, { 
+                                algorithm, 
+                                secretOrKey: fixtures.SAMPLE_PUBKEY 
+                            });
+                            expect(validatedToken.claims.iat).to.equal(1598181440);
+                        } catch (e) {
+                            console.error(`Caught error during .sign() test:`);
+                            console.error(e);
+                            throw new Error(`Should be able to validate signed token '${token.string}', caught error: ${e}`);
+                        }
+                    });
+                });
+            }
+
+        });
+    });
+}

package/src/fixtures/es256.fixture.ts

@@ -0,0 +1,25 @@
+
+export const SAMPLE_PUBKEY = `-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEVs/o5+uQbTjL3chynL4wXgUg2R9
+q9UU8I5mEovUf86QZ7kOBIjJwqnzD1omageEHWwHdBO6B+dFabmdT9POxg==
+-----END PUBLIC KEY-----`;
+export const SAMPLE_PRIVATEKEY = `-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgevZzL1gdAFr88hb2
+OF/2NxApJCzGCEDdfSp6VQO30hyhRANCAAQRWz+jn65BtOMvdyHKcvjBeBSDZH2r
+1RTwjmYSi9R/zpBnuQ4EiMnCqfMPWiZqB4QdbAd0E7oH50VpuZ1P087G
+-----END PRIVATE KEY-----`;
+
+export const SAMPLE_TOKEN = `eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.tyh-VfuzIxCyGYDlkBA7DfyjrqmSHu6pQ2hoZuFqUSLPNY2N0mpHb3nk5K17HWP_3cYHBw7AhHale5wky6-sVA`;
+export const SAMPLE_TOKEN_INVALID = `eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lISIsImFkbWluIjp0cnVlLCJpYXQiOjE1MTYyMzkwMjJ9.tyh-VfuzIxCyGYDlkBA7DfyjrqmSHu6pQ2hoZuFqUSLPNY2N0mpHb3nk5K17HWP_3cYHBw7AhHale5wky6-sVA`;
+
+
+export const SAMPLE_PUBKEY_2 = `-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7q33/7EWeDT8mkJxoA8b9hE++198
+pLrd34UbfmMQGERJcowNj3HFf/GDVuSYlmlqOe03JFJUQKIFK/tRKh49cA==    
+-----END PUBLIC KEY-----`;
+
+export const SAMPLE_PRIVATEKEY_2 = `-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgiJpVKn9jlq1LFAz3
+bSWEFjmU8IzLm/T+UK6tsHJGYj+hRANCAATurff/sRZ4NPyaQnGgDxv2ET77X3yk
+ut3fhRt+YxAYRElyjA2PccV/8YNW5JiWaWo57TckUlRAogUr+1EqHj1w
+-----END PRIVATE KEY-----`;

package/src/fixtures/hs256.fixture.ts

@@ -0,0 +1,6 @@
+export const SAMPLE_TOKEN = `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c`;
+export const SAMPLE_TOKEN_INVALID = `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_SNEAKYssw5c`;
+export const SAMPLE_PUBKEY = `your-256-bit-secret`;
+export const SAMPLE_PRIVATEKEY = `your-256-bit-secret`;
+export const SAMPLE_PUBKEY_2 = `wrong-key`;
+export const SAMPLE_PRIVATEKEY_2 = `wrong-key`;

package/src/fixtures/hs384.fixture.ts

@@ -0,0 +1,6 @@
+export const SAMPLE_TOKEN = `eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.bQTnz6AuMJvmXXQsVPrxeQNvzDkimo7VNXxHeSBfClLufmCVZRUuyTwJF311JHuh`;
+export const SAMPLE_TOKEN_INVALID = `eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lISIsImFkbWluIjp0cnVlLCJpYXQiOjE1MTYyMzkwMjJ9.bQTnz6AuMJvmXXQsVPrxeQNvzDkimo7VNXxHeSBfClLufmCVZRUuyTwJF311JHuh`;
+export const SAMPLE_PUBKEY = `your-384-bit-secret`;
+export const SAMPLE_PRIVATEKEY = `your-384-bit-secret`;
+export const SAMPLE_PUBKEY_2 = `wrong-key-384`;
+export const SAMPLE_PRIVATEKEY_2 = `wrong-key-384`;

