@atproto/jwk 0.5.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +16 -0
- package/dist/alg.d.ts +2 -2
- package/dist/alg.d.ts.map +1 -1
- package/dist/alg.js +14 -8
- package/dist/alg.js.map +1 -1
- package/dist/errors.js.map +1 -1
- package/dist/index.js.map +1 -1
- package/dist/jwk.d.ts +3725 -1143
- package/dist/jwk.d.ts.map +1 -1
- package/dist/jwk.js +141 -47
- package/dist/jwk.js.map +1 -1
- package/dist/jwks.d.ts +212 -1523
- package/dist/jwks.d.ts.map +1 -1
- package/dist/jwks.js +21 -4
- package/dist/jwks.js.map +1 -1
- package/dist/jwt-decode.js.map +1 -1
- package/dist/jwt-verify.js.map +1 -1
- package/dist/jwt.d.ts +3937 -1186
- package/dist/jwt.d.ts.map +1 -1
- package/dist/jwt.js.map +1 -1
- package/dist/key.d.ts +22 -9
- package/dist/key.d.ts.map +1 -1
- package/dist/key.js +101 -20
- package/dist/key.js.map +1 -1
- package/dist/keyset.d.ts +382 -15
- package/dist/keyset.d.ts.map +1 -1
- package/dist/keyset.js +32 -46
- package/dist/keyset.js.map +1 -1
- package/dist/util.d.ts +1 -6
- package/dist/util.d.ts.map +1 -1
- package/dist/util.js +4 -0
- package/dist/util.js.map +1 -1
- package/package.json +2 -2
- package/src/alg.ts +22 -10
- package/src/jwk.ts +163 -51
- package/src/jwks.ts +23 -6
- package/src/key.ts +137 -27
- package/src/keyset.ts +60 -60
- package/src/util.ts +6 -18
package/dist/keyset.d.ts
CHANGED
|
@@ -1,15 +1,13 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { PrivateKeyUsage } from './jwk.js';
|
|
2
|
+
import { JwksPub } from './jwks.js';
|
|
2
3
|
import { VerifyOptions, VerifyResult } from './jwt-verify.js';
|
|
3
4
|
import { JwtHeader, JwtPayload, SignedJwt } from './jwt.js';
|
|
4
|
-
import { Key } from './key.js';
|
|
5
|
-
import {
|
|
6
|
-
export type
|
|
5
|
+
import { ActivityCheckOptions, Key, KeyMatchOptions } from './key.js';
|
|
6
|
+
import { Override } from './util.js';
|
|
7
|
+
export type { ActivityCheckOptions, KeyMatchOptions };
|
|
8
|
+
export type FindKeyOptions = KeyMatchOptions & ActivityCheckOptions;
|
|
9
|
+
export type JwtSignHeader = Override<JwtHeader, Pick<FindKeyOptions, 'alg' | 'kid'>>;
|
|
7
10
|
export type JwtPayloadGetter<P = JwtPayload> = (header: JwtHeader, key: Key) => P | PromiseLike<P>;
|
|
8
|
-
export type KeySearch = {
|
|
9
|
-
use?: 'sig' | 'enc';
|
|
10
|
-
kid?: string | string[];
|
|
11
|
-
alg?: string | string[];
|
|
12
|
-
};
|
|
13
11
|
export declare class Keyset<K extends Key = Key> implements Iterable<K> {
|
|
14
12
|
/**
|
|
15
13
|
* The preferred algorithms to use when signing a JWT using this keyset.
|
|
@@ -27,18 +25,387 @@ export declare class Keyset<K extends Key = Key> implements Iterable<K> {
|
|
|
27
25
|
preferredSigningAlgorithms?: readonly string[]);
|
|
28
26
|
get size(): number;
|
|
29
27
|
get signAlgorithms(): readonly string[];
|
|
30
|
-
get publicJwks():
|
|
31
|
-
|
|
28
|
+
get publicJwks(): Readonly<{
|
|
29
|
+
keys: readonly (Readonly<{
|
|
30
|
+
kty: "RSA";
|
|
31
|
+
n: string;
|
|
32
|
+
e: string;
|
|
33
|
+
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
34
|
+
kid?: string | undefined;
|
|
35
|
+
use?: "sig" | "enc" | undefined;
|
|
36
|
+
key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
37
|
+
x5c?: string[] | undefined;
|
|
38
|
+
x5t?: string | undefined;
|
|
39
|
+
'x5t#S256'?: string | undefined;
|
|
40
|
+
x5u?: string | undefined;
|
|
41
|
+
ext?: boolean | undefined;
|
|
42
|
+
iat?: number | undefined;
|
|
43
|
+
exp?: number | undefined;
|
|
44
|
+
nbf?: number | undefined;
|
|
45
|
+
revoked?: {
|
|
46
|
+
revoked_at: number;
|
|
47
|
+
reason?: string | undefined;
|
|
48
|
+
} | undefined;
|
|
49
|
+
d?: string | undefined;
|
|
50
|
+
p?: string | undefined;
|
|
51
|
+
q?: string | undefined;
|
|
52
|
+
dp?: string | undefined;
|
|
53
|
+
dq?: string | undefined;
|
|
54
|
+
qi?: string | undefined;
|
|
55
|
+
oth?: {
|
|
56
|
+
d?: string | undefined;
|
|
57
|
+
r?: string | undefined;
|
|
58
|
+
t?: string | undefined;
|
|
59
|
+
}[] | undefined;
|
|
60
|
+
} & {
|
|
61
|
+
kid: NonNullable<unknown>;
|
|
62
|
+
} & {
|
|
63
|
+
d?: never;
|
|
64
|
+
}> | Readonly<{
|
|
65
|
+
kty: "EC";
|
|
66
|
+
crv: "P-256" | "P-384" | "P-521";
|
|
67
|
+
x: string;
|
|
68
|
+
y: string;
|
|
69
|
+
alg?: "ES256" | "ES384" | "ES512" | undefined;
|
|
70
|
+
kid?: string | undefined;
|
|
71
|
+
use?: "sig" | "enc" | undefined;
|
|
72
|
+
key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
73
|
+
x5c?: string[] | undefined;
|
|
74
|
+
x5t?: string | undefined;
|
|
75
|
+
'x5t#S256'?: string | undefined;
|
|
76
|
+
x5u?: string | undefined;
|
|
77
|
+
ext?: boolean | undefined;
|
|
78
|
+
iat?: number | undefined;
|
|
79
|
+
exp?: number | undefined;
|
|
80
|
+
nbf?: number | undefined;
|
|
81
|
+
revoked?: {
|
|
82
|
+
revoked_at: number;
|
|
83
|
+
reason?: string | undefined;
|
|
84
|
+
} | undefined;
|
|
85
|
+
d?: string | undefined;
|
|
86
|
+
} & {
|
|
87
|
+
kid: NonNullable<unknown>;
|
|
88
|
+
} & {
|
|
89
|
+
d?: never;
|
|
90
|
+
}> | Readonly<{
|
|
91
|
+
kty: "EC";
|
|
92
|
+
crv: "secp256k1";
|
|
93
|
+
x: string;
|
|
94
|
+
y: string;
|
|
95
|
+
alg?: "ES256K" | undefined;
|
|
96
|
+
kid?: string | undefined;
|
|
97
|
+
use?: "sig" | "enc" | undefined;
|
|
98
|
+
key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
99
|
+
x5c?: string[] | undefined;
|
|
100
|
+
x5t?: string | undefined;
|
|
101
|
+
'x5t#S256'?: string | undefined;
|
|
102
|
+
x5u?: string | undefined;
|
|
103
|
+
ext?: boolean | undefined;
|
|
104
|
+
iat?: number | undefined;
|
|
105
|
+
exp?: number | undefined;
|
|
106
|
+
nbf?: number | undefined;
|
|
107
|
+
revoked?: {
|
|
108
|
+
revoked_at: number;
|
|
109
|
+
reason?: string | undefined;
|
|
110
|
+
} | undefined;
|
|
111
|
+
d?: string | undefined;
|
|
112
|
+
} & {
|
|
113
|
+
kid: NonNullable<unknown>;
|
|
114
|
+
} & {
|
|
115
|
+
d?: never;
|
|
116
|
+
}> | Readonly<{
|
|
117
|
+
kty: "OKP";
|
|
118
|
+
crv: "Ed25519" | "Ed448";
|
|
119
|
+
x: string;
|
|
120
|
+
