@nocobase/plugin-idp-oauth 2.1.0-alpha.10

package/dist/node_modules/jose/dist/types/jwks/remote.d.ts

@@ -0,0 +1,237 @@
+/**
+ * Verification using a JSON Web Key Set (JWKS) available on an HTTP(S) URL
+ *
+ * @module
+ */
+import type * as types from '../types.d.ts';
+/**
+ * When passed to {@link jwks/remote.createRemoteJWKSet createRemoteJWKSet} this allows the resolver
+ * to make use of advanced fetch configurations, HTTP Proxies, retry on network errors, etc.
+ *
+ * > [!NOTE]\
+ * > Known caveat: Expect Type-related issues when passing the inputs through to fetch-like modules,
+ * > they hardly ever get their typings inline with actual fetch, you should `@ts-expect-error` them.
+ *
+ * import ky from 'ky'
+ *
+ * let logRequest!: (request: Request) => void
+ * let logResponse!: (request: Request, response: Response) => void
+ * let logRetry!: (request: Request, error: Error, retryCount: number) => void
+ *
+ * const JWKS = jose.createRemoteJWKSet(url, {
+ *   [jose.customFetch]: (...args) =>
+ *     ky(args[0], {
+ *       ...args[1],
+ *       hooks: {
+ *         beforeRequest: [
+ *           (request) => {
+ *             logRequest(request)
+ *           },
+ *         ],
+ *         beforeRetry: [
+ *           ({ request, error, retryCount }) => {
+ *             logRetry(request, error, retryCount)
+ *           },
+ *         ],
+ *         afterResponse: [
+ *           (request, _, response) => {
+ *             logResponse(request, response)
+ *           },
+ *         ],
+ *       },
+ *     }),
+ * })
+ * ```
+ *
+ * import * as undici from 'undici'
+ *
+ * // see https://undici.nodejs.org/#/docs/api/EnvHttpProxyAgent
+ * let envHttpProxyAgent = new undici.EnvHttpProxyAgent()
+ *
+ * // @ts-ignore
+ * const JWKS = jose.createRemoteJWKSet(url, {
+ *   [jose.customFetch]: (...args) => {
+ *     // @ts-ignore
+ *     return undici.fetch(args[0], { ...args[1], dispatcher: envHttpProxyAgent }) // prettier-ignore
+ *   },
+ * })
+ * ```
+ *
+ * import * as undici from 'undici'
+ *
+ * // see https://undici.nodejs.org/#/docs/api/RetryAgent
+ * let retryAgent = new undici.RetryAgent(new undici.Agent(), {
+ *   statusCodes: [],
+ *   errorCodes: [
+ *     'ECONNRESET',
+ *     'ECONNREFUSED',
+ *     'ENOTFOUND',
+ *     'ENETDOWN',
+ *     'ENETUNREACH',
+ *     'EHOSTDOWN',
+ *     'UND_ERR_SOCKET',
+ *   ],
+ * })
+ *
+ * // @ts-ignore
+ * const JWKS = jose.createRemoteJWKSet(url, {
+ *   [jose.customFetch]: (...args) => {
+ *     // @ts-ignore
+ *     return undici.fetch(args[0], { ...args[1], dispatcher: retryAgent }) // prettier-ignore
+ *   },
+ * })
+ * ```
+ *
+ * import * as undici from 'undici'
+ *
+ * // see https://undici.nodejs.org/#/docs/api/MockAgent
+ * let mockAgent = new undici.MockAgent()
+ * mockAgent.disableNetConnect()
+ *
+ * // @ts-ignore
+ * const JWKS = jose.createRemoteJWKSet(url, {
+ *   [jose.customFetch]: (...args) => {
+ *     // @ts-ignore
+ *     return undici.fetch(args[0], { ...args[1], dispatcher: mockAgent }) // prettier-ignore
+ *   },
+ * })
+ * ```
+ */
+export declare const customFetch: unique symbol;
+/** See {@link customFetch}. */
+export type FetchImplementation = (
+/** URL the request is being made sent to {@link !fetch} as the `resource` argument */
+url: string, 
+/** Options otherwise sent to {@link !fetch} as the `options` argument */
+options: {
+    /** HTTP Headers */
+    headers: Headers;
+    /** The {@link https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods request method} */
+    method: 'GET';
+    /** See {@link !Request.redirect} */
+    redirect: 'manual';
+    signal: AbortSignal;
+}) => Promise<Response>;
+/**
+ * > [!WARNING]\
+ * > This option has security implications that must be understood, assessed for applicability, and
+ * > accepted before use. It is critical that the JSON Web Key Set cache only be writable by your own
+ * > code.
+ *
+ * This option is intended for cloud computing runtimes that cannot keep an in memory cache between
+ * their code's invocations. Use in runtimes where an in memory cache between requests is available
+ * is not desirable.
+ *
+ * When passed to {@link jwks/remote.createRemoteJWKSet createRemoteJWKSet} this allows the passed in
+ * object to:
+ *
+ * - Serve as an initial value for the JSON Web Key Set that the module would otherwise need to
+ *   trigger an HTTP request for
+ * - Have the JSON Web Key Set the function optionally ended up triggering an HTTP request for