package/src/fixtures/hs512.fixture.ts

@@ -0,0 +1,6 @@
+export const SAMPLE_TOKEN = `eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.VFb0qJ1LRg_4ujbZoRMXnVkUgiuKq5KxWqNdbKq_G9Vvz-S1zZa9LPxtHWKa64zDl2ofkT8F6jBt_K4riU-fPg`;
+export const SAMPLE_TOKEN_INVALID = `eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lISIsImFkbWluIjp0cnVlLCJpYXQiOjE1MTYyMzkwMjJ9.VFb0qJ1LRg_4ujbZoRMXnVkUgiuKq5KxWqNdbKq_G9Vvz-S1zZa9LPxtHWKa64zDl2ofkT8F6jBt_K4riU-fPg`;
+export const SAMPLE_PUBKEY = `your-512-bit-secret`;
+export const SAMPLE_PRIVATEKEY = `your-512-bit-secret`;
+export const SAMPLE_PUBKEY_2 = `wrong-key-512`;
+export const SAMPLE_PRIVATEKEY_2 = `wrong-key-512`;

package/src/fixtures/rs256.fixture.ts

@@ -0,0 +1,81 @@
+
+export const SAMPLE_PUBKEY = `-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzyis1ZjfNB0bBgKFMSv
+vkTtwlvBsaJq7S5wA+kzeVOVpVWwkWdVha4s38XM/pa/yr47av7+z3VTmvDRyAHc
+aT92whREFpLv9cj5lTeJSibyr/Mrm/YtjCZVWgaOYIhwrXwKLqPr/11inWsAkfIy
+tvHWTxZYEcXLgAXFuUuaS3uF9gEiNQwzGTU1v0FqkqTBr4B8nW3HCN47XUu0t8Y0
+e+lf4s4OxQawWD79J9/5d3Ry0vbV3Am1FtGJiJvOwRsIfVChDpYStTcHTCMqtvWb
+V6L11BWkpzGXSW4Hv43qa+GSYOD2QU68Mb59oSk2OB+BtOLpJofmbGEGgvmwyCI9
+MwIDAQAB
+-----END PUBLIC KEY-----`;
+export const SAMPLE_PRIVATEKEY = `-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCfPKKzVmN80HRs
+GAoUxK++RO3CW8GxomrtLnAD6TN5U5WlVbCRZ1WFrizfxcz+lr/Kvjtq/v7PdVOa
+8NHIAdxpP3bCFEQWku/1yPmVN4lKJvKv8yub9i2MJlVaBo5giHCtfAouo+v/XWKd
+awCR8jK28dZPFlgRxcuABcW5S5pLe4X2ASI1DDMZNTW/QWqSpMGvgHydbccI3jtd
+S7S3xjR76V/izg7FBrBYPv0n3/l3dHLS9tXcCbUW0YmIm87BGwh9UKEOlhK1NwdM
+Iyq29ZtXovXUFaSnMZdJbge/jepr4ZJg4PZBTrwxvn2hKTY4H4G04ukmh+ZsYQaC
++bDIIj0zAgMBAAECggEAKIBGrbCSW2O1yOyQW9nvDUkA5EdsS58Q7US7bvM4iWpu
+DIBwCXur7/VuKnhn/HUhURLzj/JNozynSChqYyG+CvL+ZLy82LUE3ZIBkSdv/vFL
+Ft+VvvRtf1EcsmoqenkZl7aN7HD7DJeXBoz5tyVQKuH17WW0fsi9StGtCcUl+H6K
+zV9Gif0Kj0uLQbCg3THRvKuueBTwCTdjoP0PwaNADgSWb3hJPeLMm/yII4tIMGbO
+w+xd9wJRl+ZN9nkNtQMxszFGdKjedB6goYLQuP0WRZx+YtykaVJdM75bDUvsQar4
+9Pc21Fp7UVk/CN11DX/hX3TmTJAUtqYADliVKkTbCQKBgQDLU48tBxm3g1CdDM/P
