@logto/client 2.2.4 → 2.3.0

package/lib/errors.cjs

@@ -1,11 +1,14 @@
 'use strict';
 
+var js = require('@logto/js');
+
 const logtoClientErrorCodes = Object.freeze({
     'sign_in_session.invalid': 'Invalid sign-in session.',
     'sign_in_session.not_found': 'Sign-in session not found.',
     not_authenticated: 'Not authenticated.',
     fetch_user_info_failed: 'Unable to fetch user info. The access token may be invalid.',
     user_cancelled: 'The user cancelled the action.',
+    missing_scope_organizations: `The \`${js.UserScope.Organizations}\` scope is required`,
 });
 class LogtoClientError extends Error {
     constructor(code, data) {

package/lib/errors.d.ts

@@ -4,6 +4,7 @@ declare const logtoClientErrorCodes: Readonly<{
     not_authenticated: "Not authenticated.";
     fetch_user_info_failed: "Unable to fetch user info. The access token may be invalid.";
     user_cancelled: "The user cancelled the action.";
+    missing_scope_organizations: "The `urn:logto:scope:organizations` scope is required";
 }>;
 export type LogtoClientErrorCode = keyof typeof logtoClientErrorCodes;
 export declare class LogtoClientError extends Error {

package/lib/errors.js

@@ -1,9 +1,12 @@
+import { UserScope } from '@logto/js';
+
 const logtoClientErrorCodes = Object.freeze({
     'sign_in_session.invalid': 'Invalid sign-in session.',
     'sign_in_session.not_found': 'Sign-in session not found.',
     not_authenticated: 'Not authenticated.',
     fetch_user_info_failed: 'Unable to fetch user info. The access token may be invalid.',
     user_cancelled: 'The user cancelled the action.',
+    missing_scope_organizations: `The \`${UserScope.Organizations}\` scope is required`,
 });
 class LogtoClientError extends Error {
     constructor(code, data) {

package/lib/index.cjs

@@ -14,6 +14,7 @@ var once = require('./utils/once.cjs');
 var types = require('./adapter/types.cjs');
 var requester = require('./utils/requester.cjs');
 