+ *   assigned to it as properties
+ *
+ * The intended use pattern is:
+ *
+ * - Before verifying with {@link jwks/remote.createRemoteJWKSet createRemoteJWKSet} you pull the
+ *   previously cached object from a low-latency key-value store offered by the cloud computing
+ *   runtime it is executed on;
+ * - Default to an empty object `{}` instead when there's no previously cached value;
+ * - Pass it in as {@link RemoteJWKSetOptions[jwksCache]};
+ * - Afterwards, update the key-value storage if the {@link ExportedJWKSCache.uat `uat`} property of
+ *   the object has changed.
+ *
+ * // Prerequisites
+ * let url!: URL
+ * let jwt!: string
+ * let getPreviouslyCachedJWKS!: () => Promise<jose.ExportedJWKSCache>
+ * let storeNewJWKScache!: (cache: jose.ExportedJWKSCache) => Promise<void>
+ *
+ * // Load JSON Web Key Set cache
+ * const jwksCache: jose.JWKSCacheInput = (await getPreviouslyCachedJWKS()) || {}
+ * const { uat } = jwksCache
+ *
+ * const JWKS = jose.createRemoteJWKSet(url, {
+ *   [jose.jwksCache]: jwksCache,
+ * })
+ *
+ * // Use JSON Web Key Set cache
+ * await jose.jwtVerify(jwt, JWKS)
+ *
+ * if (uat !== jwksCache.uat) {
+ *   // Update JSON Web Key Set cache
+ *   await storeNewJWKScache(jwksCache)
+ * }
+ * ```
+ */
+export declare const jwksCache: unique symbol;
+/** Options for the remote JSON Web Key Set. */
+export interface RemoteJWKSetOptions {
+    /**
+     * Timeout (in milliseconds) for the HTTP request. When reached the request will be aborted and
+     * the verification will fail. Default is 5000 (5 seconds).
+     */
+    timeoutDuration?: number;
+    /**
+     * Duration (in milliseconds) for which no more HTTP requests will be triggered after a previous
+     * successful fetch. Default is 30000 (30 seconds).
+     */
+    cooldownDuration?: number;
+    /**
+     * Maximum time (in milliseconds) between successful HTTP requests. Default is 600000 (10
+     * minutes).
+     */
+    cacheMaxAge?: number | typeof Infinity;
+    /** Headers to be sent with the HTTP request. */
+    headers?: Record<string, string>;
+    /** See {@link jwksCache}. */
+    [jwksCache]?: JWKSCacheInput;
+    /** See {@link customFetch}. */
+    [customFetch]?: FetchImplementation;
+}
+/** See {@link jwksCache}. */
+export interface ExportedJWKSCache {
+    /** Current cached JSON Web Key Set */
+    jwks: types.JSONWebKeySet;
+    /** Last updated at timestamp (seconds since epoch) */
+    uat: number;
+}
+/** See {@link jwksCache}. */
+export type JWKSCacheInput = ExportedJWKSCache | Record<string, never>;
+/**
+ * Returns a function that resolves a JWS JOSE Header to a public key object downloaded from a
+ * remote endpoint returning a JSON Web Key Set, that is, for example, an OAuth 2.0 or OIDC
+ * jwks_uri. The JSON Web Key Set is fetched when no key matches the selection process but only as
+ * frequently as the `cooldownDuration` option allows to prevent abuse.
+ *
+ * It uses the "alg" (JWS Algorithm) Header Parameter to determine the right JWK "kty" (Key Type),
+ * then proceeds to match the JWK "kid" (Key ID) with one found in the JWS Header Parameters (if
+ * there is one) while also respecting the JWK "use" (Public Key Use) and JWK "key_ops" (Key
+ * Operations) Parameters (if they are present on the JWK).
+ *
+ * Only a single public key must match the selection process. As shown in the example below when
+ * multiple keys get matched it is possible to opt-in to iterate over the matched keys and attempt
+ * verification in an iterative manner.
+ *
+ * > [!NOTE]\
+ * > The function's purpose is to resolve public keys used for verifying signatures and will not work
+ * > for public encryption keys.
+ *
+ * This function is exported (as a named export) from the main `'jose'` module entry point as well
+ * as from its subpath export `'jose/jwks/remote'`.
+ *
+ * @param url URL to fetch the JSON Web Key Set from.
+ * @param options Options for the remote JSON Web Key Set.
+ */
+export declare function createRemoteJWKSet(url: URL, options?: RemoteJWKSetOptions): {
+    (protectedHeader?: types.JWSHeaderParameters, token?: types.FlattenedJWSInput): Promise<types.CryptoKey>;
+    /** @ignore */
+    coolingDown: boolean;
+    /** @ignore */
+    fresh: boolean;
+    /** @ignore */
+    reloading: boolean;
+    /** @ignore */
+    reload: () => Promise<void>;
+    /** @ignore */
+    jwks: () => types.JSONWebKeySet | undefined;
+};