+ZIEmpA3Y/m7e9eX7M1Uo/zDh4G/S9a4kkX6GQY2dLFdCtOS8M4hR11Io7MceBKDi
+djorTZ5zJPQ8+b9Rm+1GlaucGNwRW0cQk2ltT2ksPmJnQn2xvM9T8vE+a4A/YGzw
+mZOfpoVGykWs/tbSzU2aTaOybQKBgQDIfRf6OmirGPh59l+RSuDkZtISF/51mCV/
+S1M4DltWDwhjC2Y2T+meIsb/Mjtz4aVNz0EHB8yvn0TMGr94Uwjv4uBdpVSwz+xL
+hHL7J4rpInH+i0gxa0N+rGwsPwI8wJG95wLY+Kni5KCuXQw55uX1cqnnsahpRZFZ
+EerBXhjqHwKBgBmEjiaHipm2eEqNjhMoOPFBi59dJ0sCL2/cXGa9yEPA6Cfgv49F
+V0zAM2azZuwvSbm4+fXTgTMzrDW/PPXPArPmlOk8jQ6OBY3XdOrz48q+b/gZrYyO
+A6A9ZCSyW6U7+gxxds/BYLeFxF2v21xC2f0iZ/2faykv/oQMUh34en/tAoGACqVZ
+2JexZyR0TUWf3X80YexzyzIq+OOTWicNzDQ29WLm9xtr2gZ0SUlfd72bGpQoyvDu
+awkm/UxfwtbIxALkvpg1gcN9s8XWrkviLyPyZF7H3tRWiQlBFEDjnZXa8I7pLkRO
+Cmdp3fp17cxTEeAI5feovfzZDH39MdWZuZrdh9ECgYBTEv8S7nK8wrxIC390kroV
+52eBwzckQU2mWa0thUtaGQiU1EYPCSDcjkrLXwB72ft0dW57KyWtvrB6rt1ORgOL
+eI5hFbwdGQhCHTrAR1vG3SyFPMAm+8JB+sGOD/fvjtZKx//MFNweKFNEF0C/o6Z2
+FXj90PlgF8sCQut36ZfuIQ==
+-----END PRIVATE KEY-----`;
+
+export const SAMPLE_TOKEN = `eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.POstGetfAytaZS82wHcjoTyoqhMyxXiWdR7Nn7A29DNSl0EiXLdwJ6xC6AfgZWF1bOsS_TuYI3OG85AmiExREkrS6tDfTQ2B3WXlrr-wp5AokiRbz3_oB4OxG-W9KcEEbDRcZc0nH3L7LzYptiy1PtAylQGxHTWZXtGz4ht0bAecBgmpdgXMguEIcoqPJ1n3pIWk_dUZegpqx0Lka21H6XxUTxiy8OcaarA8zdnPUnV6AmNP3ecFawIFYdvJB_cm-GvpCSbr8G8y_Mllj8f4x9nBH8pQux89_6gUY618iYv7tuPWBFfEbLxtF2pZS6YC1aSfLQxeNe8djT9YjpvRZA`;
+export const SAMPLE_TOKEN_INVALID = `eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.fbMk59LQGNup5Jq9_Vq-Df3f1I8YcM_qzgrhl6R33PviVR6jskvlI__B27nZNh3A0CbH5XmCFAFrF41q2C_-EJAz3Wc9ndNBAu9c2EaF8FDDLsVfpVajApO-iQmt2pE_D54QOOw9VRWEBvx-690DMrZVV8R8wWrNgKZ90kQyxGRQKqWDgOAygBoPMxd4goy9_TKDl6D876bE5hlL2AIRP2Gj1EmA2cMaP2T4kGut-XYBmUKRfQUvDYowzsLid6ejhgUzqA7HAk_pC6E9FS79I0f5XLKaOnELOOKOUTHaCexTeYqfvYxSmpvDokFB1jKiEh1dIrkXNLlMFPTJRMWijA`;
+
+
+export const SAMPLE_PUBKEY_2 = `-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzyis1ZjfNB0bBgKFMSv
+vkTtwlvBsaJq7S5wA+kzeVOVpVWwkWdVha4s38XM/pa/yr47av7+z3VTmvDRyAHc
+aT92whREFpLv9cj5lTeJSibyr/Mrm/YtjCZVWgaOYIhwrXwKLqPr/11inWsAkfIy