+/* eslint-disable max-lines */
 /**
  * The Logto base client class that provides the essential methods for
  * interacting with the Logto server.
@@ -25,7 +26,7 @@ class LogtoClient {
     constructor(logtoConfig, adapter) {
         this.getOidcConfig = memoize.memoize(this.#getOidcConfig);
         /**
-         * Get the access token from the storage.
+         * Get the access token from the storage with refresh strategy.
          *
          * - If the access token has expired, it will try to fetch a new one using the Refresh Token.
          * - If there's an ongoing Promise to fetch the access token, it will return the Promise.
@@ -39,13 +40,22 @@ class LogtoClient {
          * @throws LogtoClientError if the user is not authenticated.
          */
         this.getAccessToken = memoize.memoize(this.#getAccessToken);
+        /**
+         * Get the access token for the specified organization from the storage with refresh strategy.
+         *
+         * Scope {@link UserScope.Organizations} is required in the config to use organization-related
+         * methods.
+         *
+         * @param organizationId The ID of the organization that the access token is granted for.
+         * @returns The access token string.
+         * @throws LogtoClientError if the user is not authenticated.
+         * @remarks
+         * It uses the same refresh strategy as {@link getAccessToken}.
+         */
+        this.getOrganizationToken = memoize.memoize(this.#getOrganizationToken);
         this.getJwtVerifyGetKey = once.once(this.#getJwtVerifyGetKey);
         this.accessTokenMap = new Map();
-        this.logtoConfig = {
-            ...logtoConfig,
-            prompt: logtoConfig.prompt ?? js.Prompt.Consent,
-            scopes: js.withDefaultScopes(logtoConfig.scopes).split(' '),
-        };
+        this.logtoConfig = index.normalizeLogtoConfig(logtoConfig);
         this.adapter = new index$1.ClientAdapterInstance(adapter);
         void this.loadAccessTokenMap();
     }
@@ -89,6 +99,15 @@ class LogtoClient {
         const accessToken = await this.getAccessToken(resource);
         return js.decodeAccessToken(accessToken);
     }
+    /**
+     * Get the organization token claims for the specified organization.
+     *
+     * @param organizationId The ID of the organization that the access token is granted for.
+     */
+    async getOrganizationTokenClaims(organizationId) {
+        const accessToken = await this.getOrganizationToken(organizationId);
+        return js.decodeAccessToken(accessToken);
+    }
     /**
      * Get the user information from the Userinfo Endpoint.
      *
@@ -263,12 +282,12 @@ class LogtoClient {
     async setRefreshToken(value) {
         return this.adapter.setStorageItem(types.PersistKey.RefreshToken, value);
     }
-    async getAccessTokenByRefreshToken(resource) {
+    async getAccessTokenByRefreshToken(resource, organizationId) {
         const currentRefreshToken = await this.getRefreshToken();
         if (!currentRefreshToken) {
             throw new errors.LogtoClientError('not_authenticated');
         }
-        const accessTokenKey = index$2.buildAccessTokenKey(resource);
+        const accessTokenKey = index$2.buildAccessTokenKey(resource, organizationId);
         const { appId: clientId } = this.logtoConfig;
         const { tokenEndpoint } = await this.getOidcConfig();
         const requestedAt = Math.round(Date.now() / 1000);
@@ -277,6 +296,7 @@ class LogtoClient {
             tokenEndpoint,
             refreshToken: currentRefreshToken,
             resource,
+            organizationId,
         }, this.adapter.requester);
         this.accessTokenMap.set(accessTokenKey, {
             token: accessToken,
@@ -343,11 +363,11 @@ class LogtoClient {
         const cachedJwkSet = new remoteJwkSet.CachedRemoteJwkSet(new URL(jwksUri), this.adapter);
         return async (...args) => cachedJwkSet.getKey(...args);
     }
-    async #getAccessToken(resource) {
-        if (!(await this.getIdToken())) {
+    async #getAccessToken(resource, organizationId) {
+        if (!(await this.isAuthenticated())) {
             throw new errors.LogtoClientError('not_authenticated');
         }
-        const accessTokenKey = index$2.buildAccessTokenKey(resource);
+        const accessTokenKey = index$2.buildAccessTokenKey(resource, organizationId);
         const accessToken = this.accessTokenMap.get(accessTokenKey);
         if (accessToken && accessToken.expiresAt > Date.now() / 1000) {
             return accessToken.token;
@@ -359,9 +379,16 @@ class LogtoClient {
         /**
          * Need to fetch a new access token using refresh token.
          */
-        return this.getAccessTokenByRefreshToken(resource);
+        return this.getAccessTokenByRefreshToken(resource, organizationId);
+    }
+    async #getOrganizationToken(organizationId) {
+        if (!this.logtoConfig.scopes?.includes(js.UserScope.Organizations)) {
+            throw new errors.LogtoClientError('missing_scope_organizations');
+        }
+        return this.#getAccessToken(undefined, organizationId);
     }
 }
+/* eslint-enable max-lines */
 
 Object.defineProperty(exports, 'LogtoError', {
     enumerable: true,
@@ -379,6 +406,10 @@ Object.defineProperty(exports, 'Prompt', {
     enumerable: true,
     get: function () { return js.Prompt; }
 });
+Object.defineProperty(exports, 'ReservedResource', {
+    enumerable: true,
+    get: function () { return js.ReservedResource; }
+});
 Object.defineProperty(exports, 'ReservedScope', {
     enumerable: true,
     get: function () { return js.ReservedScope; }
@@ -387,9 +418,22 @@ Object.defineProperty(exports, 'UserScope', {
     enumerable: true,
     get: function () { return js.UserScope; }
 });
+Object.defineProperty(exports, 'buildOrganizationUrn', {
+    enumerable: true,
+    get: function () { return js.buildOrganizationUrn; }
+});
+Object.defineProperty(exports, 'getOrganizationIdFromUrn', {
+    enumerable: true,
+    get: function () { return js.getOrganizationIdFromUrn; }
+});
+Object.defineProperty(exports, 'organizationUrnPrefix', {
+    enumerable: true,
+    get: function () { return js.organizationUrnPrefix; }
+});
 exports.LogtoClientError = errors.LogtoClientError;
 exports.isLogtoAccessTokenMap = index.isLogtoAccessTokenMap;
 exports.isLogtoSignInSessionItem = index.isLogtoSignInSessionItem;
+exports.normalizeLogtoConfig = index.normalizeLogtoConfig;
 Object.defineProperty(exports, 'CacheKey', {
     enumerable: true,
     get: function () { return types.CacheKey; }

