@atproto/jwk 0.5.0 → 0.7.0-next.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,5 +1,35 @@
1
1
  # @atproto/jwk
2
2
 
3
+ ## 0.7.0-next.0
4
+
5
+ ### Minor Changes
6
+
7
+ - [#4929](https://github.com/bluesky-social/atproto/pull/4929) [`bb7491c`](https://github.com/bluesky-social/atproto/commit/bb7491c29e06181e1d2f8cf6eb454f9bb8ab961b) Thanks [@devinivy](https://github.com/devinivy)! - **BREAKING:** Drop support for Node.js 18 and 20. Node.js 22 is now the minimum supported version. Docker images now use Node.js 24.
8
+
9
+ - [#4943](https://github.com/bluesky-social/atproto/pull/4943) [`07ae5d4`](https://github.com/bluesky-social/atproto/commit/07ae5d4452df51e045e0239da7a04cf0bc154028) Thanks [@devinivy](https://github.com/devinivy)! - **BREAKING:** Convert to pure ESM. All packages now ship `"type": "module"` with ES module output and Node16 module resolution.
10
+
11
+ Node.js 22's `require()` compatibility layer can still load these packages in CommonJS code.
12
+
13
+ - [#4930](https://github.com/bluesky-social/atproto/pull/4930) [`042df15`](https://github.com/bluesky-social/atproto/commit/042df15087c0e62cd1e715fcbf58852fab875af9) Thanks [@devinivy](https://github.com/devinivy)! - Build with TypeScript 6.0. Emitted `.d.ts` files now use TypeScript 6's stricter `Uint8Array<ArrayBuffer>` typing in places where Web/Node APIs require buffer-backed (not shared-memory) byte arrays. Consumers compiling against these types on older TypeScript should see no runtime impact, but may need to widen or cast in spots that previously relied on `Uint8Array` defaulting to `<ArrayBufferLike>`.
14
+
15
+ Internal: tsconfig `moduleResolution: "node"` is silenced via `ignoreDeprecations: "6.0"` for now; the proper migration to `node16`/`bundler` resolution is deferred.
16
+
17
+ ## 0.6.0
18
+
19
+ ### Minor Changes
20
+
21
+ - [#4103](https://github.com/bluesky-social/atproto/pull/4103) [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Update key matching algorithm to support `key_ops`
22
+
23
+ - [#4103](https://github.com/bluesky-social/atproto/pull/4103) [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Only allow `"use"` claims in public jwk
24
+
25
+ ### Patch Changes
26
+
27
+ - [#4103](https://github.com/bluesky-social/atproto/pull/4103) [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Silently ignore invalid JWKs from JSON Web Key Set (as per spec)
28
+
29
+ - [#4220](https://github.com/bluesky-social/atproto/pull/4220) [`fefe70126`](https://github.com/bluesky-social/atproto/commit/fefe70126d0ea82507ac750f669b3478290f186b) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Make the `jwk` property of `Key` instances public
30
+
31
+ - [#4103](https://github.com/bluesky-social/atproto/pull/4103) [`f560cf226`](https://github.com/bluesky-social/atproto/commit/f560cf2266715666ce5852ab095fcfb3876ae815) Thanks [@matthieusieben](https://github.com/matthieusieben)! - Avoid using `revoked` and inactive keys from JWK sets
32
+
3
33
  ## 0.5.0
4
34
 
5
35
  ### Minor Changes
package/LICENSE.txt CHANGED
@@ -1,6 +1,6 @@
1
1
  Dual MIT/Apache-2.0 License
2
2
 
3
- Copyright (c) 2022-2025 Bluesky Social PBC, and Contributors
3
+ Copyright (c) 2022-2026 Bluesky Social PBC, and Contributors
4
4
 
5
5
  Except as otherwise noted in individual files, this software is licensed under the MIT license (<http://opensource.org/licenses/MIT>), or the Apache License, Version 2.0 (<http://www.apache.org/licenses/LICENSE-2.0>).