+tvHWTxZYEcXLgAXFuUuaS3uF9gEiNQwzGTU1v0FqkqTBr4B8nW3HCN47XUu0t8Y0
+e+lf4s4OxQawWD79J9/5d3Ry0vbV3Am1FtGJiJvOwRsIfVChDpYStTcHTCMqtvWb
+V6L11BWkpzGXSW4Hv43qa+GSYOD2QU68Mb59oSk2OB+BtOLpJofmbGEGgvmwyCI9
+MwIDAQAB
+-----END PUBLIC KEY-----`;
+
+export const SAMPLE_PRIVATEKEY_2 = `-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDfj0kY6x9bEcNe
+UUtRxPDzQ6rdaVnsC82QPdnwrXqrd6Bu+HmsmcKfwNxTT5m7H2gDQ+clEn7zTJ+u
+sLB3moSmiz6mfRE87rTgNSW5Y8l9uvsV2GCEf1+GIBtdw75Cicq1fE8v+4yMu4xk
+8NJkY4AyhihOsq7QARB6i1KM5FHOh2aYMZQI+Hx1J9M6fj0GKJbCJh2VkXyqwNb9
+3SvfYLPLSSkTmzOpdRxQfI8Ql9pri0zHUerhFzy8wmHhSz52qRJknZKnhKU6HAsX
+v7a5lh8C5fXcgad6tpmKJKBpEx00EtLMyqkb0gBzjKUvEbqWjB5659LH6WQZeMuY
+g6abbDbnAgMBAAECggEAL3y/OTTQf0bBqio4hpD/4ZyREeEMAdDsBGSvA6nF8eBC
+SvAq4Ff0+Hw+ENBKxm3AaVkmI0DPiJzRGolborxGyx2u3Cya2ceW0j1X2w5wQW3T
+YeuJbPulbdcqGPu4UWf1kCFsrLORQl+gTdy9xCdClvjaXQUljvd66Zzolxb0rZq9
+keRREJ55VZazBhwjtvfwII7chwzNdFzAX5Ft9IPFOaBoi13bCPTzUPeIazbktwIv
+FpKA51M12LF+fJpY608ACP5FR6ShnAxPbvpgOcVtxhuBvAdDu2jTvB9yASsNnHjE
+VXp1mTBTx+HsO6onIFqkN5fC/3ds+3zyOScu6RkGMQKBgQD7/h/lKRtEWJVML+ag
+a+V2WUy6Yel5IgF7DeH8Z78QOLhB1MUr8jXD8skMcTZiSYuF8rRV5FVHAbv+pnwC
+NkZclCNQqoOVbhIT8wBV+TE0ay5ZSLqLkhCdmmYaBg6WccfzPmcIRwTgC3QWSyku
+jjpRLxEPTEzbnNRuKFaOSbctKQKBgQDjHWiqiSXXEbQdI80cJmoz1o+gLtUKVdK/
+GyUak/AX4PLhG4VZHHHt/AArPYr+eEQcN6aCsWU8qRt6H3LyhBjev93CHAKs4snG
++edQ7xK0kqervR4KXweTD+wqUVglvqmstGwkI33CFUZwE7t6bKgmALfgdeJxFCLM
+ScV8y0y1jwKBgQDZXjh9IJxYtGD0u00hjHD/ScCZ9ePDjcXhM/SAGa4CfCrU/oim
+g+RFBqTOisnytqYYAWf1v2SgP6q+2zWVYuQG7/IWnz+qIqyNcMwVXUNIiDwO4GGq
+C3ExwgHY6OikdbmY5XdS+JAIA1k78dGwSxea+BKrM5IIzpuf+kPPsV7FIQKBgAOW
+NE/1KIbT/b80EIowRR8adVw3QSAPqOtht11LFtCZudw6PgnhPB9hCnOkXiyUo6a6
+bkPEH3Asz4VHN96CnY3vA8aMALLQRhWBXtjVXbtCUamRrAbH52u4JaepbzXxY+aZ
+VtffQ54sDde5SA2v55vqCP1ffzr/8Wi+hYLqBwUbAoGBAIhtiyG3DVX0j0z1EICq
+ZR2HJJk7KKPcrUGW0fbNqnxIrjqBq22PGD6rkFHQFpD/y/u7NGpOFU12tk099ly+
+EZFf9T6VsMw+7sUFo88gTDL9BK6IBcsYDr5I7QfN5WkXbsrx/s9Yll7urISU3z7o
+eUhPf0cYfvNPR4eQb5FLLrDX
+-----END PRIVATE KEY-----`;