package/lib/index.d.ts

@@ -4,7 +4,7 @@ import { type JWTVerifyGetKey } from 'jose';
 import { ClientAdapterInstance, type ClientAdapter } from './adapter/index.js';
 import type { AccessToken, LogtoConfig, LogtoSignInSessionItem } from './types/index.js';
 export type { IdTokenClaims, LogtoErrorCode, UserInfoResponse, InteractionMode } from '@logto/js';
-export { LogtoError, LogtoRequestError, OidcError, Prompt, ReservedScope, UserScope, } from '@logto/js';
+export { LogtoError, LogtoRequestError, OidcError, Prompt, ReservedScope, ReservedResource, UserScope, organizationUrnPrefix, buildOrganizationUrn, getOrganizationIdFromUrn, } from '@logto/js';
 export * from './errors.js';
 export type { Storage, StorageKey, ClientAdapter } from './adapter/index.js';
 export { PersistKey, CacheKey } from './adapter/index.js';
@@ -30,7 +30,7 @@ export default class LogtoClient {
         issuer: string;
     }>>;
     /**
-     * Get the access token from the storage.
+     * Get the access token from the storage with refresh strategy.
      *
      * - If the access token has expired, it will try to fetch a new one using the Refresh Token.
      * - If there's an ongoing Promise to fetch the access token, it will return the Promise.
@@ -43,7 +43,20 @@ export default class LogtoClient {
      * @returns The access token string.
      * @throws LogtoClientError if the user is not authenticated.
      */
-    readonly getAccessToken: (this: unknown, resource?: string | undefined) => Promise<string>;
+    readonly getAccessToken: (this: unknown, resource?: string | undefined, organizationId?: string | undefined) => Promise<string>;
+    /**
+     * Get the access token for the specified organization from the storage with refresh strategy.
+     *
+     * Scope {@link UserScope.Organizations} is required in the config to use organization-related
+     * methods.
+     *
+     * @param organizationId The ID of the organization that the access token is granted for.
+     * @returns The access token string.
+     * @throws LogtoClientError if the user is not authenticated.
+     * @remarks
+     * It uses the same refresh strategy as {@link getAccessToken}.
+     */
+    readonly getOrganizationToken: (this: unknown, organizationId: string) => Promise<string>;
     protected readonly getJwtVerifyGetKey: (...args: unknown[]) => Promise<JWTVerifyGetKey>;
     protected readonly adapter: ClientAdapterInstance;
     protected readonly accessTokenMap: Map<string, AccessToken>;
@@ -73,6 +86,12 @@ export default class LogtoClient {
      * resource, as specified in the Logto Console.
      */
     getAccessTokenClaims(resource?: string): Promise<AccessTokenClaims>;
+    /**
+     * Get the organization token claims for the specified organization.
+     *
+     * @param organizationId The ID of the organization that the access token is granted for.
+     */
+    getOrganizationTokenClaims(organizationId: string): Promise<AccessTokenClaims>;
     /**
      * Get the user information from the Userinfo Endpoint.
      *

package/lib/index.js

@@ -1,16 +1,17 @@
-import { Prompt, withDefaultScopes, decodeIdToken, decodeAccessToken, fetchUserInfo, generateSignInUri, verifyAndParseCodeFromCallbackUri, fetchTokenByAuthorizationCode, revoke, generateSignOutUri, fetchTokenByRefreshToken, verifyIdToken, fetchOidcConfig } from '@logto/js';
-export { LogtoError, LogtoRequestError, OidcError, Prompt, ReservedScope, UserScope } from '@logto/js';
+import { decodeIdToken, decodeAccessToken, fetchUserInfo, generateSignInUri, verifyAndParseCodeFromCallbackUri, fetchTokenByAuthorizationCode, revoke, generateSignOutUri, fetchTokenByRefreshToken, verifyIdToken, fetchOidcConfig, UserScope } from '@logto/js';
+export { LogtoError, LogtoRequestError, OidcError, Prompt, ReservedResource, ReservedScope, UserScope, buildOrganizationUrn, getOrganizationIdFromUrn, organizationUrnPrefix } from '@logto/js';
 import { createRemoteJWKSet } from 'jose';
 import { ClientAdapterInstance } from './adapter/index.js';
 import { LogtoClientError } from './errors.js';
 import { CachedRemoteJwkSet } from './remote-jwk-set.js';
-import { isLogtoSignInSessionItem, isLogtoAccessTokenMap } from './types/index.js';
+import { normalizeLogtoConfig, isLogtoSignInSessionItem, isLogtoAccessTokenMap } from './types/index.js';
 import { buildAccessTokenKey, getDiscoveryEndpoint } from './utils/index.js';
 import { memoize } from './utils/memoize.js';
 import { once } from './utils/once.js';
 import { PersistKey, CacheKey } from './adapter/types.js';
 export { createRequester } from './utils/requester.js';
 