alg?: "EdDSA" | undefined;
|
|
121
|
+
kid?: string | undefined;
|
|
122
|
+
use?: "sig" | "enc" | undefined;
|
|
123
|
+
key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
124
|
+
x5c?: string[] | undefined;
|
|
125
|
+
x5t?: string | undefined;
|
|
126
|
+
'x5t#S256'?: string | undefined;
|
|
127
|
+
x5u?: string | undefined;
|
|
128
|
+
ext?: boolean | undefined;
|
|
129
|
+
iat?: number | undefined;
|
|
130
|
+
exp?: number | undefined;
|
|
131
|
+
nbf?: number | undefined;
|
|
132
|
+
revoked?: {
|
|
133
|
+
revoked_at: number;
|
|
134
|
+
reason?: string | undefined;
|
|
135
|
+
} | undefined;
|
|
136
|
+
d?: string | undefined;
|
|
137
|
+
} & {
|
|
138
|
+
kid: NonNullable<unknown>;
|
|
139
|
+
} & {
|
|
140
|
+
d?: never;
|
|
141
|
+
}>)[];
|
|
142
|
+
}>;
|
|
143
|
+
get privateJwks(): Readonly<{
|
|
144
|
+
keys: readonly (Readonly<{
|
|
145
|
+
kty: "RSA";
|
|
146
|
+
n: string;
|
|
147
|
+
e: string;
|
|
148
|
+
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
149
|
+
kid?: string | undefined;
|
|
150
|
+
use?: "sig" | "enc" | undefined;
|
|
151
|
+
key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
152
|
+
x5c?: string[] | undefined;
|
|
153
|
+
x5t?: string | undefined;
|
|
154
|
+
'x5t#S256'?: string | undefined;
|
|
155
|
+
x5u?: string | undefined;
|
|
156
|
+
ext?: boolean | undefined;
|
|
157
|
+
iat?: number | undefined;
|
|
158
|
+
exp?: number | undefined;
|
|
159
|
+
nbf?: number | undefined;
|
|
160
|
+
revoked?: {
|
|
161
|
+
revoked_at: number;
|
|
162
|
+
reason?: string | undefined;
|
|
163
|
+
} | undefined;
|
|
164
|
+
d?: string | undefined;
|
|
165
|
+
p?: string | undefined;
|
|
166
|
+
q?: string | undefined;
|
|
167
|
+
dp?: string | undefined;
|
|
168
|
+
dq?: string | undefined;
|
|
169
|
+
qi?: string | undefined;
|
|
170
|
+
oth?: {
|
|
171
|
+
d?: string | undefined;
|
|
172
|
+
r?: string | undefined;
|
|
173
|
+
t?: string | undefined;
|
|
174
|
+
}[] | undefined;
|
|
175
|
+
} & {
|
|
176
|
+
d: NonNullable<unknown>;
|
|
177
|
+
}> | Readonly<{
|
|
178
|
+
kty: "EC";
|
|
179
|
+
crv: "P-256" | "P-384" | "P-521";
|
|
180
|
+
x: string;
|
|
181
|
+
y: string;
|
|
182
|
+
alg?: "ES256" | "ES384" | "ES512" | undefined;
|
|
183
|
+
kid?: string | undefined;
|
|
184
|
+
use?: "sig" | "enc" | undefined;
|
|
185
|
+
key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
186
|
+
x5c?: string[] | undefined;
|
|
187
|
+
x5t?: string | undefined;
|
|
188
|
+
'x5t#S256'?: string | undefined;
|
|
189
|
+
x5u?: string | undefined;
|
|
190
|
+
ext?: boolean | undefined;
|
|
191
|
+
iat?: number | undefined;
|
|
192
|
+
exp?: number | undefined;
|
|
193
|
+
nbf?: number | undefined;
|
|
194
|
+
revoked?: {
|
|
195
|
+
revoked_at: number;
|
|
196
|
+
reason?: string | undefined;
|
|
197
|
+
} | undefined;
|
|
198
|
+
d?: string | undefined;
|
|
199
|
+
} & {
|
|
200
|
+
d: NonNullable<unknown>;
|
|
201
|
+
}> | Readonly<{
|
|
202
|
+
kty: "EC";
|
|
203
|
+
crv: "secp256k1";
|
|
204
|
+
x: string;
|
|
205
|
+
y: string;
|
|
206
|
+
alg?: "ES256K" | undefined;
|
|
207
|
+
kid?: string | undefined;
|
|
208
|
+
use?: "sig" | "enc" | undefined;
|
|
209
|
+
key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
210
|
+
x5c?: string[] | undefined;
|
|
211
|
+
x5t?: string | undefined;
|
|
212
|
+
'x5t#S256'?: string | undefined;
|
|
213
|
+
x5u?: string | undefined;
|
|
214
|
+
ext?: boolean | undefined;
|
|
215
|
+
iat?: number | undefined;
|
|
216
|
+
exp?: number | undefined;
|
|
217
|
+
nbf?: number | undefined;
|
|
218
|
+
revoked?: {
|
|
219
|
+
revoked_at: number;
|
|
220
|
+
reason?: string | undefined;
|
|
221
|
+
} | undefined;
|
|
222
|
+
d?: string | undefined;
|
|
223
|
+
} & {
|
|
224
|
+
d: NonNullable<unknown>;
|
|
225
|
+
}> | Readonly<{
|
|
226
|
+
kty: "OKP";
|
|
227
|
+
crv: "Ed25519" | "Ed448";
|
|
228
|
+
x: string;
|
|
229
|
+
alg?: "EdDSA" | undefined;
|
|
230
|
+
kid?: string | undefined;
|
|
231
|
+
use?: "sig" | "enc" | undefined;
|
|
232
|
+
key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
233
|
+
x5c?: string[] | undefined;
|
|
234
|
+
x5t?: string | undefined;
|
|
235
|
+
'x5t#S256'?: string | undefined;
|
|
236
|
+
x5u?: string | undefined;
|
|
237
|
+
ext?: boolean | undefined;
|
|
238
|
+
iat?: number | undefined;
|
|
239
|
+
exp?: number | undefined;
|
|
240
|
+
nbf?: number | undefined;
|
|
241
|
+
revoked?: {
|
|
242
|
+
revoked_at: number;
|
|
243
|
+
reason?: string | undefined;
|
|
244
|
+
} | undefined;
|
|
245
|
+
d?: string | undefined;
|
|
246
|
+
} & {
|
|
247
|
+
d: NonNullable<unknown>;
|
|
248
|
+
}> | Readonly<{
|
|
249
|
+
kty: "oct";
|
|
250
|
+
k: string;
|
|
251
|
+
alg?: "HS256" | "HS384" | "HS512" | undefined;
|
|
252
|
+
kid?: string | undefined;
|
|
253
|
+
use?: "sig" | "enc" | undefined;
|
|
254
|
+
key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
255
|
+
x5c?: string[] | undefined;
|
|
256
|
+
x5t?: string | undefined;
|
|
257
|
+
'x5t#S256'?: string | undefined;
|
|
258
|
+
x5u?: string | undefined;
|
|
259
|
+
ext?: boolean | undefined;
|
|
260
|
+
iat?: number | undefined;
|
|
261
|
+
exp?: number | undefined;
|
|
262
|
+
nbf?: number | undefined;
|
|
263
|
+
revoked?: {
|
|
264
|
+
revoked_at: number;
|
|
265
|
+
reason?: string | undefined;
|
|
266
|
+
} | undefined;
|
|
267
|
+
} & {
|
|
268
|
+
d: NonNullable<unknown>;
|
|
269
|
+
}> | Readonly<{
|
|
270
|
+
kty: "RSA";
|
|
271
|
+
n: string;
|
|
272
|
+
e: string;
|
|
273
|
+
alg?: "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | undefined;
|
|
274
|
+
kid?: string | undefined;
|
|
275
|
+
use?: "sig" | "enc" | undefined;
|
|
276
|
+
key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
277
|
+
x5c?: string[] | undefined;
|
|
278
|
+
x5t?: string | undefined;
|
|
279
|
+
'x5t#S256'?: string | undefined;
|
|
280
|
+
x5u?: string | undefined;
|
|
281
|
+
ext?: boolean | undefined;
|
|
282
|
+
iat?: number | undefined;
|
|
283
|
+
exp?: number | undefined;
|
|
284
|
+
nbf?: number | undefined;
|
|
285
