@payello-module/jwt 0.1.4 → 0.1.6
Sign up to get free protection for your applications and to get access to all the features.
- package/dist/JWT.js +5 -3
- package/dist/JwtExtract.d.ts +2 -0
- package/package.json +1 -1
package/dist/JWT.js
CHANGED
@@ -67,7 +67,9 @@ export class JWT {
|
|
67
67
|
// Returns an object containing the extracted components of the JWT.
|
68
68
|
return {
|
69
69
|
header: header,
|
70
|
+
headerRaw: bits[0],
|
70
71
|
payload: payload,
|
72
|
+
payloadRaw: bits[1],
|
71
73
|
signature: bits[2]
|
72
74
|
};
|
73
75
|
}
|
@@ -86,14 +88,14 @@ export class JWT {
|
|
86
88
|
}
|
87
89
|
let verify = false;
|
88
90
|
// Preparation of the data to verify the signature.
|
89
|
-
const data = `${
|
91
|
+
const data = `${extracted.headerRaw}.${extracted.payloadRaw}`;
|
90
92
|
// Verification of the signature based on the algorithm specified in the header.
|
91
93
|
switch (extracted.header.alg) {
|
92
94
|
case 'HS256':
|
93
|
-
verify = await HmacSha256.
|
95
|
+
verify = extracted.signature === btoa(await HmacSha256.encrypt(data, secretKey)).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
|
94
96
|
break;
|
95
97
|
case 'HS512':
|
96
|
-
verify = await HmacSha512.
|
98
|
+
verify = extracted.signature === btoa(await HmacSha512.encrypt(data, secretKey)).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
|
97
99
|
break;
|
98
100
|
default:
|
99
101
|
throw new JwtError(`Unsupported algorithm`);
|
package/dist/JwtExtract.d.ts
CHANGED