+/* eslint-disable max-lines */
 /**
  * The Logto base client class that provides the essential methods for
  * interacting with the Logto server.
@@ -22,7 +23,7 @@ class LogtoClient {
     constructor(logtoConfig, adapter) {
         this.getOidcConfig = memoize(this.#getOidcConfig);
         /**
-         * Get the access token from the storage.
+         * Get the access token from the storage with refresh strategy.
          *
          * - If the access token has expired, it will try to fetch a new one using the Refresh Token.
          * - If there's an ongoing Promise to fetch the access token, it will return the Promise.
@@ -36,13 +37,22 @@ class LogtoClient {
          * @throws LogtoClientError if the user is not authenticated.
          */
         this.getAccessToken = memoize(this.#getAccessToken);
+        /**
+         * Get the access token for the specified organization from the storage with refresh strategy.
+         *
+         * Scope {@link UserScope.Organizations} is required in the config to use organization-related
+         * methods.
+         *
+         * @param organizationId The ID of the organization that the access token is granted for.
+         * @returns The access token string.
+         * @throws LogtoClientError if the user is not authenticated.
+         * @remarks
+         * It uses the same refresh strategy as {@link getAccessToken}.
+         */
+        this.getOrganizationToken = memoize(this.#getOrganizationToken);
         this.getJwtVerifyGetKey = once(this.#getJwtVerifyGetKey);
         this.accessTokenMap = new Map();
-        this.logtoConfig = {
-            ...logtoConfig,
-            prompt: logtoConfig.prompt ?? Prompt.Consent,
-            scopes: withDefaultScopes(logtoConfig.scopes).split(' '),
-        };
+        this.logtoConfig = normalizeLogtoConfig(logtoConfig);
         this.adapter = new ClientAdapterInstance(adapter);
         void this.loadAccessTokenMap();
     }
@@ -86,6 +96,15 @@ class LogtoClient {
         const accessToken = await this.getAccessToken(resource);
         return decodeAccessToken(accessToken);
     }
+    /**
+     * Get the organization token claims for the specified organization.
+     *
+     * @param organizationId The ID of the organization that the access token is granted for.
+     */
+    async getOrganizationTokenClaims(organizationId) {
+        const accessToken = await this.getOrganizationToken(organizationId);
+        return decodeAccessToken(accessToken);
+    }
     /**
      * Get the user information from the Userinfo Endpoint.
      *
@@ -260,12 +279,12 @@ class LogtoClient {
     async setRefreshToken(value) {
         return this.adapter.setStorageItem(PersistKey.RefreshToken, value);
     }
-    async getAccessTokenByRefreshToken(resource) {
+    async getAccessTokenByRefreshToken(resource, organizationId) {
         const currentRefreshToken = await this.getRefreshToken();
         if (!currentRefreshToken) {
             throw new LogtoClientError('not_authenticated');
         }
-        const accessTokenKey = buildAccessTokenKey(resource);
+        const accessTokenKey = buildAccessTokenKey(resource, organizationId);
         const { appId: clientId } = this.logtoConfig;
         const { tokenEndpoint } = await this.getOidcConfig();
         const requestedAt = Math.round(Date.now() / 1000);
@@ -274,6 +293,7 @@ class LogtoClient {
             tokenEndpoint,
             refreshToken: currentRefreshToken,
             resource,
+            organizationId,
         }, this.adapter.requester);
         this.accessTokenMap.set(accessTokenKey, {
             token: accessToken,
@@ -340,11 +360,11 @@ class LogtoClient {
         const cachedJwkSet = new CachedRemoteJwkSet(new URL(jwksUri), this.adapter);
         return async (...args) => cachedJwkSet.getKey(...args);
     }
-    async #getAccessToken(resource) {
-        if (!(await this.getIdToken())) {
+    async #getAccessToken(resource, organizationId) {
+        if (!(await this.isAuthenticated())) {
             throw new LogtoClientError('not_authenticated');
         }
-        const accessTokenKey = buildAccessTokenKey(resource);
+        const accessTokenKey = buildAccessTokenKey(resource, organizationId);
         const accessToken = this.accessTokenMap.get(accessTokenKey);
         if (accessToken && accessToken.expiresAt > Date.now() / 1000) {
             return accessToken.token;
@@ -356,8 +376,15 @@ class LogtoClient {
         /**
          * Need to fetch a new access token using refresh token.
          */
-        return this.getAccessTokenByRefreshToken(resource);
+        return this.getAccessTokenByRefreshToken(resource, organizationId);
+    }
+    async #getOrganizationToken(organizationId) {
+        if (!this.logtoConfig.scopes?.includes(UserScope.Organizations)) {
+            throw new LogtoClientError('missing_scope_organizations');
+        }
+        return this.#getAccessToken(undefined, organizationId);
     }
 }
+/* eslint-enable max-lines */
 