6
6
 
package/dist/alg.d.ts CHANGED
@@ -1,3 +1,3 @@
1
- import { Jwk } from './jwk.js';
2
- export declare function jwkAlgorithms(jwk: Jwk): Generator<string>;
1
+ import { JwkBase } from './jwk.js';
2
+ export declare function jwkAlgorithms(jwk: JwkBase): Generator<string, void, unknown>;
3
3
  //# sourceMappingURL=alg.d.ts.map
package/dist/alg.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"alg.d.ts","sourceRoot":"","sources":["../src/alg.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAA;AAO9B,wBAAiB,aAAa,CAAC,GAAG,EAAE,GAAG,GAAG,SAAS,CAAC,MAAM,CAAC,CA0F1D"}
1
+ {"version":3,"file":"alg.d.ts","sourceRoot":"","sources":["../src/alg.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAgC,MAAM,UAAU,CAAA;AAOhE,wBAAiB,aAAa,CAAC,GAAG,EAAE,OAAO,GAAG,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,CA0F7E"}
package/dist/alg.js CHANGED
@@ -1,26 +1,23 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.jwkAlgorithms = jwkAlgorithms;
4
- const errors_js_1 = require("./errors.js");
1
+ import { JwkError } from './errors.js';
2
+ import { isEncKeyUsage, isSigKeyUsage } from './jwk.js';
5
3
  // Copy variable to prevent bundlers from automatically polyfilling "process" (e.g. parcel)
6
4
  const { process } = globalThis;
7
5
  const IS_NODE_RUNTIME = typeof process !== 'undefined' && typeof process?.versions?.node === 'string';
8
- function* jwkAlgorithms(jwk) {
6
+ export function* jwkAlgorithms(jwk) {
9
7
  // Ed25519, Ed448, and secp256k1 always have "alg"
10
- // OKP always has "use"
11
- if (jwk.alg) {
8
+ if (typeof jwk.alg === 'string') {
12
9
  yield jwk.alg;
13
10
  return;
14
11
  }
15
12
  switch (jwk.kty) {
16
13
  case 'EC': {
17
- if (jwk.use === 'enc' || jwk.use === undefined) {
14
+ if (jwkSupportsEnc(jwk)) {
18
15
  yield 'ECDH-ES';
19
16
  yield 'ECDH-ES+A128KW';
20
17
  yield 'ECDH-ES+A192KW';
21
18
  yield 'ECDH-ES+A256KW';
22
19
  }
23
- if (jwk.use === 'sig' || jwk.use === undefined) {
20
+ if (jwkSupportsSig(jwk)) {
24
21
  const crv = 'crv' in jwk ? jwk.crv : undefined;
25
22
  switch (crv) {
26
23
  case 'P-256':
@@ -35,14 +32,14 @@ function* jwkAlgorithms(jwk) {
35
32
  yield 'ES256K';
36
33
  break;
37
34
  default:
38
- throw new errors_js_1.JwkError(`Unsupported crv "${crv}"`);
35
+ throw new JwkError(`Unsupported crv "${crv}"`);
39
36
  }
40
37
  }
41
38
  return;
42
39
  }
43
40
  case 'OKP': {
44
41
  if (!jwk.use)
45
- throw new errors_js_1.JwkError('Missing "use" Parameter value');
42
+ throw new JwkError('Missing "use" Parameter value');
46
43
  yield 'ECDH-ES';
47
44
  yield 'ECDH-ES+A128KW';
48
45
  yield 'ECDH-ES+A192KW';
@@ -50,7 +47,7 @@ function* jwkAlgorithms(jwk) {
50
47
  return;
51
48
  }
52
49
  case 'RSA': {
53
- if (jwk.use === 'enc' || jwk.use === undefined) {
50
+ if (jwkSupportsEnc(jwk)) {
54
51
  yield 'RSA-OAEP';
55
52
  yield 'RSA-OAEP-256';
56
53
  yield 'RSA-OAEP-384';
@@ -58,7 +55,7 @@ function* jwkAlgorithms(jwk) {
58
55
  if (IS_NODE_RUNTIME)
59
56
  yield 'RSA1_5';
60
57
  }
61
- if (jwk.use === 'sig' || jwk.use === undefined) {
58
+ if (jwkSupportsSig(jwk)) {
62
59
  yield 'PS256';
63
60
  yield 'PS384';
64
61
  yield 'PS512';
@@ -69,7 +66,7 @@ function* jwkAlgorithms(jwk) {
69
66
  return;
70
67
  }
71
68
