@payello-module/jwt 1.20240419.1635 → 1.20240419.2346
Sign up to get free protection for your applications and to get access to all the features.
- package/dist/{src/JwtError.d.ts → JwtError.d.ts} +1 -0
- package/dist/{src/JwtError.js → JwtError.js} +1 -0
- package/package.json +2 -9
- package/readme.md +63 -20
- package/dist/test/test.d.ts +0 -1
- package/dist/test/test.js +0 -46
- /package/dist/{src/JWT.d.ts → JWT.d.ts} +0 -0
- /package/dist/{src/JWT.js → JWT.js} +0 -0
- /package/dist/{src/JWTAlgorithms.d.ts → JWTAlgorithms.d.ts} +0 -0
- /package/dist/{src/JWTAlgorithms.js → JWTAlgorithms.js} +0 -0
- /package/dist/{src/JWTKeyPair.d.ts → JWTKeyPair.d.ts} +0 -0
- /package/dist/{src/JWTKeyPair.js → JWTKeyPair.js} +0 -0
- /package/dist/{src/JWTPayload.d.ts → JWTPayload.d.ts} +0 -0
- /package/dist/{src/JWTPayload.js → JWTPayload.js} +0 -0
- /package/dist/{src/JwtExtract.d.ts → JwtExtract.d.ts} +0 -0
- /package/dist/{src/JwtExtract.js → JwtExtract.js} +0 -0
- /package/dist/{src/JwtExtractOpts.d.ts → JwtExtractOpts.d.ts} +0 -0
- /package/dist/{src/JwtExtractOpts.js → JwtExtractOpts.js} +0 -0
- /package/dist/{src/JwtHeader.d.ts → JwtHeader.d.ts} +0 -0
- /package/dist/{src/JwtHeader.js → JwtHeader.js} +0 -0
- /package/dist/{src/JwtSignOpts.d.ts → JwtSignOpts.d.ts} +0 -0
- /package/dist/{src/JwtSignOpts.js → JwtSignOpts.js} +0 -0
- /package/dist/{src/base64_encode_buffer.d.ts → base64_encode_buffer.d.ts} +0 -0
- /package/dist/{src/base64_encode_buffer.js → base64_encode_buffer.js} +0 -0
- /package/dist/{src/index.d.ts → index.d.ts} +0 -0
- /package/dist/{src/index.js → index.js} +0 -0
package/package.json
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
{
|
2
2
|
"name": "@payello-module/jwt",
|
3
|
-
"version": "1.20240419.
|
3
|
+
"version": "1.20240419.2346",
|
4
4
|
"author": "Payello <devsupport@payello.com> (https://payello.com/)",
|
5
5
|
"displayName": "@payello-module/jwt",
|
6
6
|
"description": "JSON Web Token Module",
|
@@ -18,12 +18,5 @@
|
|
18
18
|
"files": [
|
19
19
|
"dist/*"
|
20
20
|
],
|
21
|
-
"license": "UNLICENSED"
|
22
|
-
"repository": {
|
23
|
-
"type": "git",
|
24
|
-
"url": "https://git.fuse.hk/payello/dev/payello-module/jwt"
|
25
|
-
},
|
26
|
-
"dependencies": {
|
27
|
-
"@payello-module/encryption": "^0.1.3"
|
28
|
-
}
|
21
|
+
"license": "UNLICENSED"
|
29
22
|
}
|
package/readme.md
CHANGED
@@ -1,14 +1,31 @@
|
|
1
1
|
# JWT Module
|
2
2
|
|
3
|
-
This is a TypeScript library for working with JSON Web Tokens (JWT). It provides easy-to-use asynchronous methods to sign, extract, and verify JWTs using
|
4
|
-
|
5
|
-
This module relies on the `@payello-module/encryption` package for encryption operations.
|
3
|
+
This is a TypeScript library for working with JSON Web Tokens (JWT). It provides easy-to-use asynchronous methods to sign, extract, and verify JWTs using a variety of hashing algorithms.
|
6
4
|
|
7
5
|
## Features
|
8
6
|
|
7
|
+
- **Generate key pairs:** Create keys for all supported algorithms.
|
9
8
|
- **Sign JWTs:** Create signed JWTs with custom payloads and options.
|
10
|
-
- **Extract JWTs:** Extract the
|
11
|
-
- **Verify
|
9
|
+
- **Extract JWTs:** Extract the header, payload, and signature from a JWT.
|
10
|
+
- **Verify JWT Signature:** Verify the signature of a JWT against a verify key.