package/dist/node_modules/jose/dist/types/jws/compact/sign.d.ts

@@ -0,0 +1,36 @@
+/**
+ * Signing JSON Web Signature (JWS) in Compact Serialization
+ *
+ * @module
+ */
+import type * as types from '../../types.d.ts';
+/**
+ * The CompactSign class is used to build and sign Compact JWS strings.
+ *
+ * This class is exported (as a named export) from the main `'jose'` module entry point as well as
+ * from its subpath export `'jose/jws/compact/sign'`.
+ *
+ */
+export declare class CompactSign {
+    #private;
+    /**
+     * {@link CompactSign} constructor
+     *
+     * @param payload Binary representation of the payload to sign.
+     */
+    constructor(payload: Uint8Array);
+    /**
+     * Sets the JWS Protected Header on the CompactSign object.
+     *
+     * @param protectedHeader JWS Protected Header.
+     */
+    setProtectedHeader(protectedHeader: types.CompactJWSHeaderParameters): this;
+    /**
+     * Signs and resolves the value of the Compact JWS string.
+     *
+     * @param key Private Key or Secret to sign the JWS with. See
+     *   {@link https://github.com/panva/jose/issues/210#jws-alg Algorithm Key Requirements}.
+     * @param options JWS Sign options.
+     */
+    sign(key: types.CryptoKey | types.KeyObject | types.JWK | Uint8Array, options?: types.SignOptions): Promise<string>;
+}

package/dist/node_modules/jose/dist/types/jws/compact/verify.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Verifying JSON Web Signature (JWS) in Compact Serialization
+ *
+ * @module
+ */
+import type * as types from '../../types.d.ts';
+/**
+ * Interface for Compact JWS Verification dynamic key resolution. No token components have been
+ * verified at the time of this function call.
+ *
+ * @see {@link jwks/remote.createRemoteJWKSet createRemoteJWKSet} to verify using a remote JSON Web Key Set.
+ */
+export interface CompactVerifyGetKey extends types.GenericGetKeyFunction<types.CompactJWSHeaderParameters, types.FlattenedJWSInput, types.CryptoKey | types.KeyObject | types.JWK | Uint8Array> {
+}
+/**
+ * Verifies the signature and format of and afterwards decodes the Compact JWS.
+ *
+ * This function is exported (as a named export) from the main `'jose'` module entry point as well
+ * as from its subpath export `'jose/jws/compact/verify'`.
+ *
+ * @param jws Compact JWS.
+ * @param key Key to verify the JWS with. See
+ *   {@link https://github.com/panva/jose/issues/210#jws-alg Algorithm Key Requirements}.
+ * @param options JWS Verify options.
+ */
+export declare function compactVerify(jws: string | Uint8Array, key: types.CryptoKey | types.KeyObject | types.JWK | Uint8Array, options?: types.VerifyOptions): Promise<types.CompactVerifyResult>;
+/**
+ * @param jws Compact JWS.
+ * @param getKey Function resolving a key to verify the JWS with. See
+ *   {@link https://github.com/panva/jose/issues/210#jws-alg Algorithm Key Requirements}.
+ * @param options JWS Verify options.
+ */
+export declare function compactVerify(jws: string | Uint8Array, getKey: CompactVerifyGetKey, options?: types.VerifyOptions): Promise<types.CompactVerifyResult & types.ResolvedKey>;