package/src/fixtures/rs512.fixture.ts

@@ -0,0 +1,81 @@
+
+export const SAMPLE_PUBKEY = `-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzyis1ZjfNB0bBgKFMSv
+vkTtwlvBsaJq7S5wA+kzeVOVpVWwkWdVha4s38XM/pa/yr47av7+z3VTmvDRyAHc
+aT92whREFpLv9cj5lTeJSibyr/Mrm/YtjCZVWgaOYIhwrXwKLqPr/11inWsAkfIy
+tvHWTxZYEcXLgAXFuUuaS3uF9gEiNQwzGTU1v0FqkqTBr4B8nW3HCN47XUu0t8Y0
+e+lf4s4OxQawWD79J9/5d3Ry0vbV3Am1FtGJiJvOwRsIfVChDpYStTcHTCMqtvWb
+V6L11BWkpzGXSW4Hv43qa+GSYOD2QU68Mb59oSk2OB+BtOLpJofmbGEGgvmwyCI9
+MwIDAQAB
+-----END PUBLIC KEY-----`;
+export const SAMPLE_PRIVATEKEY = `-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCfPKKzVmN80HRs
+GAoUxK++RO3CW8GxomrtLnAD6TN5U5WlVbCRZ1WFrizfxcz+lr/Kvjtq/v7PdVOa
+8NHIAdxpP3bCFEQWku/1yPmVN4lKJvKv8yub9i2MJlVaBo5giHCtfAouo+v/XWKd
+awCR8jK28dZPFlgRxcuABcW5S5pLe4X2ASI1DDMZNTW/QWqSpMGvgHydbccI3jtd
+S7S3xjR76V/izg7FBrBYPv0n3/l3dHLS9tXcCbUW0YmIm87BGwh9UKEOlhK1NwdM
+Iyq29ZtXovXUFaSnMZdJbge/jepr4ZJg4PZBTrwxvn2hKTY4H4G04ukmh+ZsYQaC
++bDIIj0zAgMBAAECggEAKIBGrbCSW2O1yOyQW9nvDUkA5EdsS58Q7US7bvM4iWpu
+DIBwCXur7/VuKnhn/HUhURLzj/JNozynSChqYyG+CvL+ZLy82LUE3ZIBkSdv/vFL
+Ft+VvvRtf1EcsmoqenkZl7aN7HD7DJeXBoz5tyVQKuH17WW0fsi9StGtCcUl+H6K
+zV9Gif0Kj0uLQbCg3THRvKuueBTwCTdjoP0PwaNADgSWb3hJPeLMm/yII4tIMGbO
+w+xd9wJRl+ZN9nkNtQMxszFGdKjedB6goYLQuP0WRZx+YtykaVJdM75bDUvsQar4
+9Pc21Fp7UVk/CN11DX/hX3TmTJAUtqYADliVKkTbCQKBgQDLU48tBxm3g1CdDM/P
+ZIEmpA3Y/m7e9eX7M1Uo/zDh4G/S9a4kkX6GQY2dLFdCtOS8M4hR11Io7MceBKDi
+djorTZ5zJPQ8+b9Rm+1GlaucGNwRW0cQk2ltT2ksPmJnQn2xvM9T8vE+a4A/YGzw
+mZOfpoVGykWs/tbSzU2aTaOybQKBgQDIfRf6OmirGPh59l+RSuDkZtISF/51mCV/
+S1M4DltWDwhjC2Y2T+meIsb/Mjtz4aVNz0EHB8yvn0TMGr94Uwjv4uBdpVSwz+xL
+hHL7J4rpInH+i0gxa0N+rGwsPwI8wJG95wLY+Kni5KCuXQw55uX1cqnnsahpRZFZ
+EerBXhjqHwKBgBmEjiaHipm2eEqNjhMoOPFBi59dJ0sCL2/cXGa9yEPA6Cfgv49F
+V0zAM2azZuwvSbm4+fXTgTMzrDW/PPXPArPmlOk8jQ6OBY3XdOrz48q+b/gZrYyO