  case 'oct': {
72
- if (jwk.use === 'enc' || jwk.use === undefined) {
69
+ if (jwkSupportsEnc(jwk)) {
73
70
  yield 'A128GCMKW';
74
71
  yield 'A192GCMKW';
75
72
  yield 'A256GCMKW';
@@ -77,7 +74,7 @@ function* jwkAlgorithms(jwk) {
77
74
  yield 'A192KW';
78
75
  yield 'A256KW';
79
76
  }
80
- if (jwk.use === 'sig' || jwk.use === undefined) {
77
+ if (jwkSupportsSig(jwk)) {
81
78
  yield 'HS256';
82
79
  yield 'HS384';
83
80
  yield 'HS512';
@@ -85,7 +82,13 @@ function* jwkAlgorithms(jwk) {
85
82
  return;
86
83
  }
87
84
  default:
88
- throw new errors_js_1.JwkError(`Unsupported kty "${jwk.kty}"`);
85
+ throw new JwkError(`Unsupported kty "${jwk.kty}"`);
89
86
  }
90
87
  }
88
+ function jwkSupportsEnc(jwk) {
89
+ return (jwk.key_ops?.some(isEncKeyUsage) ?? (jwk.use == null || jwk.use === 'enc'));
90
+ }
91
+ function jwkSupportsSig(jwk) {
92
+ return (jwk.key_ops?.some(isSigKeyUsage) ?? (jwk.use == null || jwk.use === 'sig'));
93
+ }
91
94
  //# sourceMappingURL=alg.js.map
package/dist/alg.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"alg.js","sourceRoot":"","sources":["../src/alg.ts"],"names":[],"mappings":";;AAQA,sCA0FC;AAlGD,2CAAsC;AAGtC,2FAA2F;AAC3F,MAAM,EAAE,OAAO,EAAE,GAAG,UAAU,CAAA;AAC9B,MAAM,eAAe,GACnB,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,OAAO,EAAE,QAAQ,EAAE,IAAI,KAAK,QAAQ,CAAA;AAE/E,QAAe,CAAC,CAAC,aAAa,CAAC,GAAQ;IACrC,kDAAkD;IAClD,uBAAuB;IACvB,IAAI,GAAG,CAAC,GAAG,EAAE,CAAC;QACZ,MAAM,GAAG,CAAC,GAAG,CAAA;QACb,OAAM;IACR,CAAC;IAED,QAAQ,GAAG,CAAC,GAAG,EAAE,CAAC;QAChB,KAAK,IAAI,CAAC,CAAC,CAAC;YACV,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,IAAI,GAAG,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;gBAC/C,MAAM,SAAS,CAAA;gBACf,MAAM,gBAAgB,CAAA;gBACtB,MAAM,gBAAgB,CAAA;gBACtB,MAAM,gBAAgB,CAAA;YACxB,CAAC;YAED,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,IAAI,GAAG,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;gBAC/C,MAAM,GAAG,GAAG,KAAK,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAA;gBAC9C,QAAQ,GAAG,EAAE,CAAC;oBACZ,KAAK,OAAO,CAAC;oBACb,KAAK,OAAO;wBACV,MAAM,KAAK,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;wBAC1B,MAAK;oBACP,KAAK,OAAO;wBACV,MAAM,OAAO,CAAA;wBACb,MAAK;oBACP,KAAK,WAAW;wBACd,IAAI,eAAe;4BAAE,MAAM,QAAQ,CAAA;wBACnC,MAAK;oBACP;wBACE,MAAM,IAAI,oBAAQ,CAAC,oBAAoB,GAAG,GAAG,CAAC,CAAA;gBAClD,CAAC;YACH,CAAC;YAED,OAAM;QACR,CAAC;QAED,KAAK,KAAK,CAAC,CAAC,CAAC;YACX,IAAI,CAAC,GAAG,CAAC,GAAG;gBAAE,MAAM,IAAI,oBAAQ,CAAC,+BAA+B,CAAC,CAAA;YACjE,MAAM,SAAS,CAAA;YACf,MAAM,gBAAgB,CAAA;YACtB,MAAM,gBAAgB,CAAA;YACtB,MAAM,gBAAgB,CAAA;YACtB,OAAM;QACR,CAAC;QAED,KAAK,KAAK,CAAC,CAAC,CAAC;YACX,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,IAAI,GAAG,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;gBAC/C,MAAM,UAAU,CAAA;gBAChB,MAAM,cAAc,CAAA;gBACpB,MAAM,cAAc,CAAA;gBACpB,MAAM,cAAc,CAAA;gBACpB,IAAI,eAAe;oBAAE,MAAM,QAAQ,CAAA;YACrC,CAAC;YAED,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,IAAI,GAAG,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;gBAC/C,MAAM,OAAO,CAAA;gBACb,MAAM,OAAO,CAAA;gBACb,MAAM,OAAO,CAAA;gBACb,MAAM,OAAO,CAAA;gBACb,MAAM,OAAO,CAAA;gBACb,MAAM,OAAO,CAAA;YACf,CAAC;YAED,OAAM;QACR,CAAC;QAED,KAAK,KAAK,CAAC,CAAC,CAAC;YACX,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,IAAI,GAAG,