package/dist/node_modules/jose/dist/types/jws/flattened/sign.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Signing JSON Web Signature (JWS) in Flattened JSON Serialization
+ *
+ * @module
+ */
+import type * as types from '../../types.d.ts';
+/**
+ * The FlattenedSign class is used to build and sign Flattened JWS objects.
+ *
+ * This class is exported (as a named export) from the main `'jose'` module entry point as well as
+ * from its subpath export `'jose/jws/flattened/sign'`.
+ *
+ */
+export declare class FlattenedSign {
+    #private;
+    /**
+     * {@link FlattenedSign} constructor
+     *
+     * @param payload Binary representation of the payload to sign.
+     */
+    constructor(payload: Uint8Array);
+    /**
+     * Sets the JWS Protected Header on the FlattenedSign object.
+     *
+     * @param protectedHeader JWS Protected Header.
+     */
+    setProtectedHeader(protectedHeader: types.JWSHeaderParameters): this;
+    /**
+     * Sets the JWS Unprotected Header on the FlattenedSign object.
+     *
+     * @param unprotectedHeader JWS Unprotected Header.
+     */
+    setUnprotectedHeader(unprotectedHeader: types.JWSHeaderParameters): this;
+    /**
+     * Signs and resolves the value of the Flattened JWS object.
+     *
+     * @param key Private Key or Secret to sign the JWS with. See
+     *   {@link https://github.com/panva/jose/issues/210#jws-alg Algorithm Key Requirements}.
+     * @param options JWS Sign options.
+     */
+    sign(key: types.CryptoKey | types.KeyObject | types.JWK | Uint8Array, options?: types.SignOptions): Promise<types.FlattenedJWS>;
+}

package/dist/node_modules/jose/dist/types/jws/flattened/verify.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Verifying JSON Web Signature (JWS) in Flattened JSON Serialization
+ *
+ * @module
+ */
+import type * as types from '../../types.d.ts';
+/**
+ * Interface for Flattened JWS Verification dynamic key resolution. No token components have been
+ * verified at the time of this function call.
+ *
+ * @see {@link jwks/remote.createRemoteJWKSet createRemoteJWKSet} to verify using a remote JSON Web Key Set.
+ */
+export interface FlattenedVerifyGetKey extends types.GenericGetKeyFunction<types.JWSHeaderParameters | undefined, types.FlattenedJWSInput, types.CryptoKey | types.KeyObject | types.JWK | Uint8Array> {
+}
+/**
+ * Verifies the signature and format of and afterwards decodes the Flattened JWS.
+ *
+ * This function is exported (as a named export) from the main `'jose'` module entry point as well
+ * as from its subpath export `'jose/jws/flattened/verify'`.
+ *
+ * @param jws Flattened JWS.
+ * @param key Key to verify the JWS with. See
+ *   {@link https://github.com/panva/jose/issues/210#jws-alg Algorithm Key Requirements}.
+ * @param options JWS Verify options.
+ */
+export declare function flattenedVerify(jws: types.FlattenedJWSInput, key: types.CryptoKey | types.KeyObject | types.JWK | Uint8Array, options?: types.VerifyOptions): Promise<types.FlattenedVerifyResult>;
+/**
+ * @param jws Flattened JWS.
+ * @param getKey Function resolving a key to verify the JWS with. See
+ *   {@link https://github.com/panva/jose/issues/210#jws-alg Algorithm Key Requirements}.
+ * @param options JWS Verify options.
+ */
+export declare function flattenedVerify(jws: types.FlattenedJWSInput, getKey: FlattenedVerifyGetKey, options?: types.VerifyOptions): Promise<types.FlattenedVerifyResult & types.ResolvedKey>;