-export { CacheKey, LogtoClientError, PersistKey, LogtoClient as default, isLogtoAccessTokenMap, isLogtoSignInSessionItem };
+export { CacheKey, LogtoClientError, PersistKey, LogtoClient as default, isLogtoAccessTokenMap, isLogtoSignInSessionItem, normalizeLogtoConfig };

package/lib/mock.d.ts

@@ -66,7 +66,7 @@ export declare const createAdapters: (withCache?: boolean) => {
     generateCodeVerifier: jest.Mock<string, [], any>;
     generateState: jest.Mock<string, [], any>;
 };
-export declare const createClient: (prompt?: Prompt, storage?: MockedStorage, withCache?: boolean) => LogtoClientWithAccessors;
+export declare const createClient: (prompt?: Prompt, storage?: MockedStorage, withCache?: boolean, scopes?: string[]) => LogtoClientWithAccessors;
 /**
  * Make protected fields accessible for test
  */

package/lib/types/index.cjs

@@ -1,7 +1,28 @@
 'use strict';
 
 var js = require('@logto/js');
+var essentials = require('@silverhand/essentials');
 
+/**
+ * Normalize the Logto client configuration per the following rules:
+ *
+ * - Add default scopes (`openid`, `offline_access` and `profile`) if not provided.
+ * - Add {@link ReservedResource.Organization} to resources if {@link UserScope.Organizations} is included in scopes.
+ *
+ * @param config The Logto client configuration to be normalized.
+ * @returns The normalized Logto client configuration.
+ */
+const normalizeLogtoConfig = (config) => {
+    const { prompt = js.Prompt.Consent, scopes = [], resources, ...rest } = config;
+    return {
+        ...rest,
+        prompt,
+        scopes: js.withDefaultScopes(scopes).split(' '),
+        resources: scopes.includes(js.UserScope.Organizations)
+            ? essentials.deduplicate([...(resources ?? []), js.ReservedResource.Organization])
+            : resources,
+    };
+};
 const isLogtoSignInSessionItem = (data) => {
     if (!js.isArbitraryObject(data)) {
         return false;
@@ -24,3 +45,4 @@ const isLogtoAccessTokenMap = (data) => {
 
 exports.isLogtoAccessTokenMap = isLogtoAccessTokenMap;
 exports.isLogtoSignInSessionItem = isLogtoSignInSessionItem;
+exports.normalizeLogtoConfig = normalizeLogtoConfig;

package/lib/types/index.d.ts

@@ -1,4 +1,4 @@
-import type { Prompt } from '@logto/js';
+import { Prompt } from '@logto/js';
 /** The configuration object for the Logto client. */
 export type LogtoConfig = {
     /**
@@ -40,6 +40,16 @@ export type LogtoConfig = {
      */
     prompt?: Prompt;
 };
+/**
+ * Normalize the Logto client configuration per the following rules:
+ *
+ * - Add default scopes (`openid`, `offline_access` and `profile`) if not provided.
+ * - Add {@link ReservedResource.Organization} to resources if {@link UserScope.Organizations} is included in scopes.
+ *
+ * @param config The Logto client configuration to be normalized.
+ * @returns The normalized Logto client configuration.
+ */
+export declare const normalizeLogtoConfig: (config: LogtoConfig) => LogtoConfig;
 export type AccessToken = {
     /** The access token string. */
     token: string;

package/lib/types/index.js

@@ -1,5 +1,26 @@
-import { isArbitraryObject } from '@logto/js';
+import { Prompt, withDefaultScopes, UserScope, ReservedResource, isArbitraryObject } from '@logto/js';
+import { deduplicate } from '@silverhand/essentials';
 