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;gBAC/C,MAAM,WAAW,CAAA;gBACjB,MAAM,WAAW,CAAA;gBACjB,MAAM,WAAW,CAAA;gBACjB,MAAM,QAAQ,CAAA;gBACd,MAAM,QAAQ,CAAA;gBACd,MAAM,QAAQ,CAAA;YAChB,CAAC;YAED,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,IAAI,GAAG,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;gBAC/C,MAAM,OAAO,CAAA;gBACb,MAAM,OAAO,CAAA;gBACb,MAAM,OAAO,CAAA;YACf,CAAC;YAED,OAAM;QACR,CAAC;QAED;YACE,MAAM,IAAI,oBAAQ,CAAC,oBAAoB,GAAG,CAAC,GAAG,GAAG,CAAC,CAAA;IACtD,CAAC;AACH,CAAC"}
1
+ {"version":3,"file":"alg.js","sourceRoot":"","sources":["../src/alg.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAA;AACtC,OAAO,EAAW,aAAa,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAEhE,2FAA2F;AAC3F,MAAM,EAAE,OAAO,EAAE,GAAG,UAAU,CAAA;AAC9B,MAAM,eAAe,GACnB,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,OAAO,EAAE,QAAQ,EAAE,IAAI,KAAK,QAAQ,CAAA;AAE/E,MAAM,SAAS,CAAC,CAAC,aAAa,CAAC,GAAY;IACzC,kDAAkD;IAElD,IAAI,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QAChC,MAAM,GAAG,CAAC,GAAG,CAAA;QACb,OAAM;IACR,CAAC;IAED,QAAQ,GAAG,CAAC,GAAG,EAAE,CAAC;QAChB,KAAK,IAAI,CAAC,CAAC,CAAC;YACV,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,MAAM,SAAS,CAAA;gBACf,MAAM,gBAAgB,CAAA;gBACtB,MAAM,gBAAgB,CAAA;gBACtB,MAAM,gBAAgB,CAAA;YACxB,CAAC;YAED,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,MAAM,GAAG,GAAG,KAAK,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAA;gBAC9C,QAAQ,GAAG,EAAE,CAAC;oBACZ,KAAK,OAAO,CAAC;oBACb,KAAK,OAAO;wBACV,MAAM,KAAK,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;wBAC1B,MAAK;oBACP,KAAK,OAAO;wBACV,MAAM,OAAO,CAAA;wBACb,MAAK;oBACP,KAAK,WAAW;wBACd,IAAI,eAAe;4BAAE,MAAM,QAAQ,CAAA;wBACnC,MAAK;oBACP;wBACE,MAAM,IAAI,QAAQ,CAAC,oBAAoB,GAAG,GAAG,CAAC,CAAA;gBAClD,CAAC;YACH,CAAC;YAED,OAAM;QACR,CAAC;QAED,KAAK,KAAK,CAAC,CAAC,CAAC;YACX,IAAI,CAAC,GAAG,CAAC,GAAG;gBAAE,MAAM,IAAI,QAAQ,CAAC,+BAA+B,CAAC,CAAA;YACjE,MAAM,SAAS,CAAA;YACf,MAAM,gBAAgB,CAAA;YACtB,MAAM,gBAAgB,CAAA;YACtB,MAAM,gBAAgB,CAAA;YACtB,OAAM;QACR,CAAC;QAED,KAAK,KAAK,CAAC,CAAC,CAAC;YACX,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,MAAM,UAAU,CAAA;gBAChB,MAAM,cAAc,CAAA;gBACpB,MAAM,cAAc,CAAA;gBACpB,MAAM,cAAc,CAAA;gBACpB,IAAI,eAAe;oBAAE,MAAM,QAAQ,CAAA;YACrC,CAAC;YAED,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,MAAM,OAAO,CAAA;gBACb,MAAM,OAAO,CAAA;gBACb,MAAM,OAAO,CAAA;gBACb,MAAM,OAAO,CAAA;gBACb,MAAM,OAAO,CAAA;gBACb,MAAM,OAAO,CAAA;YACf,CAAC;YAED,OAAM;QACR,CAAC;QAED,KAAK,KAAK,CAAC,CAAC,CAAC;YACX,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,MAAM,WAAW,CAAA;gBACjB,MAAM,WAAW,CAAA;gBACjB,MAAM,WAAW,CAAA;gBACjB,MAAM,QAAQ,CAAA;gBACd,MAAM,QAAQ,CAAA;gBACd,MAAM,QAAQ,CAAA;YAChB,CAAC;YAED,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,MAAM,OAAO,CAAA;gBACb,MAAM,OAAO,CAAA;gBACb,MAAM,OAAO,CAAA;YACf,CAAC;YAED,OAAM;QACR,CAAC;QAED;YACE,MAAM,IAAI,QAAQ,CAAC,oBAAoB,GAAG,CAAC,GAAG,GAAG,CAAC,CAAA;IACtD,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,GAAY;IAClC,OAAO,CACL,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,IAAI,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,CAAC,CAC3E,CAAA;AACH,CAAC;AAED,SAAS,cAAc,CAAC,GAAY;IAClC,OAAO,CACL,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,IAAI,IAAI,GAAG,CAAC,GAAG,KAAK,KAAK,CAAC,CAC3E,CAAA;AACH,CAAC","sourcesContent":["import { JwkError } from './errors.js'\nimport { JwkBase, isEncKeyUsage, isSigKeyUsage } from './jwk.js'\n\n// Copy variable to prevent bundlers from automatically polyfilling \"process\" (e.g. parcel)\nconst { process } = globalThis\nconst IS_NODE_RUNTIME =\n typeof process !