package/dist/node_modules/jose/dist/types/jws/general/sign.d.ts

@@ -0,0 +1,53 @@
+/**
+ * Signing JSON Web Signature (JWS) in General JSON Serialization
+ *
+ * @module
+ */
+import type * as types from '../../types.d.ts';
+/** Used to build General JWS object's individual signatures. */
+export interface Signature {
+    /**
+     * Sets the JWS Protected Header on the Signature object.
+     *
+     * @param protectedHeader JWS Protected Header.
+     */
+    setProtectedHeader(protectedHeader: types.JWSHeaderParameters): Signature;
+    /**
+     * Sets the JWS Unprotected Header on the Signature object.
+     *
+     * @param unprotectedHeader JWS Unprotected Header.
+     */
+    setUnprotectedHeader(unprotectedHeader: types.JWSHeaderParameters): Signature;
+    /** A shorthand for calling addSignature() on the enclosing {@link GeneralSign} instance */
+    addSignature(...args: Parameters<GeneralSign['addSignature']>): Signature;
+    /** A shorthand for calling encrypt() on the enclosing {@link GeneralSign} instance */
+    sign(...args: Parameters<GeneralSign['sign']>): Promise<types.GeneralJWS>;
+    /** Returns the enclosing {@link GeneralSign} instance */
+    done(): GeneralSign;
+}
+/**
+ * The GeneralSign class is used to build and sign General JWS objects.
+ *
+ * This class is exported (as a named export) from the main `'jose'` module entry point as well as
+ * from its subpath export `'jose/jws/general/sign'`.
+ *
+ */
+export declare class GeneralSign {
+    #private;
+    /**
+     * {@link GeneralSign} constructor
+     *
+     * @param payload Binary representation of the payload to sign.
+     */
+    constructor(payload: Uint8Array);
+    /**
+     * Adds an additional signature for the General JWS object.
+     *
+     * @param key Private Key or Secret to sign the individual JWS signature with. See
+     *   {@link https://github.com/panva/jose/issues/210#jws-alg Algorithm Key Requirements}.
+     * @param options JWS Sign options.
+     */
+    addSignature(key: types.CryptoKey | types.KeyObject | types.JWK | Uint8Array, options?: types.SignOptions): Signature;
+    /** Signs and resolves the value of the General JWS object. */
+    sign(): Promise<types.GeneralJWS>;
+}

package/dist/node_modules/jose/dist/types/jws/general/verify.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Verifying JSON Web Signature (JWS) in General JSON Serialization
+ *
+ * @module
+ */
+import type * as types from '../../types.d.ts';
+/**
+ * Interface for General JWS Verification dynamic key resolution. No token components have been
+ * verified at the time of this function call.
+ *
+ * @see {@link jwks/remote.createRemoteJWKSet createRemoteJWKSet} to verify using a remote JSON Web Key Set.
+ */
+export interface GeneralVerifyGetKey extends types.GenericGetKeyFunction<types.JWSHeaderParameters, types.FlattenedJWSInput, types.CryptoKey | types.KeyObject | types.JWK | Uint8Array> {
+}
+/**
+ * Verifies the signature and format of and afterwards decodes the General JWS.
+ *
+ * This function is exported (as a named export) from the main `'jose'` module entry point as well
+ * as from its subpath export `'jose/jws/general/verify'`.
+ *
+ * > [!NOTE]\
+ * > The function iterates over the `signatures` array in the General JWS and returns the verification
+ * > result of the first signature entry that can be successfully verified. The result only contains
+ * > the payload, protected header, and unprotected header of that successfully verified signature
+ * > entry. Other signature entries in the General JWS are not validated, and their headers are not
+ * > included in the returned result. Recipients of a General JWS should only rely on the returned
+ * > (verified) data.
+ *
+ * @param jws General JWS.
+ * @param key Key to verify the JWS with. See
+ *   {@link https://github.com/panva/jose/issues/210#jws-alg Algorithm Key Requirements}.
+ * @param options JWS Verify options.
+ */
+export declare function generalVerify(jws: types.GeneralJWSInput, key: types.CryptoKey | types.KeyObject | types.JWK | Uint8Array, options?: types.VerifyOptions): Promise<types.GeneralVerifyResult>;
+/**
+ * @param jws General JWS.
+ * @param getKey Function resolving a key to verify the JWS with. See
+ *   {@link https://github.com/panva/jose/issues/210#jws-alg Algorithm Key Requirements}.
+ * @param options JWS Verify options.
+ */
+export declare function generalVerify(jws: types.GeneralJWSInput, getKey: GeneralVerifyGetKey, options?: types.VerifyOptions): Promise<types.GeneralVerifyResult & types.ResolvedKey>;