+/**
+ * Normalize the Logto client configuration per the following rules:
+ *
+ * - Add default scopes (`openid`, `offline_access` and `profile`) if not provided.
+ * - Add {@link ReservedResource.Organization} to resources if {@link UserScope.Organizations} is included in scopes.
+ *
+ * @param config The Logto client configuration to be normalized.
+ * @returns The normalized Logto client configuration.
+ */
+const normalizeLogtoConfig = (config) => {
+    const { prompt = Prompt.Consent, scopes = [], resources, ...rest } = config;
+    return {
+        ...rest,
+        prompt,
+        scopes: withDefaultScopes(scopes).split(' '),
+        resources: scopes.includes(UserScope.Organizations)
+            ? deduplicate([...(resources ?? []), ReservedResource.Organization])
+            : resources,
+    };
+};
 const isLogtoSignInSessionItem = (data) => {
     if (!isArbitraryObject(data)) {
         return false;
@@ -20,4 +41,4 @@ const isLogtoAccessTokenMap = (data) => {
     });
 };
 
-export { isLogtoAccessTokenMap, isLogtoSignInSessionItem };
+export { isLogtoAccessTokenMap, isLogtoSignInSessionItem, normalizeLogtoConfig };

package/lib/types/index.test.d.ts

@@ -0,0 +1 @@
+export {};

package/lib/utils/index.cjs

@@ -1,8 +1,9 @@
 'use strict';
 
 var js = require('@logto/js');
+var essentials = require('@silverhand/essentials');
 
-const buildAccessTokenKey = (resource = '', scopes = []) => `${scopes.slice().sort().join(' ')}@${resource}`;
+const buildAccessTokenKey = (resource = '', organizationId, scopes = []) => `${scopes.slice().sort().join(' ')}@${resource}${essentials.conditionalString(organizationId && `#${organizationId}`)}`;
 const getDiscoveryEndpoint = (endpoint) => new URL(js.discoveryPath, endpoint).toString();
 
 exports.buildAccessTokenKey = buildAccessTokenKey;

package/lib/utils/index.d.ts

@@ -1,3 +1,3 @@
 export * from './requester.js';
-export declare const buildAccessTokenKey: (resource?: string, scopes?: string[]) => string;
+export declare const buildAccessTokenKey: (resource?: string, organizationId?: string, scopes?: string[]) => string;
 export declare const getDiscoveryEndpoint: (endpoint: string) => string;

package/lib/utils/index.js

@@ -1,6 +1,7 @@
 import { discoveryPath } from '@logto/js';
+import { conditionalString } from '@silverhand/essentials';
 
-const buildAccessTokenKey = (resource = '', scopes = []) => `${scopes.slice().sort().join(' ')}@${resource}`;
+const buildAccessTokenKey = (resource = '', organizationId, scopes = []) => `${scopes.slice().sort().join(' ')}@${resource}${conditionalString(organizationId && `#${organizationId}`)}`;
 const getDiscoveryEndpoint = (endpoint) => new URL(discoveryPath, endpoint).toString();
 
 export { buildAccessTokenKey, getDiscoveryEndpoint };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logto/client",
-  "version": "2.2.4",
+  "version": "2.3.0",
   "type": "module",
   "main": "./lib/index.cjs",
   "module": "./lib/index.js",
@@ -21,10 +21,10 @@
     "directory": "packages/client"
   },
   "dependencies": {
-    "@logto/js": "^2.1.3",
+    "@logto/js": "^3.0.0",
     "@silverhand/essentials": "^2.6.2",
     "camelcase-keys": "^7.0.1",
-    "jose": "^4.13.2"
+    "jose": "^5.0.0"
   },
   "devDependencies": {
     "@silverhand/eslint-config": "^4.0.1",