== 'undefined' && typeof process?.versions?.node === 'string'\n\nexport function* jwkAlgorithms(jwk: JwkBase): Generator<string, void, unknown> {\n // Ed25519, Ed448, and secp256k1 always have \"alg\"\n\n if (typeof jwk.alg === 'string') {\n yield jwk.alg\n return\n }\n\n switch (jwk.kty) {\n case 'EC': {\n if (jwkSupportsEnc(jwk)) {\n yield 'ECDH-ES'\n yield 'ECDH-ES+A128KW'\n yield 'ECDH-ES+A192KW'\n yield 'ECDH-ES+A256KW'\n }\n\n if (jwkSupportsSig(jwk)) {\n const crv = 'crv' in jwk ? jwk.crv : undefined\n switch (crv) {\n case 'P-256':\n case 'P-384':\n yield `ES${crv.slice(-3)}`\n break\n case 'P-521':\n yield 'ES512'\n break\n case 'secp256k1':\n if (IS_NODE_RUNTIME) yield 'ES256K'\n break\n default:\n throw new JwkError(`Unsupported crv \"${crv}\"`)\n }\n }\n\n return\n }\n\n case 'OKP': {\n if (!jwk.use) throw new JwkError('Missing \"use\" Parameter value')\n yield 'ECDH-ES'\n yield 'ECDH-ES+A128KW'\n yield 'ECDH-ES+A192KW'\n yield 'ECDH-ES+A256KW'\n return\n }\n\n case 'RSA': {\n if (jwkSupportsEnc(jwk)) {\n yield 'RSA-OAEP'\n yield 'RSA-OAEP-256'\n yield 'RSA-OAEP-384'\n yield 'RSA-OAEP-512'\n if (IS_NODE_RUNTIME) yield 'RSA1_5'\n }\n\n if (jwkSupportsSig(jwk)) {\n yield 'PS256'\n yield 'PS384'\n yield 'PS512'\n yield 'RS256'\n yield 'RS384'\n yield 'RS512'\n }\n\n return\n }\n\n case 'oct': {\n if (jwkSupportsEnc(jwk)) {\n yield 'A128GCMKW'\n yield 'A192GCMKW'\n yield 'A256GCMKW'\n yield 'A128KW'\n yield 'A192KW'\n yield 'A256KW'\n }\n\n if (jwkSupportsSig(jwk)) {\n yield 'HS256'\n yield 'HS384'\n yield 'HS512'\n }\n\n return\n }\n\n default:\n throw new JwkError(`Unsupported kty \"${jwk.kty}\"`)\n }\n}\n\nfunction jwkSupportsEnc(jwk: JwkBase): boolean {\n return (\n jwk.key_ops?.some(isEncKeyUsage) ?? (jwk.use == null || jwk.use === 'enc')\n )\n}\n\nfunction jwkSupportsSig(jwk: JwkBase): boolean {\n return (\n jwk.key_ops?.some(isSigKeyUsage) ?? (jwk.use == null || jwk.use === 'sig')\n )\n}\n"]}
package/dist/errors.js CHANGED
@@ -1,33 +1,19 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.JwtVerifyError = exports.JwtCreateError = exports.JwkError = exports.ERR_JWT_VERIFY = exports.ERR_JWT_CREATE = exports.ERR_JWT_INVALID = exports.ERR_JWK_NOT_FOUND = exports.ERR_JWK_INVALID = exports.ERR_JWKS_NO_MATCHING_KEY = void 0;
4
- exports.ERR_JWKS_NO_MATCHING_KEY = 'ERR_JWKS_NO_MATCHING_KEY';
5
- exports.ERR_JWK_INVALID = 'ERR_JWK_INVALID';
6
- exports.ERR_JWK_NOT_FOUND = 'ERR_JWK_NOT_FOUND';
7
- exports.ERR_JWT_INVALID = 'ERR_JWT_INVALID';
8
- exports.ERR_JWT_CREATE = 'ERR_JWT_CREATE';
9
- exports.ERR_JWT_VERIFY = 'ERR_JWT_VERIFY';
10
- class JwkError extends TypeError {
11
- constructor(message = 'JWK error', code = exports.ERR_JWK_INVALID, options) {
1
+ export const ERR_JWKS_NO_MATCHING_KEY = 'ERR_JWKS_NO_MATCHING_KEY';
2
+ export const ERR_JWK_INVALID = 'ERR_JWK_INVALID';
3
+ export const ERR_JWK_NOT_FOUND = 'ERR_JWK_NOT_FOUND';
4
+ export const ERR_JWT_INVALID = 'ERR_JWT_INVALID';
5