|
+
revoked?: {
|
|
286
|
+
revoked_at: number;
|
|
287
|
+
reason?: string | undefined;
|
|
288
|
+
} | undefined;
|
|
289
|
+
d?: string | undefined;
|
|
290
|
+
p?: string | undefined;
|
|
291
|
+
q?: string | undefined;
|
|
292
|
+
dp?: string | undefined;
|
|
293
|
+
dq?: string | undefined;
|
|
294
|
+
qi?: string | undefined;
|
|
295
|
+
oth?: {
|
|
296
|
+
d?: string | undefined;
|
|
297
|
+
r?: string | undefined;
|
|
298
|
+
t?: string | undefined;
|
|
299
|
+
}[] | undefined;
|
|
300
|
+
} & {
|
|
301
|
+
k: NonNullable<unknown>;
|
|
302
|
+
}> | Readonly<{
|
|
303
|
+
kty: "EC";
|
|
304
|
+
crv: "P-256" | "P-384" | "P-521";
|
|
305
|
+
x: string;
|
|
306
|
+
y: string;
|
|
307
|
+
alg?: "ES256" | "ES384" | "ES512" | undefined;
|
|
308
|
+
kid?: string | undefined;
|
|
309
|
+
use?: "sig" | "enc" | undefined;
|
|
310
|
+
key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
311
|
+
x5c?: string[] | undefined;
|
|
312
|
+
x5t?: string | undefined;
|
|
313
|
+
'x5t#S256'?: string | undefined;
|
|
314
|
+
x5u?: string | undefined;
|
|
315
|
+
ext?: boolean | undefined;
|
|
316
|
+
iat?: number | undefined;
|
|
317
|
+
exp?: number | undefined;
|
|
318
|
+
nbf?: number | undefined;
|
|
319
|
+
revoked?: {
|
|
320
|
+
revoked_at: number;
|
|
321
|
+
reason?: string | undefined;
|
|
322
|
+
} | undefined;
|
|
323
|
+
d?: string | undefined;
|
|
324
|
+
} & {
|
|
325
|
+
k: NonNullable<unknown>;
|
|
326
|
+
}> | Readonly<{
|
|
327
|
+
kty: "EC";
|
|
328
|
+
crv: "secp256k1";
|
|
329
|
+
x: string;
|
|
330
|
+
y: string;
|
|
331
|
+
alg?: "ES256K" | undefined;
|
|
332
|
+
kid?: string | undefined;
|
|
333
|
+
use?: "sig" | "enc" | undefined;
|
|
334
|
+
key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
335
|
+
x5c?: string[] | undefined;
|
|
336
|
+
x5t?: string | undefined;
|
|
337
|
+
'x5t#S256'?: string | undefined;
|
|
338
|
+
x5u?: string | undefined;
|
|
339
|
+
ext?: boolean | undefined;
|
|
340
|
+
iat?: number | undefined;
|
|
341
|
+
exp?: number | undefined;
|
|
342
|
+
nbf?: number | undefined;
|
|
343
|
+
revoked?: {
|
|
344
|
+
revoked_at: number;
|
|
345
|
+
reason?: string | undefined;
|
|
346
|
+
} | undefined;
|
|
347
|
+
d?: string | undefined;
|
|
348
|
+
} & {
|
|
349
|
+
k: NonNullable<unknown>;
|
|
350
|
+
}> | Readonly<{
|
|
351
|
+
kty: "OKP";
|
|
352
|
+
crv: "Ed25519" | "Ed448";
|
|
353
|
+
x: string;
|
|
354
|
+
alg?: "EdDSA" | undefined;
|
|
355
|
+
kid?: string | undefined;
|
|
356
|
+
use?: "sig" | "enc" | undefined;
|
|
357
|
+
key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
358
|
+
x5c?: string[] | undefined;
|
|
359
|
+
x5t?: string | undefined;
|
|
360
|
+
'x5t#S256'?: string | undefined;
|
|
361
|
+
x5u?: string | undefined;
|
|
362
|
+
ext?: boolean | undefined;
|
|
363
|
+
iat?: number | undefined;
|
|
364
|
+
exp?: number | undefined;
|
|
365
|
+
nbf?: number | undefined;
|
|
366
|
+
revoked?: {
|
|
367
|
+
revoked_at: number;
|
|
368
|
+
reason?: string | undefined;
|
|
369
|
+
} | undefined;
|
|
370
|
+
d?: string | undefined;
|
|
371
|
+
} & {
|
|
372
|
+
k: NonNullable<unknown>;
|
|
373
|
+
}> | Readonly<{
|
|
374
|
+
kty: "oct";
|
|
375
|
+
k: string;
|
|
376
|
+
alg?: "HS256" | "HS384" | "HS512" | undefined;
|
|
377
|
+
kid?: string | undefined;
|
|
378
|
+
use?: "sig" | "enc" | undefined;
|
|
379
|
+
key_ops?: ("verify" | "encrypt" | "wrapKey" | "sign" | "decrypt" | "unwrapKey" | "deriveKey" | "deriveBits")[] | undefined;
|
|
380
|
+
x5c?: string[] | undefined;
|
|
381
|
+
x5t?: string | undefined;
|
|
382
|
+
'x5t#S256'?: string | undefined;
|
|
383
|
+
x5u?: string | undefined;
|
|
384
|
+
ext?: boolean | undefined;
|
|
385
|
+
iat?: number | undefined;
|
|
386
|
+
exp?: number | undefined;
|
|
387
|
+
nbf?: number | undefined;
|
|
388
|
+
revoked?: {
|
|
389
|
+
revoked_at: number;
|
|
390
|
+
reason?: string | undefined;
|
|
391
|
+
} | undefined;
|
|
392
|
+
} & {
|
|
393
|
+
k: NonNullable<unknown>;
|
|
394
|
+
}>)[];
|
|
395
|
+
}>;
|
|
32
396
|
has(kid: string): boolean;
|
|
33
|
-
get(
|
|
34
|
-
|
|
35
|
-
|
|
397
|
+
get(options: FindKeyOptions): K;
|
|
398
|
+
find(options: FindKeyOptions): K | undefined;
|
|
399
|
+
list<O extends FindKeyOptions>(options: O): Generator<K, void, unknown>;
|
|
400
|
+
findPrivateKey({ kid, alg, usage, ...options }: FindKeyOptions & {
|
|
401
|
+
usage: PrivateKeyUsage;
|
|
402
|
+
}): {
|
|
36
403
|
key: Key;
|
|
37
404
|
alg: string;
|
|
38
405
|
};
|
|
39
406
|
[Symbol.iterator](): IterableIterator<K>;
|
|
40
407
|
createJwt({ alg: sAlg, kid: sKid, ...header }: JwtSignHeader, payload: JwtPayload | JwtPayloadGetter): Promise<SignedJwt>;
|
|
41
|
-
verifyJwt<C extends string = never>(token: SignedJwt, options?: VerifyOptions<C>): Promise<VerifyResult<C> & {
|
|
408
|
+
verifyJwt<C extends string = never>(token: SignedJwt, options?: ActivityCheckOptions & VerifyOptions<C>): Promise<VerifyResult<C> & {
|
|
42
409
|
key: K;
|
|
43
410
|
}>;
|
|
44
411
|
toJSON(): JwksPub;
|
package/dist/keyset.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"keyset.d.ts","sourceRoot":"","sources":["../src/keyset.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"keyset.d.ts","sourceRoot":"","sources":["../src/keyset.