+A6A9ZCSyW6U7+gxxds/BYLeFxF2v21xC2f0iZ/2faykv/oQMUh34en/tAoGACqVZ
+2JexZyR0TUWf3X80YexzyzIq+OOTWicNzDQ29WLm9xtr2gZ0SUlfd72bGpQoyvDu
+awkm/UxfwtbIxALkvpg1gcN9s8XWrkviLyPyZF7H3tRWiQlBFEDjnZXa8I7pLkRO
+Cmdp3fp17cxTEeAI5feovfzZDH39MdWZuZrdh9ECgYBTEv8S7nK8wrxIC390kroV
+52eBwzckQU2mWa0thUtaGQiU1EYPCSDcjkrLXwB72ft0dW57KyWtvrB6rt1ORgOL
+eI5hFbwdGQhCHTrAR1vG3SyFPMAm+8JB+sGOD/fvjtZKx//MFNweKFNEF0C/o6Z2
+FXj90PlgF8sCQut36ZfuIQ==
+-----END PRIVATE KEY-----`;
+
+export const SAMPLE_TOKEN = `eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.JlX3gXGyClTBFciHhknWrjo7SKqyJ5iBO0n-3S2_I7cIgfaZAeRDJ3SQEbaPxVC7X8aqGCOM-pQOjZPKUJN8DMFrlHTOdqMs0TwQ2PRBmVAxXTSOZOoEhD4ZNCHohYoyfoDhJDP4Qye_FCqu6POJzg0Jcun4d3KW04QTiGxv2PkYqmB7nHxYuJdnqE3704hIS56pc_8q6AW0WIT0W-nIvwzaSbtBU9RgaC7ZpBD2LiNE265UBIFraMDF8IAFw9itZSUCTKg1Q-q27NwwBZNGYStMdIBDor2Bsq5ge51EkWajzZ7ALisVp-bskzUsqUf77ejqX_CBAqkNdH1Zebn93A`;
+export const SAMPLE_TOKEN_INVALID = `eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lISIsImFkbWluIjp0cnVlLCJpYXQiOjE1MTYyMzkwMjJ9.JlX3gXGyClTBFciHhknWrjo7SKqyJ5iBO0n-3S2_I7cIgfaZAeRDJ3SQEbaPxVC7X8aqGCOM-pQOjZPKUJN8DMFrlHTOdqMs0TwQ2PRBmVAxXTSOZOoEhD4ZNCHohYoyfoDhJDP4Qye_FCqu6POJzg0Jcun4d3KW04QTiGxv2PkYqmB7nHxYuJdnqE3704hIS56pc_8q6AW0WIT0W-nIvwzaSbtBU9RgaC7ZpBD2LiNE265UBIFraMDF8IAFw9itZSUCTKg1Q-q27NwwBZNGYStMdIBDor2Bsq5ge51EkWajzZ7ALisVp-bskzUsqUf77ejqX_CBAqkNdH1Zebn93A`;
+
+
+export const SAMPLE_PUBKEY_2 = `-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzyis1ZjfNB0bBgKFMSv
+vkTtwlvBsaJq7S5wA+kzeVOVpVWwkWdVha4s38XM/pa/yr47av7+z3VTmvDRyAHc
+aT92whREFpLv9cj5lTeJSibyr/Mrm/YtjCZVWgaOYIhwrXwKLqPr/11inWsAkfIy
+tvHWTxZYEcXLgAXFuUuaS3uF9gEiNQwzGTU1v0FqkqTBr4B8nW3HCN47XUu0t8Y0
+e+lf4s4OxQawWD79J9/5d3Ry0vbV3Am1FtGJiJvOwRsIfVChDpYStTcHTCMqtvWb
+V6L11BWkpzGXSW4Hv43qa+GSYOD2QU68Mb59oSk2OB+BtOLpJofmbGEGgvmwyCI9