+ export const ERR_JWT_CREATE = 'ERR_JWT_CREATE';
6
+ export const ERR_JWT_VERIFY = 'ERR_JWT_VERIFY';
7
+ export class JwkError extends TypeError {
8
+ constructor(message = 'JWK error', code = ERR_JWK_INVALID, options) {
12
9
  super(message, options);
13
- Object.defineProperty(this, "code", {
14
- enumerable: true,
15
- configurable: true,
16
- writable: true,
17
- value: code
18
- });
10
+ this.code = code;
19
11
  }
20
12
  }
21
- exports.JwkError = JwkError;
22
- class JwtCreateError extends Error {
23
- constructor(message = 'Unable to create JWT', code = exports.ERR_JWT_CREATE, options) {
13
+ export class JwtCreateError extends Error {
14
+ constructor(message = 'Unable to create JWT', code = ERR_JWT_CREATE, options) {
24
15
  super(message, options);
25
- Object.defineProperty(this, "code", {
26
- enumerable: true,
27
- configurable: true,
28
- writable: true,
29
- value: code
30
- });
16
+ this.code = code;
31
17
  }
32
18
  static from(cause, code, message) {
33
19
  if (cause instanceof JwtCreateError)
@@ -38,16 +24,10 @@ class JwtCreateError extends Error {
38
24
  return new JwtCreateError(message, code, { cause });
39
25
  }
40
26
  }
41
- exports.JwtCreateError = JwtCreateError;
42
- class JwtVerifyError extends Error {
43
- constructor(message = 'Invalid JWT', code = exports.ERR_JWT_VERIFY, options) {
27
+ export class JwtVerifyError extends Error {
28
+ constructor(message = 'Invalid JWT', code = ERR_JWT_VERIFY, options) {
44
29
  super(message, options);
45
- Object.defineProperty(this, "code", {
46
- enumerable: true,
47
- configurable: true,
48
- writable: true,
49
- value: code
50
- });
30
+ this.code = code;
51
31
  }
52
32
  static from(cause, code, message) {
53
33
  if (cause instanceof JwtVerifyError)
@@ -58,5 +38,4 @@ class JwtVerifyError extends Error {
58
38
  return new JwtVerifyError(message, code, { cause });
59
39
  }
60
40
  }
61
- exports.JwtVerifyError = JwtVerifyError;
62
41
  //# sourceMappingURL=errors.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":";;;AAEa,QAAA,wBAAwB,GAAG,0BAA0B,CAAA;AACrD,QAAA,eAAe,GAAG,iBAAiB,CAAA;AACnC,QAAA,iBAAiB,GAAG,mBAAmB,CAAA;AACvC,QAAA,eAAe,GAAG,iBAAiB,CAAA;AACnC,QAAA,cAAc,GAAG,gBAAgB,CAAA;AACjC,QAAA,cAAc,GAAG,gBAAgB,CAAA;AAE9C,MAAa,QAAS,SAAQ,SAAS;IACrC,YACE,OAAO,GAAG,WAAW,EACL,OAAO,uBAAe,EACtC,OAAsB;QAEtB,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QAHvB;;;;mBAAgB,IAAI;WAAkB;IAIxC,CAAC;CACF;AARD,4BAQC;AAED,MAAa,cAAe,SAAQ,KAAK;IACvC,YACE,OAAO,GAAG,sBAAsB,EAChB,OAAO,sBAAc,EACrC,OAAsB;QAEtB,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QAHvB;;;;mBAAgB,IAAI;WAAiB;IAIvC,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,KAAc,EAAE,IAAa,EAAE,OAAgB;QACzD,IAAI,KAAK,YAAY,cAAc;YAAE,OAAO,KAAK,CAAA;QACjD,IAAI,KAAK,YAAY,QAAQ,EAAE,CAAC;YAC9B,OAAO,IAAI,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;QAC3D,CAAC;QAED,OAAO,IAAI,cAAc,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;IACrD,CAAC;CACF;AAjBD,wCAiBC;AAED,MAAa,cAAe,SAAQ,KAAK;IACvC,YACE,OAAO,GAAG,aAAa,EACP,OAAO,sBAAc,EACrC,OAAsB;QAEtB,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QAHvB;;;;mBAAgB,IAAI;WAAiB;IAIvC,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,KAAc,EAAE,IAAa,EAAE,OAAgB;QACzD,IAAI,KAAK,YAAY,cAAc;YAAE,OAAO,KAAK,CAAA;QACjD,IAAI,KAAK,YAAY,QAAQ,EAAE,CAAC;YAC9B,OAAO,IAAI,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;QAC3D,CAAC;QAED,OAAO,IAAI,cAAc,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;IACrD,CAAC;CACF;AAjBD,wCAiBC"}