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAA;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AAEnC,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAC7D,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,UAAU,CAAA;AAC3D,OAAO,EAAE,oBAAoB,EAAE,GAAG,EAAE,eAAe,EAAE,MAAM,UAAU,CAAA;AACrE,OAAO,EACL,QAAQ,EAKT,MAAM,WAAW,CAAA;AAElB,YAAY,EAAE,oBAAoB,EAAE,eAAe,EAAE,CAAA;AACrD,MAAM,MAAM,cAAc,GAAG,eAAe,GAAG,oBAAoB,CAAA;AAEnE,MAAM,MAAM,aAAa,GAAG,QAAQ,CAClC,SAAS,EACT,IAAI,CAAC,cAAc,EAAE,KAAK,GAAG,KAAK,CAAC,CACpC,CAAA;AAED,MAAM,MAAM,gBAAgB,CAAC,CAAC,GAAG,UAAU,IAAI,CAC7C,MAAM,EAAE,SAAS,EACjB,GAAG,EAAE,GAAG,KACL,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;AAKvB,qBAAa,MAAM,CAAC,CAAC,SAAS,GAAG,GAAG,GAAG,CAAE,YAAW,QAAQ,CAAC,CAAC,CAAC;IAK3D;;;;OAIG;aACa,0BAA0B,EAAE,SAAS,MAAM,EAAE;IAT/D,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAc;gBAGjC,QAAQ,EAAE,QAAQ,CAAC,CAAC,GAAG,IAAI,GAAG,SAAS,GAAG,KAAK,CAAC;IAChD;;;;OAIG;IACa,0BAA0B,GAAE,SAAS,MAAM,EAetD;IAmBP,IAAI,IAAI,IAAI,MAAM,CAEjB;IAED,IACI,cAAc,IAAI,SAAS,MAAM,EAAE,CAWtC;IAED,IACI,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAIb;IAED,IACI,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAMd;IAED,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAIzB,GAAG,CAAC,OAAO,EAAE,cAAc,GAAG,CAAC;IAU/B,IAAI,CAAC,OAAO,EAAE,cAAc,GAAG,CAAC,GAAG,SAAS;IAQ3C,IAAI,CAAC,CAAC,SAAS,cAAc,EAAE,OAAO,EAAE,CAAC;IAQ1C,cAAc,CAAC,EACb,GAAG,EACH,GAAG,EACH,KAAK,EACL,GAAG,OAAO,EACX,EAAE,cAAc,GAAG;QAAE,KAAK,EAAE,eAAe,CAAA;KAAE,GAAG;QAC/C,GAAG,EAAE,GAAG,CAAA;QACR,GAAG,EAAE,MAAM,CAAA;KACZ;IAwCD,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,gBAAgB,CAAC,CAAC,CAAC;IAIlC,SAAS,CACb,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,MAAM,EAAE,EAAE,aAAa,EAClD,OAAO,EAAE,UAAU,GAAG,gBAAgB,GACrC,OAAO,CAAC,SAAS,CAAC;IAoBf,SAAS,CAAC,CAAC,SAAS,MAAM,GAAG,KAAK,EACtC,KAAK,EAAE,SAAS,EAChB,OAAO,CAAC,EAAE,oBAAoB,GAAG,aAAa,CAAC,CAAC,CAAC,GAChD,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG;QAAE,GAAG,EAAE,CAAC,CAAA;KAAE,CAAC;IAyBxC,MAAM,IAEuC,OAAO;CAErD"}
|
package/dist/keyset.js
CHANGED
|
@@ -82,16 +82,16 @@ let Keyset = (() => {
|
|
|
82
82
|
value: void 0
|
|
83
83
|
});
|
|
84
84
|
const keys = [];
|
|
85
|
-
const
|
|
85
|
+
const keyIds = new Set();
|
|
86
86
|
for (const key of iterable) {
|
|
87
87
|
if (!key)
|
|
88
88
|
continue;
|
|
89
89
|
keys.push(key);
|
|
90
90
|
if (key.kid) {
|
|
91
|
-
if (
|
|
91
|
+
if (keyIds.has(key.kid))
|
|
92
92
|
throw new errors_js_1.JwkError(`Duplicate key: ${key.kid}`);
|
|
93
93
|
else
|
|
94
|
-
|
|
94
|
+
keyIds.add(key.kid);
|
|
95
95
|
}
|
|
96
96
|
}
|
|
97
97
|
this.keys = Object.freeze(keys);
|
|
@@ -111,59 +111,44 @@ let Keyset = (() => {
|
|
|
111
111
|
return Object.freeze([...algorithms].sort((0, util_js_1.preferredOrderCmp)(this.preferredSigningAlgorithms)));
|
|
112
112
|
}
|
|
113
113
|
get publicJwks() {
|
|
114
|
-
return {
|
|
115
|
-
keys: Array.from(this, extractPublicJwk).filter(util_js_1.isDefined),
|
|
116
|
-
};
|
|
114
|
+
return Object.freeze({
|
|
115
|
+
keys: Object.freeze(Array.from(this, extractPublicJwk).filter(util_js_1.isDefined)),
|
|
116
|
+
});
|
|
117
117
|
}
|
|
118
118
|
get privateJwks() {
|
|
119
|
-
return {
|
|
120
|
-
keys: Array.from(this, extractPrivateJwk).filter(util_js_1.isDefined),
|
|
121
|
-
};
|
|
119
|
+
return Object.freeze({
|
|
120
|
+
keys: Object.freeze(Array.from(this, extractPrivateJwk).filter(util_js_1.isDefined)),
|
|
121
|
+
});
|
|
122
122
|
}
|
|
123
123
|
has(kid) {
|
|
124
124
|
return this.keys.some((key) => key.kid === kid);
|
|
125
125
|
}
|
|
126
|
-
get(
|
|
127
|
-
|
|
126
|
+
get(options) {
|
|
127
|
+
const key = this.find(options);
|
|
128
|
+
if (key)
|
|
129
|
+
return key;
|
|
130
|
+
throw new errors_js_1.JwkError(`Key not found ${options.kid ?? options.alg ?? options.usage ?? '<unknown>'}`, errors_js_1.ERR_JWK_NOT_FOUND);
|
|
131
|
+
}
|
|
132
|
+
find(options) {
|
|
133
|
+
for (const key of this.list(options)) {
|
|
128
134
|
return key;
|
|
129
135
|
}
|
|
130
|
-
|
|
136
|
+
return undefined;
|
|
131
137
|
}
|
|
132
|
-
*list(
|
|
133
|
-
// Optimization: Empty string or empty array will not match any key
|
|
134
|
-
if (search.kid?.length === 0)
|
|
135
|
-
return;
|
|
136
|
-
if (search.alg?.length === 0)
|
|
137
|
-
return;
|
|
138
|
+
*list(options) {
|
|
138
139
|
for (const key of this) {
|
|
139
|
-
if (
|
|
140
|
-
|
|
141
|
-
if (Array.isArray(search.kid)) {
|
|
142
|
-
if (!key.kid || !search.kid.includes(key.kid))
|
|
143
|
-
continue;
|
|
140
|
+
if (key.isActive(options) && key.matches(options)) {
|
|
141
|
+
yield key;
|
|
144
142
|
}
|
|
145
|
-
else if (search.kid) {
|
|
146
|
-
if (key.kid !== search.kid)
|
|
147
|
-
continue;
|
|
148
|
-
}
|
|
149
|
-
if (Array.isArray(search.alg)) {
|
|
150
|
-
if (!search.alg.some((a) => key.algorithms.includes(a)))
|
|
151
|
-
continue;
|
|
152
|
-
}
|
|
153
|
-
else if (typeof search.alg === 'string') {
|
|
154
|
-
if (!key.algorithms.includes(search.alg))
|
|
155
|
-
continue;
|
|
156
|
-
}
|
|
157
|
-
yield key;
|
|
158
143
|
}
|
|
159
144
|
}
|
|
160
|
-
findPrivateKey({ kid, alg,
|
|
145
|
+
findPrivateKey({ kid, alg, usage, ...options }) {
|
|
161
146
|
const matchingKeys = [];
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
// Skip negotiation if a
|
|
147
|
+
// Allow the loop bellow to return early when a single "alg" is provided
|
|
148
|
+
if (Array.isArray(alg) && alg.length === 1)
|
|
149
|
+
alg = alg[0];
|
|
150
|
+
for (const key of this.list({ ...options, kid, alg, usage })) {
|
|
151
|
+
// Skip negotiation if a single "alg" was provided
|
|
167
152
|
if (typeof alg === 'string')
|
|
168
153
|
return { key, alg };
|
|
169
154
|
matchingKeys.push(key);
|
|
@@ -184,7 +169,7 @@ let Keyset = (() => {
|
|
|
184
169
|
return { key: matchingKey, alg };
|
|
185
170
|
}
|
|
186
171
|
}
|
|
187
|
-
throw new errors_js_1.JwkError(`No private key found for ${kid || alg ||
|
|
172
|
+
throw new errors_js_1.JwkError(`No private key found for ${kid || alg || usage}`, errors_js_1.ERR_JWK_NOT_FOUND);
|
|
188
173
|
}
|
|
189
174
|
[(_get_signAlgorithms_decorators = [util_js_1.cachedGetter], _get_publicJwks_decorators = [util_js_1.cachedGetter], _get_privateJwks_decorators = [util_js_1.cachedGetter], Symbol.iterator)]() {
|
|
190
175
|
return this.keys.values();
|
|
@@ -194,7 +179,8 @@ let Keyset = (() => {
|
|
|
194
179
|
const { key, alg } = this.findPrivateKey({
|
|
195
180
|
alg: sAlg,
|
|
196
181
|
kid: sKid,
|
|
197
|
-
|
|
182
|
+
usage: 'sign',
|
|
183
|
+
allowRevoked: false, // For explicitness (default value is false)
|
|
198
184
|
});
|
|
199
185
|
const protectedHeader = { ...header, alg, kid: key.kid };
|
|
200
186
|
if (typeof payload === 'function') {
|
|
@@ -210,7 +196,7 @@ let Keyset = (() => {