+MwIDAQAB
+-----END PUBLIC KEY-----`;
+
+export const SAMPLE_PRIVATEKEY_2 = `-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDfj0kY6x9bEcNe
+UUtRxPDzQ6rdaVnsC82QPdnwrXqrd6Bu+HmsmcKfwNxTT5m7H2gDQ+clEn7zTJ+u
+sLB3moSmiz6mfRE87rTgNSW5Y8l9uvsV2GCEf1+GIBtdw75Cicq1fE8v+4yMu4xk
+8NJkY4AyhihOsq7QARB6i1KM5FHOh2aYMZQI+Hx1J9M6fj0GKJbCJh2VkXyqwNb9
+3SvfYLPLSSkTmzOpdRxQfI8Ql9pri0zHUerhFzy8wmHhSz52qRJknZKnhKU6HAsX
+v7a5lh8C5fXcgad6tpmKJKBpEx00EtLMyqkb0gBzjKUvEbqWjB5659LH6WQZeMuY
+g6abbDbnAgMBAAECggEAL3y/OTTQf0bBqio4hpD/4ZyREeEMAdDsBGSvA6nF8eBC
+SvAq4Ff0+Hw+ENBKxm3AaVkmI0DPiJzRGolborxGyx2u3Cya2ceW0j1X2w5wQW3T
+YeuJbPulbdcqGPu4UWf1kCFsrLORQl+gTdy9xCdClvjaXQUljvd66Zzolxb0rZq9
+keRREJ55VZazBhwjtvfwII7chwzNdFzAX5Ft9IPFOaBoi13bCPTzUPeIazbktwIv
+FpKA51M12LF+fJpY608ACP5FR6ShnAxPbvpgOcVtxhuBvAdDu2jTvB9yASsNnHjE
+VXp1mTBTx+HsO6onIFqkN5fC/3ds+3zyOScu6RkGMQKBgQD7/h/lKRtEWJVML+ag
+a+V2WUy6Yel5IgF7DeH8Z78QOLhB1MUr8jXD8skMcTZiSYuF8rRV5FVHAbv+pnwC
+NkZclCNQqoOVbhIT8wBV+TE0ay5ZSLqLkhCdmmYaBg6WccfzPmcIRwTgC3QWSyku
+jjpRLxEPTEzbnNRuKFaOSbctKQKBgQDjHWiqiSXXEbQdI80cJmoz1o+gLtUKVdK/
+GyUak/AX4PLhG4VZHHHt/AArPYr+eEQcN6aCsWU8qRt6H3LyhBjev93CHAKs4snG
++edQ7xK0kqervR4KXweTD+wqUVglvqmstGwkI33CFUZwE7t6bKgmALfgdeJxFCLM
+ScV8y0y1jwKBgQDZXjh9IJxYtGD0u00hjHD/ScCZ9ePDjcXhM/SAGa4CfCrU/oim
+g+RFBqTOisnytqYYAWf1v2SgP6q+2zWVYuQG7/IWnz+qIqyNcMwVXUNIiDwO4GGq
+C3ExwgHY6OikdbmY5XdS+JAIA1k78dGwSxea+BKrM5IIzpuf+kPPsV7FIQKBgAOW
+NE/1KIbT/b80EIowRR8adVw3QSAPqOtht11LFtCZudw6PgnhPB9hCnOkXiyUo6a6
+bkPEH3Asz4VHN96CnY3vA8aMALLQRhWBXtjVXbtCUamRrAbH52u4JaepbzXxY+aZ
+VtffQ54sDde5SA2v55vqCP1ffzr/8Wi+hYLqBwUbAoGBAIhtiyG3DVX0j0z1EICq
+ZR2HJJk7KKPcrUGW0fbNqnxIrjqBq22PGD6rkFHQFpD/y/u7NGpOFU12tk099ly+
+EZFf9T6VsMw+7sUFo88gTDL9BK6IBcsYDr5I7QfN5WkXbsrx/s9Yll7urISU3z7o
+eUhPf0cYfvNPR4eQb5FLLrDX
+-----END PRIVATE KEY-----`;