1
+ {"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,wBAAwB,GAAG,0BAA0B,CAAA;AAClE,MAAM,CAAC,MAAM,eAAe,GAAG,iBAAiB,CAAA;AAChD,MAAM,CAAC,MAAM,iBAAiB,GAAG,mBAAmB,CAAA;AACpD,MAAM,CAAC,MAAM,eAAe,GAAG,iBAAiB,CAAA;AAChD,MAAM,CAAC,MAAM,cAAc,GAAG,gBAAgB,CAAA;AAC9C,MAAM,CAAC,MAAM,cAAc,GAAG,gBAAgB,CAAA;AAE9C,MAAM,OAAO,QAAS,SAAQ,SAAS;IACrC,YACE,OAAO,GAAG,WAAW,EACL,OAAO,eAAe,EACtC,OAAsB;QAEtB,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QAHP,SAAI,GAAJ,IAAI,CAAkB;IAIxC,CAAC;CACF;AAED,MAAM,OAAO,cAAe,SAAQ,KAAK;IACvC,YACE,OAAO,GAAG,sBAAsB,EAChB,OAAO,cAAc,EACrC,OAAsB;QAEtB,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QAHP,SAAI,GAAJ,IAAI,CAAiB;IAIvC,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,KAAc,EAAE,IAAa,EAAE,OAAgB;QACzD,IAAI,KAAK,YAAY,cAAc;YAAE,OAAO,KAAK,CAAA;QACjD,IAAI,KAAK,YAAY,QAAQ,EAAE,CAAC;YAC9B,OAAO,IAAI,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;QAC3D,CAAC;QAED,OAAO,IAAI,cAAc,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;IACrD,CAAC;CACF;AAED,MAAM,OAAO,cAAe,SAAQ,KAAK;IACvC,YACE,OAAO,GAAG,aAAa,EACP,OAAO,cAAc,EACrC,OAAsB;QAEtB,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QAHP,SAAI,GAAJ,IAAI,CAAiB;IAIvC,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,KAAc,EAAE,IAAa,EAAE,OAAgB;QACzD,IAAI,KAAK,YAAY,cAAc;YAAE,OAAO,KAAK,CAAA;QACjD,IAAI,KAAK,YAAY,QAAQ,EAAE,CAAC;YAC9B,OAAO,IAAI,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;QAC3D,CAAC;QAED,OAAO,IAAI,cAAc,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;IACrD,CAAC;CACF","sourcesContent":["export type ErrorOptions = { cause?: unknown }\n\nexport const ERR_JWKS_NO_MATCHING_KEY = 'ERR_JWKS_NO_MATCHING_KEY'\nexport const ERR_JWK_INVALID = 'ERR_JWK_INVALID'\nexport const ERR_JWK_NOT_FOUND = 'ERR_JWK_NOT_FOUND'\nexport const ERR_JWT_INVALID = 'ERR_JWT_INVALID'\nexport const ERR_JWT_CREATE = 'ERR_JWT_CREATE'\nexport const ERR_JWT_VERIFY = 'ERR_JWT_VERIFY'\n\nexport class JwkError extends TypeError {\n constructor(\n message = 'JWK error',\n public readonly code = ERR_JWK_INVALID,\n options?: ErrorOptions,\n ) {\n super(message, options)\n }\n}\n\nexport class JwtCreateError extends Error {\n constructor(\n message = 'Unable to create JWT',\n public readonly code = ERR_JWT_CREATE,\n options?: ErrorOptions,\n ) {\n super(message, options)\n }\n\n static from(cause: unknown, code?: string, message?: string): JwtCreateError {\n if (cause instanceof JwtCreateError) return cause\n if (cause instanceof JwkError) {\n return new JwtCreateError(message, cause.code, { cause })\n }\n\n return new JwtCreateError(message, code, { cause })\n }\n}\n\nexport class JwtVerifyError extends Error {\n constructor(\n message = 'Invalid JWT',\n public readonly code = ERR_JWT_VERIFY,\n options?: ErrorOptions,\n ) {\n super(message, options)\n }\n\n static from(cause: unknown, code?: string, message?: string): JwtVerifyError {\n if (cause instanceof JwtVerifyError) return cause\n if (cause instanceof JwkError) {\n return new JwtVerifyError(message, cause.code, { cause })\n }\n\n return new JwtVerifyError(message, code, { cause })\n }\n}\n"]}