package/dist/node_modules/jose/dist/types/jwt/decrypt.d.ts

@@ -0,0 +1,35 @@
+/**
+ * JSON Web Token (JWT) Decryption (JWT is in JWE format)
+ *
+ * @module
+ */
+import type * as types from '../types.d.ts';
+/** Combination of JWE Decryption options and JWT Claims Set verification options. */
+export interface JWTDecryptOptions extends types.DecryptOptions, types.JWTClaimVerificationOptions {
+}
+/**
+ * Interface for JWT Decryption dynamic key resolution. No token components have been verified at
+ * the time of this function call.
+ */
+export interface JWTDecryptGetKey extends types.GetKeyFunction<types.CompactJWEHeaderParameters, types.FlattenedJWE> {
+}
+/**
+ * Verifies the JWT format (to be a JWE Compact format), decrypts the ciphertext, validates the JWT
+ * Claims Set.
+ *
+ * This function is exported (as a named export) from the main `'jose'` module entry point as well
+ * as from its subpath export `'jose/jwt/decrypt'`.
+ *
+ * @param jwt JSON Web Token value (encoded as JWE).
+ * @param key Private Key or Secret to decrypt and verify the JWT with. See
+ *   {@link https://github.com/panva/jose/issues/210#jwe-alg Algorithm Key Requirements}.
+ * @param options JWT Decryption and JWT Claims Set validation options.
+ */
+export declare function jwtDecrypt<PayloadType = types.JWTPayload>(jwt: string | Uint8Array, key: types.CryptoKey | types.KeyObject | types.JWK | Uint8Array, options?: JWTDecryptOptions): Promise<types.JWTDecryptResult<PayloadType>>;
+/**
+ * @param jwt JSON Web Token value (encoded as JWE).
+ * @param getKey Function resolving Private Key or Secret to decrypt and verify the JWT with. See
+ *   {@link https://github.com/panva/jose/issues/210#jwe-alg Algorithm Key Requirements}.
+ * @param options JWT Decryption and JWT Claims Set validation options.
+ */
+export declare function jwtDecrypt<PayloadType = types.JWTPayload>(jwt: string | Uint8Array, getKey: JWTDecryptGetKey, options?: JWTDecryptOptions): Promise<types.JWTDecryptResult<PayloadType> & types.ResolvedKey>;