|
|
|
210
196
|
const { header } = (0, jwt_decode_js_1.unsafeDecodeJwt)(token);
|
|
211
197
|
const { kid, alg } = header;
|
|
212
198
|
const errors = [];
|
|
213
|
-
for (const key of this.list({ kid, alg })) {
|
|
199
|
+
for (const key of this.list({ ...options, kid, alg, usage: 'verify' })) {
|
|
214
200
|
try {
|
|
215
201
|
const result = await key.verifyJwt(token, options);
|
|
216
202
|
return { ...result, key };
|
|
@@ -229,7 +215,7 @@ let Keyset = (() => {
|
|
|
229
215
|
}
|
|
230
216
|
}
|
|
231
217
|
toJSON() {
|
|
232
|
-
// Make a copy to
|
|
218
|
+
// Make a copy to allow mutation of the result
|
|
233
219
|
return structuredClone(this.publicJwks);
|
|
234
220
|
}
|
|
235
221
|
},
|
package/dist/keyset.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"keyset.js","sourceRoot":"","sources":["../src/keyset.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAOoB;AAGpB,mDAAiD;AAIjD,uCAQkB;AAelB,MAAM,iBAAiB,GAAG,CAAC,GAAQ,EAAmB,EAAE,CAAC,GAAG,CAAC,UAAU,CAAA;AACvE,MAAM,gBAAgB,GAAG,CAAC,GAAQ,EAAmB,EAAE,CAAC,GAAG,CAAC,SAAS,CAAA;IAExD,MAAM;;;;;;sBAAN,MAAM;YAGjB,YACE,QAAgD;YAChD;;;;eAIG;YACa,6BAAgD,QAAQ;gBACxE,EAAM;gBACJ,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,0BAA0B,CAAC;gBAC1C,CAAC,CAAC;oBACE,mCAAmC;oBACnC,OAAO;oBACP,QAAQ;oBACR,OAAO;oBACP,4DAA4D;oBAC5D,OAAO;oBACP,OAAO;oBACP,OAAO;oBACP,OAAO;oBACP,OAAO;oBACP,OAAO;iBACR;gBAfL;;;;4BAVS,mDAAM,EAUC,0BAA0B;mBAerC;gBAxBU;;;;;mBAAkB;gBA0BjC,MAAM,IAAI,GAAQ,EAAE,CAAA;gBAEpB,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAA;gBAC9B,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;oBAC3B,IAAI,CAAC,GAAG;wBAAE,SAAQ;oBAElB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;oBAEd,IAAI,GAAG,CAAC,GAAG,EAAE,CAAC;wBACZ,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC;4BAAE,MAAM,IAAI,oBAAQ,CAAC,kBAAkB,GAAG,CAAC,GAAG,EAAE,CAAC,CAAA;;4BACjE,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;oBACxB,CAAC;gBACH,CAAC;gBAED,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;YACjC,CAAC;YAED,IAAI,IAAI;gBACN,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAA;YACzB,CAAC;YAGD,IAAI,cAAc;gBAChB,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAA;gBACpC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;oBACvB,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK;wBAAE,SAAQ;oBAC/B,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;wBACjC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;oBACrB,CAAC;gBACH,CAAC;gBACD,OAAO,MAAM,CAAC,MAAM,CAClB,CAAC,GAAG,UAAU,CAAC,CAAC,IAAI,CAAC,IAAA,2BAAiB,EAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC,CACzE,CAAA;YACH,CAAC;YAGD,IAAI,UAAU;gBACZ,OAAO;oBACL,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC,MAAM,CAAC,mBAAS,CAAC;iBAC3D,CAAA;YACH,CAAC;YAGD,IAAI,WAAW;gBACb,OAAO;oBACL,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC,MAAM,CAAC,mBAAS,CAAC;iBAC5D,CAAA;YACH,CAAC;YAED,GAAG,CAAC,GAAW;gBACb,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,KAAK,GAAG,CAAC,CAAA;YACjD,CAAC;YAED,GAAG,CAAC,MAAiB;gBACnB,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;oBACpC,OAAO,GAAG,CAAA;gBACZ,CAAC;gBAED,MAAM,IAAI,oBAAQ,CAChB,iBAAiB,MAAM,CAAC,GAAG,IAAI,MAAM,CAAC,GAAG,IAAI,WAAW,EAAE,EAC1D,6BAAiB,CAClB,CAAA;YACH,CAAC;YAED,CAAC,IAAI,CAAC,MAAiB;gBACrB,mEAAmE;gBACnE,IAAI,MAAM,CAAC,GAAG,EAAE,MAAM,KAAK,CAAC;oBAAE,OAAM;gBACpC,IAAI,MAAM,CAAC,GAAG,EAAE,MAAM,KAAK,CAAC;oBAAE,OAAM;gBAEpC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;oBACvB,IAAI,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,KAAK,MAAM,CAAC,GAAG;wBAAE,SAAQ;oBAElD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;wBAC9B,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC;4BAAE,SAAQ;oBACzD,CAAC;yBAAM,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;wBACtB,IAAI,GAAG,CAAC,GAAG,KAAK,MAAM,CAAC,GAAG;4BAAE,SAAQ;oBACtC,CAAC;oBAED,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;wBAC9B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;4BAAE,SAAQ;oBACnE,CAAC;yBAAM,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;wBAC1C,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC;4BAAE,SAAQ;oBACpD,CAAC;oBAED,MAAM,GAAG,CAAA;gBACX,CAAC;YACH,CAAC;YAED,cAAc,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAa;gBACzC,MAAM,YAAY,GAAU,EAAE,CAAA;gBAE9B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;oBAC/C,oBAAoB;oBACpB,IAAI,CAAC,GAAG,CAAC,SAAS;wBAAE,SAAQ;oBAE5B,oDAAoD;oBACpD,IAAI,OAAO,GAAG,KAAK,QAAQ;wBAAE,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,CAAA;oBAEhD,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBACxB,CAAC;gBAED,MAAM,YAAY,GAAG,IAAA,oBAAU,EAAC,GAAG,CAAC,CAAA;gBACpC,MAAM,UAAU,GAAG,YAAY,CAAC,GAAG,CACjC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAU,CAC7D,CAAA;gBAED,oEAAoE;gBACpE,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,0BAA0B,EAAE,CAAC;oBACtD,KAAK,MAAM,CAAC,WAAW,EAAE,YAAY,CAAC,IAAI,UAAU,EAAE,CAAC;wBACrD,IAAI,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;4BACnC,OAAO,EAAE,GAAG,EAAE,WAAW,EAAE,GAAG,EAAE,OAAO,EAAE,CAAA;wBAC3C,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,uBAAuB;gBACvB,KAAK,MAAM,CAAC,WAAW,EAAE,YAAY,CAAC,IAAI,UAAU,EAAE,CAAC;oBACrD,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;wBAC/B,OAAO,EAAE,GAAG,EAAE,WAAW,EAAE,GAAG,EAAE,CAAA;oBAClC,CAAC;gBACH,CAAC;gBAED,MAAM,IAAI,oBAAQ,CAChB,4BAA4B,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,WAAW,EAAE,EAC9D,6BAAiB,CAClB,CAAA;YACH,CAAC;YAED,oCA3GC,sBAAY,iCAcZ,sBAAY,kCAOZ,sBAAY,GAsFZ,MAAM,CAAC,QAAQ,EAAC;gBACf,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAA;YAC3B,CAAC;YAED,KAAK,CAAC,SAAS,CACb,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,MAAM,EAAiB,EAClD,OAAsC;gBAEtC,IAAI,CAAC;oBACH,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC;wBACvC,GAAG,EAAE,IAAI;wBACT,GAAG,EAAE,IAAI;wBACT,GAAG,EAAE,KAAK;qBACX,CAAC,CAAA;oBACF,MAAM,eAAe,GAAG,EAAE,GAAG,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAA;oBAExD,IAAI,OAAO,OAAO,KAAK,UAAU,EAAE,CAAC;wBAClC,OAAO,GAAG,MAAM,OAAO,CAAC,eAAe,EAAE,GAAG,CAAC,CAAA;oBAC/C,CAAC;oBAED,OAAO,MAAM,