package/src/index.ts

@@ -0,0 +1,5 @@
+import { JWTEngine } from './common';
+
+export * from './common';
+
+export function createJWTEngine() : JWTEngine { throw new Error('No implementation selected'); };

package/src/node/engine.test.ts

@@ -0,0 +1,4 @@
+import { engineTest } from "../engine.test";
+import { JWT } from "./index";
+
+engineTest('NodeJWT', JWT);

package/src/node/index.ts

@@ -0,0 +1,56 @@
+import { JWTEngine, EncodeOptions, Token, DecodeOptions } from "../common/interface";
+import * as jsonwebtoken from 'jsonwebtoken';
+import { Base64URL } from "../browser/base64url";
+import { validateExpiry } from "../common";
+export * from '../common';
+
+export class NodeJWT implements JWTEngine {
+    async decodeUntrusted(token: string): Promise<Token> {
+        let decodedToken = <Record<string,any>>jsonwebtoken.decode(token);
+        return { claims: decodedToken, string: token };
+    }
+
+    async encode(claims: Record<string, any>, options: EncodeOptions): Promise<Token> {
+        let string = jsonwebtoken.sign(claims, options.secretOrKey, {
+            algorithm: <any>options.algorithm
+        });
+
+        return {
+            string,
+            claims
+        }
+    }
+
+    async validate(string : string, options: DecodeOptions): Promise<Token> {
+        let claims : Record<string,any>;
+        
+        try {
+            claims = <Record<string,any>>jsonwebtoken.verify(string, options.secretOrKey, {
+                algorithms: [ <any>options.algorithm ],
+                ignoreExpiration: true
+            });
+        } catch (e) {
+            if (e.message === 'invalid signature')      // For uniformity
+                throw new Error(`Cannot validate JWT '${string}': Invalid signature`);
+            else if (e.message === 'invalid algorithm')
+                throw new Error(`Cannot validate JWT '${string}': Token has incorrect algorithm`);
+
+            throw e;
+        }
+
+        try {
+            validateExpiry(claims.exp, options.now, options.validate?.exp);
+        } catch (e) {
+            throw new Error(`Cannot validate JWT '${string}': ${e.message}`);
+        }
+
+        return {
+            string,
+            claims
+        }
+    }
+
+}
+
+export function createJWTEngine() : JWTEngine { return new NodeJWT(); };
+export const JWT = createJWTEngine();