package/dist/node_modules/jose/dist/types/jwt/encrypt.d.ts

@@ -0,0 +1,91 @@
+/**
+ * JSON Web Token (JWT) Encryption (JWT is in JWE format)
+ *
+ * @module
+ */
+import type * as types from '../types.d.ts';
+/**
+ * The EncryptJWT class is used to build and encrypt Compact JWE formatted JSON Web Tokens.
+ *
+ * This class is exported (as a named export) from the main `'jose'` module entry point as well as
+ * from its subpath export `'jose/jwt/encrypt'`.
+ *
+ */
+export declare class EncryptJWT implements types.ProduceJWT {
+    #private;
+    /**
+     * {@link EncryptJWT} constructor
+     *
+     * @param payload The JWT Claims Set object. Defaults to an empty object.
+     */
+    constructor(payload?: types.JWTPayload);
+    setIssuer(issuer: string): this;
+    setSubject(subject: string): this;
+    setAudience(audience: string | string[]): this;
+    setJti(jwtId: string): this;
+    setNotBefore(input: number | string | Date): this;
+    setExpirationTime(input: number | string | Date): this;
+    setIssuedAt(input?: number | string | Date): this;
+    /**
+     * Sets the JWE Protected Header on the EncryptJWT object.
+     *
+     * @param protectedHeader JWE Protected Header. Must contain an "alg" (JWE Algorithm) and "enc"
+     *   (JWE Encryption Algorithm) properties.
+     */
+    setProtectedHeader(protectedHeader: types.CompactJWEHeaderParameters): this;
+    /**
+     * Sets the JWE Key Management parameters to be used when encrypting.
+     *
+     * (ECDH-ES) Use of this method is needed for ECDH based algorithms to set the "apu" (Agreement
+     * PartyUInfo) or "apv" (Agreement PartyVInfo) parameters.
+     *
+     * @param parameters JWE Key Management parameters.
+     */
+    setKeyManagementParameters(parameters: types.JWEKeyManagementHeaderParameters): this;
+    /**
+     * Sets a content encryption key to use, by default a random suitable one is generated for the JWE
+     * enc" (Encryption Algorithm) Header Parameter.
+     *
+     * @deprecated You should not use this method. It is only really intended for test and vector
+     *   validation purposes.
+     *
+     * @param cek JWE Content Encryption Key.
+     */
+    setContentEncryptionKey(cek: Uint8Array): this;
+    /**
+     * Sets the JWE Initialization Vector to use for content encryption, by default a random suitable
+     * one is generated for the JWE enc" (Encryption Algorithm) Header Parameter.
+     *
+     * @deprecated You should not use this method. It is only really intended for test and vector
+     *   validation purposes.
+     *
+     * @param iv JWE Initialization Vector.
+     */
+    setInitializationVector(iv: Uint8Array): this;
+    /**
+     * Replicates the "iss" (Issuer) Claim as a JWE Protected Header Parameter.
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-5.3 RFC7519#section-5.3}
+     */
+    replicateIssuerAsHeader(): this;
+    /**
+     * Replicates the "sub" (Subject) Claim as a JWE Protected Header Parameter.
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-5.3 RFC7519#section-5.3}
+     */
+    replicateSubjectAsHeader(): this;
+    /**
+     * Replicates the "aud" (Audience) Claim as a JWE Protected Header Parameter.
+     *
+     * @see {@link https://www.rfc-editor.org/rfc/rfc7519#section-5.3 RFC7519#section-5.3}
+     */
+    replicateAudienceAsHeader(): this;
+    /**
+     * Encrypts and returns the JWT.
+     *
+     * @param key Public Key or Secret to encrypt the JWT with. See
+     *   {@link https://github.com/panva/jose/issues/210#jwe-alg Algorithm Key Requirements}.
+     * @param options JWE Encryption options.
+     */
+    encrypt(key: types.CryptoKey | types.KeyObject | types.JWK | Uint8Array, options?: types.EncryptOptions): Promise<string>;
+}

package/dist/node_modules/jose/dist/types/jwt/sign.d.ts

@@ -0,0 +1,43 @@
+/**
+ * JSON Web Token (JWT) Signing (JWT is in JWS format)
+ *
+ * @module
+ */
+import type * as types from '../types.d.ts';
+/**
+ * The SignJWT class is used to build and sign Compact JWS formatted JSON Web Tokens.
+ *
+ * This class is exported (as a named export) from the main `'jose'` module entry point as well as
+ * from its subpath export `'jose/jwt/sign'`.
+ *
+ */
+export declare class SignJWT implements types.ProduceJWT {
+    #private;
+    /**
+     * {@link SignJWT} constructor
+     *
+     * @param payload The JWT Claims Set object. Defaults to an empty object.
+     */
+    constructor(payload?: types.JWTPayload);
+    setIssuer(issuer: string): this;
+    setSubject(subject: string): this;
+    setAudience(audience: string | string[]): this;
+    setJti(jwtId: string): this;
+    setNotBefore(input: number | string | Date): this;
+    setExpirationTime(input: number | string | Date): this;
+    setIssuedAt(input?: number | string | Date): this;
+    /**
+     * Sets the JWS Protected Header on the SignJWT object.
+     *
+     * @param protectedHeader JWS Protected Header. Must contain an "alg" (JWS Algorithm) property.
+     */
+    setProtectedHeader(protectedHeader: types.JWTHeaderParameters): this;
+    /**
+     * Signs and returns the JWT.
+     *
+     * @param key Private Key or Secret to sign the JWT with. See
+     *   {@link https://github.com/panva/jose/issues/210#jws-alg Algorithm Key Requirements}.
+     * @param options JWT Sign options.
+     */
+    sign(key: types.CryptoKey | types.KeyObject | types.JWK | Uint8Array, options?: types.SignOptions): Promise<string>;
+}