package/dist/index.js CHANGED
@@ -1,32 +1,14 @@
1
- "use strict";
2
- var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
- if (k2 === undefined) k2 = k;
4
- var desc = Object.getOwnPropertyDescriptor(m, k);
5
- if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
- desc = { enumerable: true, get: function() { return m[k]; } };
7
- }
8
- Object.defineProperty(o, k2, desc);
9
- }) : (function(o, m, k, k2) {
10
- if (k2 === undefined) k2 = k;
11
- o[k2] = m[k];
12
- }));
13
- var __exportStar = (this && this.__exportStar) || function(m, exports) {
14
- for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
15
- };
16
- Object.defineProperty(exports, "__esModule", { value: true });
17
- exports.ValidationError = void 0;
18
1
  // Since we expose zod schemas, let's expose ZodError (under a generic name) so
19
2
  // that dependents can catch schema parsing errors without requiring an explicit
20
3
  // dependency on zod, or risking a conflict in case of mismatching zob versions.
21
- var zod_1 = require("zod");
22
- Object.defineProperty(exports, "ValidationError", { enumerable: true, get: function () { return zod_1.ZodError; } });
23
- __exportStar(require("./alg.js"), exports);
24
- __exportStar(require("./errors.js"), exports);
25
- __exportStar(require("./jwk.js"), exports);
26
- __exportStar(require("./jwks.js"), exports);
27
- __exportStar(require("./jwt-decode.js"), exports);
28
- __exportStar(require("./jwt-verify.js"), exports);
29
- __exportStar(require("./jwt.js"), exports);
30
- __exportStar(require("./key.js"), exports);
31
- __exportStar(require("./keyset.js"), exports);
4
+ export { ZodError as ValidationError } from 'zod';
5
+ export * from './alg.js';
6
+ export * from './errors.js';
7
+ export * from './jwk.js';
8
+ export * from './jwks.js';
9
+ export * from './jwt-decode.js';
10
+ export * from './jwt-verify.js';
11
+ export * from './jwt.js';
12
+ export * from './key.js';
13
+ export * from './keyset.js';
32
14
  //# sourceMappingURL=index.js.map
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,+EAA+E;AAC/E,gFAAgF;AAChF,gFAAgF;AAChF,2BAAiD;AAAxC,sGAAA,QAAQ,OAAmB;AAEpC,2CAAwB;AACxB,8CAA2B;AAC3B,2CAAwB;AACxB,4CAAyB;AACzB,kDAA+B;AAC/B,kDAA+B;AAC/B,2CAAwB;AACxB,2CAAwB;AACxB,8CAA2B"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,+EAA+E;AAC/E,gFAAgF;AAChF,gFAAgF;AAChF,OAAO,EAAE,QAAQ,IAAI,eAAe,EAAE,MAAM,KAAK,CAAA;AAEjD,cAAc,UAAU,CAAA;AACxB,cAAc,aAAa,CAAA;AAC3B,cAAc,UAAU,CAAA;AACxB,cAAc,WAAW,CAAA;AACzB,cAAc,iBAAiB,CAAA;AAC/B,cAAc,iBAAiB,CAAA;AAC/B,cAAc,UAAU,CAAA;AACxB,cAAc,UAAU,CAAA;AACxB,cAAc,aAAa,CAAA","sourcesContent":["// Since we expose zod schemas, let's expose ZodError (under a generic name) so\n// that dependents can catch schema parsing errors without requiring an explicit\n// dependency on zod, or risking a conflict in case of mismatching zob versions.\nexport { ZodError as ValidationError } from 'zod'\n\nexport * from './alg.js'\nexport * from './errors.js'\nexport * from './jwk.js'\nexport * from './jwks.js'\nexport * from './jwt-decode.js'\nexport * from './jwt-verify.js'\nexport * from './jwt.js'\nexport * from './key.js'\nexport * from './keyset.js'\n"]}