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,OAAO,CAAC,CAAA;gBACtD,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,MAAM,0BAAc,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBAChC,CAAC;YACH,CAAC;YAED,KAAK,CAAC,SAAS,CACb,KAAgB,EAChB,OAA0B;gBAE1B,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,+BAAe,EAAC,KAAK,CAAC,CAAA;gBACzC,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,MAAM,CAAA;gBAE3B,MAAM,MAAM,GAAc,EAAE,CAAA;gBAE5B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;oBAC1C,IAAI,CAAC;wBACH,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,SAAS,CAAI,KAAK,EAAE,OAAO,CAAC,CAAA;wBACrD,OAAO,EAAE,GAAG,MAAM,EAAE,GAAG,EAAE,CAAA;oBAC3B,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACb,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;oBAClB,CAAC;gBACH,CAAC;gBAED,QAAQ,MAAM,CAAC,MAAM,EAAE,CAAC;oBACtB,KAAK,CAAC;wBACJ,MAAM,IAAI,0BAAc,CAAC,gBAAgB,EAAE,oCAAwB,CAAC,CAAA;oBACtE,KAAK,CAAC;wBACJ,MAAM,0BAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,2BAAe,CAAC,CAAA;oBACvD;wBACE,MAAM,0BAAc,CAAC,IAAI,CAAC,MAAM,EAAE,2BAAe,CAAC,CAAA;gBACtD,CAAC;YACH,CAAC;YAED,MAAM;gBACJ,yDAAyD;gBACzD,OAAO,eAAe,CAAC,IAAI,CAAC,UAAU,CAAwB,CAAA;YAChE,CAAC;;;;YAnKD,+LAAI,cAAc,6DAWjB;YAGD,mLAAI,UAAU,6DAIb;YAGD,sLAAI,WAAW,6DAId;;;;;AA1EU,wBAAM"}
|
|
1
|
+
{"version":3,"file":"keyset.js","sourceRoot":"","sources":["../src/keyset.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAOoB;AAGpB,mDAAiD;AAIjD,uCAMkB;AAelB,MAAM,iBAAiB,GAAG,CAAC,GAAQ,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAA;AACtD,MAAM,gBAAgB,GAAG,CAAC,GAAQ,EAAE,EAAE,CAAC,GAAG,CAAC,SAAS,CAAA;IAEvC,MAAM;;;;;;sBAAN,MAAM;YAGjB,YACE,QAAgD;YAChD;;;;eAIG;YACa,6BAAgD,QAAQ;gBACxE,EAAM;gBACJ,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,0BAA0B,CAAC;gBAC1C,CAAC,CAAC;oBACE,mCAAmC;oBACnC,OAAO;oBACP,QAAQ;oBACR,OAAO;oBACP,4DAA4D;oBAC5D,OAAO;oBACP,OAAO;oBACP,OAAO;oBACP,OAAO;oBACP,OAAO;oBACP,OAAO;iBACR;gBAfL;;;;4BAVS,mDAAM,EAUC,0BAA0B;mBAerC;gBAxBU;;;;;mBAAkB;gBA0BjC,MAAM,IAAI,GAAQ,EAAE,CAAA;gBAEpB,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAA;gBAChC,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;oBAC3B,IAAI,CAAC,GAAG;wBAAE,SAAQ;oBAElB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;oBAEd,IAAI,GAAG,CAAC,GAAG,EAAE,CAAC;wBACZ,IAAI,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC;4BAAE,MAAM,IAAI,oBAAQ,CAAC,kBAAkB,GAAG,CAAC,GAAG,EAAE,CAAC,CAAA;;4BACnE,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;oBAC1B,CAAC;gBACH,CAAC;gBAED,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;YACjC,CAAC;YAED,IAAI,IAAI;gBACN,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAA;YACzB,CAAC;YAGD,IAAI,cAAc;gBAChB,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAA;gBACpC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;oBACvB,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK;wBAAE,SAAQ;oBAC/B,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;wBACjC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;oBACrB,CAAC;gBACH,CAAC;gBACD,OAAO,MAAM,CAAC,MAAM,CAClB,CAAC,GAAG,UAAU,CAAC,CAAC,IAAI,CAAC,IAAA,2BAAiB,EAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC,CACzE,CAAA;YACH,CAAC;YAGD,IAAI,UAAU;gBACZ,OAAO,MAAM,CAAC,MAAM,CAAC;oBACnB,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC,MAAM,CAAC,mBAAS,CAAC,CAAC;iBAC1E,CAAC,CAAA;YACJ,CAAC;YAGD,IAAI,WAAW;gBACb,OAAO,MAAM,CAAC,MAAM,CAAC;oBACnB,IAAI,EAAE,MAAM,CAAC,MAAM,CACjB,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC,MAAM,CAAC,mBAAS,CAAC,CACtD;iBACF,CAAC,CAAA;YACJ,CAAC;YAED,GAAG,CAAC,GAAW;gBACb,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,KAAK,GAAG,CAAC,CAAA;YACjD,CAAC;YAED,GAAG,CAAC,OAAuB;gBACzB,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;gBAC9B,IAAI,GAAG;oBAAE,OAAO,GAAG,CAAA;gBAEnB,MAAM,IAAI,oBAAQ,CAChB,iBAAiB,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,KAAK,IAAI,WAAW,EAAE,EAC7E,6BAAiB,CAClB,CAAA;YACH,CAAC;YAED,IAAI,CAAC,OAAuB;gBAC1B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBACrC,OAAO,GAAG,CAAA;gBACZ,CAAC;gBAED,OAAO,SAAS,CAAA;YAClB,CAAC;YAED,CAAC,IAAI,CAA2B,OAAU;gBACxC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;oBACvB,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;wBAClD,MAAM,GAAG,CAAA;oBACX,CAAC;gBACH,CAAC;YACH,CAAC;YAED,cAAc,CAAC,EACb,GAAG,EACH,GAAG,EACH,KAAK,EACL,GAAG,OAAO,EACkC;gBAI5C,MAAM,YAAY,GAAU,EAAE,CAAA;gBAE9B,wEAAwE;gBACxE,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;oBAAE,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,CAAA;gBAExD,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,GAAG,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;oBAC7D,kDAAkD;oBAClD,IAAI,OAAO,GAAG,KAAK,QAAQ;wBAAE,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,CAAA;oBAEhD,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBACxB,CAAC;gBAED,MAAM,YAAY,GAAG,IAAA,oBAAU,EAAC,GAAG,CAAC,CAAA;gBACpC,MAAM,UAAU,GAAG,YAAY,CAAC,GAAG,CACjC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAU,CAC7D,CAAA;gBAED,oEAAoE;gBACpE,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,0BAA0B,EAAE,CAAC;oBACtD,KAAK,MAAM,CAAC,WAAW,EAAE,YAAY,CAAC,IAAI,UAAU,EAAE,CAAC;wBACrD,IAAI,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;4BACnC,OAAO,EAAE,GAAG,EAAE,WAAW,EAAE,GAAG,EAAE,OAAO,EAAE,CAAA;wBAC3C,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,uBAAuB;gBACvB,KAAK,MAAM,CAAC,WAAW,EAAE,YAAY,CAAC,IAAI,UAAU,EAAE,CAAC;oBACrD,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;wBAC/B,OAAO,EAAE,GAAG,EAAE,WAAW,EAAE,GAAG,EAAE,CAAA;oBAClC,CAAC;gBACH,CAAC;gBAED,MAAM,IAAI,oBAAQ,CAChB,4BAA4B,GAAG,IAAI,GAAG,IAAI,KAAK,EAAE,EACjD,6BAAiB,CAClB,CAAA;YACH,CAAC;YAED,oCA5GC,sBAAY,iCAcZ,sBAAY,kCAOZ,sBAAY,GAuFZ,MAAM,CAAC,QAAQ,EAAC;gBACf,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAA;YAC3B,CAAC;YAED,KAAK,CAAC,SAAS,CACb,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,MAAM,EAAiB,EAClD,OAAsC;gBAEtC,IAAI,CAAC;oBACH,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC;wBACvC,GAAG,EAAE,IAAI;wBACT,GAAG,EAAE,IAAI;wBACT,KAAK,EAAE,MAAM;wBACb,YAAY,EAAE,KAAK,EAAE,4CAA4C;qBAClE,CAAC,CAAA;oBACF,MAAM,eAAe,GAAG,EAAE,GAAG,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAA;oBAExD,IAAI,OAAO,OAAO,KAAK,UAAU,EAAE,CAAC;wBAClC,OAAO,GAAG,MAAM,OAAO,CAAC,eAAe,EAAE,GAAG,CAAC,CAAA;oBAC/C,CAAC;oBAED,OAAO,MAAM,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,OAAO,CAAC,CAAA;gBACtD,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,MAAM,0BAAc,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBAChC,CAAC;YACH,CAAC;YAED,KAAK,CAAC,SAAS,CACb,KAAgB,EAChB,OAAiD;gBAEjD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,+BAAe,EAAC,KAAK,CAAC,CAAA;gBACzC,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,MAAM,CAAA;gBAE3B,MAAM,MAAM,GAAc,EAAE,CAAA;gBAE5B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,GAAG,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;oBACvE,IAAI,CAAC;wBACH,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,SAAS,CAAI,KAAK,EAAE,OAAO,CAAC,CAAA;wBACrD,OAAO,EAAE,GAAG,MAAM,EAAE,GAAG,EAAE,CAAA;oBAC3B,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACb,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;oBAClB,CAAC;gBACH,CAAC;gBAED,QAAQ,MAAM,CAAC,MAAM,EAAE,CAAC;oBACtB,KAAK,CAAC;wBACJ,MAAM,IAAI,0BAAc,CAAC,gBAAgB,EAAE,oCAAwB,CAAC,CAAA;oBACtE,KAAK,CAAC;wBACJ,MAAM,0BAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,2BAAe,CAAC,CAAA;oBACvD;wBACE,MAAM,0BAAc,CAAC,IAAI,CAAC,MAAM,EAAE,2BAAe,CAAC,CAAA;gBACtD,CAAC;YACH,CAAC;YAED,MAAM;gBACJ,8CAA8C;gBAC9C,OAAO,eAAe,CAAC,IAAI,CAAC,UAAU,CAAY,CAAA;YACpD,CAAC;;;;YArKD,+LAAI,cAAc,6DAWjB;YAGD,mLAAI,UAAU,6DAIb;YAGD,sLAAI,WAAW,6DAMd;;;;;AA5EU,wBAAM","sourcesContent":["import {\n ERR_JWKS_NO_MATCHING_KEY,\n ERR_JWK_NOT_FOUND,\n ERR_JWT_INVALID,\n JwkError,\n JwtCreateError,\n JwtVerifyError,\n} from './errors.js'\nimport { PrivateKeyUsage } from './jwk.js'\nimport { JwksPub } from './jwks.js'\nimport { unsafeDecodeJwt } from './jwt-decode.js'\nimport { VerifyOptions, VerifyResult } from './jwt-verify.js'\nimport { JwtHeader, JwtPayload, SignedJwt } from './jwt.js'\nimport { ActivityCheckOptions, Key, KeyMatchOptions } from './key.js'\nimport {\n Override,\n cachedGetter,\n isDefined,\n matchesAny,\n preferredOrderCmp,\n} from './util.js'\n\nexport type { ActivityCheckOptions, KeyMatchOptions }\nexport type FindKeyOptions = KeyMatchOptions & ActivityCheckOptions\n\nexport type JwtSignHeader = Override<\n JwtHeader,\n Pick<FindKeyOptions, 'alg' | 'kid'>\n>\n\nexport type JwtPayloadGetter<P = JwtPayload> = (\n header: JwtHeader,\n key: Key,\n) => P | PromiseLike<P>\n\nconst extractPrivateJwk = (key: Key) => key.privateJwk\nconst extractPublicJwk = (key: Key) => key.publicJwk\n\nexport class Keyset<K extends Key = Key> implements Iterable<K> {\n private readonly keys: readonly K[]\n\n constructor(\n iterable: Iterable<K | null | undefined | false>,\n /**\n * The preferred algorithms to use when signing a JWT using this keyset.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc7518#section-3.1}\n */\n public readonly preferredSigningAlgorithms: readonly string[] = iterable instanceof\n Keyset\n ? [...iterable.preferredSigningAlgorithms]\n : [\n // Prefer elliptic curve algorithms\n 'EdDSA',\n 'ES256K',\n 'ES256',\n // https://datatracker.ietf.org/doc/html/rfc7518#section-3.5\n 'PS256',\n 'PS384',\n 'PS512',\n 'HS256',\n 'HS384',\n 'HS512',\n ],\n ) {\n const keys: K[] = []\n\n const keyIds = new Set<string>()\n for (const key of iterable) {\n if (!key) continue\n\n keys.push(key)\n\n if (key.kid) {\n if (keyIds.has(key.kid)) throw new JwkError(`Duplicate key: ${key.kid}`)\n else keyIds.add(key.kid)\n }\n }\n\n this.keys = Object.freeze(keys)\n }\n\n get size(): number {\n return this.keys.length\n }\n\n @cachedGetter\n get signAlgorithms(): readonly string[] {\n const algorithms = new Set<string>()\n for (const key of this) {\n if (key.use !== 'sig') continue\n for (const alg of key.algorithms) {\n algorithms.add(alg)\n }\n }\n return Object.freeze(\n [...algorithms].sort(preferredOrderCmp(this.preferredSigningAlgorithms)),\n )\n }\n\n @cachedGetter\n get publicJwks() {\n return Object.freeze({\n keys: Object.freeze(Array.from(this, extractPublicJwk).filter(isDefined)),\n })\n }\n\n @cachedGetter\n get privateJwks() {\n return Object.freeze({\n keys: Object.freeze(\n Array.from(this, extractPrivateJwk).filter(isDefined),\n ),\n })\n }\n\n has(kid: string): boolean {\n return this.keys.some((key) => key.kid === kid)\n }\n\n get(options: FindKeyOptions): K {\n const key = this.find(options)\n if (key) return key\n\n throw new JwkError(\n `Key not found ${options.kid ?? options.alg ?? options.usage ?? '<unknown>'}`,\n ERR_JWK_NOT_FOUND,\n )\n }\n\n find(options: FindKeyOptions): K | undefined {\n for (const key of this.list(options)) {\n return key\n }\n\n return undefined\n }\n\n *list<O extends FindKeyOptions>(options: O) {\n for (const key of this) {\n if (key.isActive(options) && key.matches(options)) {\n yield key\n }\n }\n }\n\n findPrivateKey({\n kid,\n alg,\n usage,\n ...options\n }: FindKeyOptions & { usage: PrivateKeyUsage }): {\n key: Key\n alg: string\n } {\n const matchingKeys: Key[] = []\n\n // Allow the loop bellow to return early when a single \"alg\" is provided\n if (Array.isArray(alg) && alg.length === 1) alg = alg[0]\n\n for (const key of this.list({ ...options, kid, alg, usage })) {\n // Skip negotiation if a single \"alg\" was provided\n if (typeof alg === 'string') return { key, alg }\n\n matchingKeys.push(key)\n }\n\n const isAllowedAlg = matchesAny(alg)\n const candidates = matchingKeys.map(\n (key) => [key, key.algorithms.filter(isAllowedAlg)] as const,\n )\n\n // Return the first candidates that matches the preferred algorithms\n for (const prefAlg of this.preferredSigningAlgorithms) {\n for (const [matchingKey, matchingAlgs] of candidates) {\n if (matchingAlgs.includes(prefAlg)) {\n return { key: matchingKey, alg: prefAlg }\n }\n }\n }\n\n // Return any candidate\n for (const [matchingKey, matchingAlgs] of candidates) {\n for (const alg of matchingAlgs) {\n return { key: matchingKey, alg }\n }\n }\n\n throw new JwkError(\n `No private key found for ${kid || alg || usage}`,\n ERR_JWK_NOT_FOUND,\n )\n }\n\n [Symbol.iterator](): IterableIterator<K> {\n return this.keys.values()\n }\n\n async createJwt(\n { alg: sAlg, kid: sKid, ...header }: JwtSignHeader,\n payload: JwtPayload | JwtPayloadGetter,\n ): Promise<SignedJwt> {\n try {\n const { key, alg } = this.findPrivateKey({\n alg: sAlg,\n kid: sKid,\n usage: 'sign',\n allowRevoked: false, // For explicitness (default value is false)\n })\n const protectedHeader = { ...header, alg, kid: key.kid }\n\n if (typeof payload === 'function') {\n payload = await payload(protectedHeader, key)\n }\n\n return await key.createJwt(protectedHeader, payload)\n } catch (err) {\n throw JwtCreateError.from(err)\n }\n }\n\n async verifyJwt<C extends string = never>(\n token: SignedJwt,\n options?: ActivityCheckOptions & VerifyOptions<C>,\n ): Promise<VerifyResult<C> & { key: K }> {\n const { header } = unsafeDecodeJwt(token)\n const { kid, alg } = header\n\n const errors: unknown[] = []\n\n for (const key of this.list({ ...options, kid, alg, usage: 'verify' })) {\n try {\n const result = await key.verifyJwt<C>(token, options)\n return { ...result, key }\n } catch (err) {\n errors.push(err)\n }\n }\n\n switch (errors.length) {\n case 0:\n throw new JwtVerifyError('No key matched', ERR_JWKS_NO_MATCHING_KEY)\n case 1:\n throw JwtVerifyError.from(errors[0], ERR_JWT_INVALID)\n default:\n throw JwtVerifyError.from(errors, ERR_JWT_INVALID)\n }\n }\n\n toJSON() {\n // Make a copy to allow mutation of the result\n return structuredClone(this.publicJwks) as JwksPub\n }\n}\n"]}
|
package/dist/util.d.ts
CHANGED
|
@@ -6,12 +6,6 @@ export type Override<T, V> = Simplify<V & Omit<T, keyof V>>;
|
|
|
6
6
|
export type RequiredKey<T, K extends keyof T = never> = Simplify<T & {
|
|
7
7
|
[L in K]-?: unknown extends T[L] ? NonNullable<unknown> | null : Exclude<T[L], undefined>;
|
|
8
8
|
}>;
|
|
9
|
-
export type DeepReadonly<T> = T extends Function ? T : T extends object ? {
|
|
10
|
-
readonly [K in keyof T]: DeepReadonly<T[K]>;
|
|
11
|
-
} : T extends readonly (infer U)[] ? readonly DeepReadonly<U>[] : T;
|
|
12
|
-
export type UnReadonly<T> = T extends Function ? T : T extends object ? {
|
|
13
|
-
-readonly [K in keyof T]: UnReadonly<T[K]>;
|
|
14
|
-
} : T extends readonly (infer U)[] ? UnReadonly<U>[] : T;
|
|
15
9
|
export declare const isDefined: <T>(i: T | undefined) => i is T;
|
|
16
10
|
export declare const preferredOrderCmp: <T>(order: readonly T[]) => (a: T, b: T) => number;
|
|
17
11
|
export declare function matchesAny<T extends string | number | symbol | boolean>(value: null | undefined | T | readonly T[]): (v: unknown) => v is T;
|
|
@@ -50,5 +44,6 @@ type SegmentedString<C extends number, Acc extends string[] = [string]> = Acc['l
|
|
|
50
44
|
* ```
|
|
51
45
|
*/
|
|
52
46
|
export declare const segmentedStringRefinementFactory: <C extends number>(count: C, minPartLength?: number) => (data: string, ctx: RefinementCtx) => data is SegmentedString<C>;
|
|
47
|
+
export declare function isLastOccurrence<T extends number | boolean | string | null | undefined | symbol | bigint>(v: T, i: number, arr: readonly T[]): boolean;
|
|
53
48
|
export {};
|
|
54
49
|
//# sourceMappingURL=util.d.ts.map
|
package/dist/util.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAgB,MAAM,KAAK,CAAA;AAGjD,MAAM,MAAM,QAAQ,CAAC,CAAC,IAAI;KAAG,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAAE,GAAG,EAAE,CAAA;AACvD,MAAM,MAAM,QAAQ,CAAC,CAAC,EAAE,CAAC,IAAI,QAAQ,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAA;AAE3D,MAAM,MAAM,WAAW,CAAC,CAAC,EAAE,CAAC,SAAS,MAAM,CAAC,GAAG,KAAK,IAAI,QAAQ,CAC9D,CAAC,GAAG;KACD,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,GAC5B,WAAW,CAAC,OAAO,CAAC,GAAG,IAAI,GAC3B,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC;CAC7B,CACF,CAAA;
|
|
1
|
+
{"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../src/util.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAgB,MAAM,KAAK,CAAA;AAGjD,MAAM,MAAM,QAAQ,CAAC,CAAC,IAAI;KAAG,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAAE,GAAG,EAAE,CAAA;AACvD,MAAM,MAAM,QAAQ,CAAC,CAAC,EAAE,CAAC,IAAI,QAAQ,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAA;AAE3D,MAAM,MAAM,WAAW,CAAC,CAAC,EAAE,CAAC,SAAS,MAAM,CAAC,GAAG,KAAK,IAAI,QAAQ,CAC9D,CAAC,GAAG;KACD,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,GAC5B,WAAW,CAAC,OAAO,CAAC,GAAG,IAAI,GAC3B,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC;CAC7B,CACF,CAAA;AAED,eAAO,MAAM,SAAS,GAAI,CAAC,EAAE,GAAG,CAAC,GAAG,SAAS,KAAG,CAAC,IAAI,CAAoB,CAAA;AAEzE,eAAO,MAAM,iBAAiB,GAC3B,CAAC,EAAE,OAAO,SAAS,CAAC,EAAE,MACtB,GAAG,CAAC,EAAE,GAAG,CAAC,WAOV,CAAA;AAEH,wBAAgB,UAAU,CAAC,CAAC,SAAS,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,EACrE,KAAK,EAAE,IAAI,GAAG,SAAS,GAAG,CAAC,GAAG,SAAS,CAAC,EAAE,GACzC,CAAC,CAAC,EAAE,OAAO,KAAK,CAAC,IAAI,CAAC,CAMxB;AAED;;GAEG;AACH,eAAO,MAAM,YAAY,GAAI,CAAC,SAAS,MAAM,EAAE,CAAC,EAC9C,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,EACtB,UAAU,2BAA2B,CAAC,CAAC,EAAE,CAAC,CAAC,MAE1B,MAAM,CAAC,MASzB,CAAA;AAGD,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAIpD;AAED;;;;;;GAMG;AACH,eAAO,MAAM,kBAAkB,GAAI,MAAM,MAAM,EAAE,KAAK,aAAa,KAAG,IA2BrE,CAAA;AAED;;;;;;;;;;;;GAYG;AACH,KAAK,eAAe,CAClB,CAAC,SAAS,MAAM,EAChB,GAAG,SAAS,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,IAC7B,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,GACvB,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,GACX,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,eAAe,CAAC,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,EAAE,CAAA;AAEvD;;;;;;GAMG;AACH,eAAO,MAAM,gCAAgC,GAAI,CAAC,SAAS,MAAM,EAC/D,OAAO,CAAC,EACR,sBAAiB,MAST,MAAM,MAAM,EAAE,KAAK,aAAa,KAAG,IAAI,IAAI,eAAe,CAAC,CAAC,CA2CrE,CAAA;AAED,wBAAgB,gBAAgB,CAC9B,CAAC,SAAS,MAAM,GAAG,OAAO,GAAG,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,GAAG,MAAM,EACxE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,SAAS,CAAC,EAAE,GAAG,OAAO,CAE7C"}
|