|
11
|
+
|
12
|
+
### Supported algorithms
|
13
|
+
This package supports all algorithms defined in [RFC 7518 (JSON Web Algorithms (JWA))](https://datatracker.ietf.org/doc/html/rfc7518).
|
14
|
+
|
15
|
+
| Algorithm | Description |
|
16
|
+
|-----------|-------------|
|
17
|
+
| `HS256` | HMAC using SHA-256 |
|
18
|
+
| `HS384` | HMAC using SHA-384 |
|
19
|
+
| `HS512` | HMAC using SHA-512 |
|
20
|
+
| `RS256` | RSASSA-PKCS1-v1_5 using SHA-256 |
|
21
|
+
| `RS384` | RSASSA-PKCS1-v1_5 using SHA-384 |
|
22
|
+
| `RS512` | RSASSA-PKCS1-v1_5 using SHA-512 |
|
23
|
+
| `ES256` | ECDSA using P-256 and SHA-256 |
|
24
|
+
| `ES384` | ECDSA using P-384 and SHA-384 |
|
25
|
+
| `ES512` | ECDSA using P-521 and SHA-512 |
|
26
|
+
| `PS256` | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 |
|
27
|
+
| `PS384` | RSASSA-PSS using SHA-384 and MGF1 with SHA-384 |
|
28
|
+
| `PS512` | RSASSA-PSS using SHA-512 and MGF1 with SHA-512 |
|
12
29
|
|
13
30
|
## Installation
|
14
31
|
|
@@ -22,19 +39,33 @@ yarn add @payello-module/jwt
|
|
22
39
|
|
23
40
|
## Usage
|
24
41
|
|
42
|
+
### Generating Key Pairs
|
43
|
+
|
44
|
+
To generate a key pair for a specific algorithm, you can use the `generateKeys` method:
|
45
|
+
|
46
|
+
```typescript
|
47
|
+
import { JWT } from '@payello-module/jwt';
|
48
|
+
|
49
|
+
const alg = 'RS256'; // or any other supported algorithm
|
50
|
+
|
51
|
+
JWT.generateKeys(alg)
|
52
|
+
.then(keyPair => {
|
53
|
+
console.log('Sign Key (Private Key):', keyPair.sign.base64);
|
54
|
+
console.log('Verify Key (Public Key):', keyPair.verify.base64);
|
55
|
+
})
|
56
|
+
.catch(error => console.error(error));
|
57
|
+
```
|
58
|
+
|
25
59
|
### Signing a JWT
|
26
60
|
|
27
61
|
```typescript
|
28
62
|
import { JWT } from '@payello-module/jwt';
|
29
63
|
|
30
64
|
const payload = { /* Your JWT payload here */ };
|
31
|
-
const
|
32
|
-
|
33
|
-
pubKey: 'your_public_key',
|
34
|
-
algorithm: 'HS512' // or 'HS256'
|
35
|
-
};
|
65
|
+
const alg = 'HS512'; // or any other supported algorithm
|
66
|
+
const key = 'your_signing_key';
|
36
67
|
|
37
|
-
JWT.sign(payload,
|
68
|
+
JWT.sign(payload, alg, key)
|
38
69
|
.then(token => console.log(token))
|
39
70
|
.catch(error => console.error(error));
|
40
71
|
```
|
@@ -59,29 +90,41 @@ JWT.extract(token)
|
|
59
90
|
import { JWT } from '@payello-module/jwt';
|
60
91
|
|
61
92
|
const token = 'your.jwt.token';
|
62
|
-
const
|
63
|
-
// Logic to retrieve the
|
64
|
-
return '
|
93
|
+
const getVerifyKey = async (header, payload) => {
|
94
|
+
// Logic to retrieve the verification key for the given header and payload
|
95
|
+
return 'verify_key';
|
65
96
|
};
|
66
97
|
|
67
|
-
JWT.
|
68
|
-
.then(
|
98
|
+
JWT.verifySignature(token, getVerifyKey)
|
99
|
+
.then(({ verified, extracted }) => {
|
100
|
+
if (verified) {
|
101
|
+
console.log('JWT is verified');
|
102
|
+
console.log(extracted);
|
103
|
+
} else {
|
104
|
+
console.log('JWT verification failed');
|
105
|
+
}
|
106
|
+
})
|
69
107
|
.catch(error => console.error(error));
|
70
108
|
```
|
71
109
|
|
72
110
|
## API Reference
|
73
111
|
|
74
|
-
#### `JWT.
|
112
|
+
#### `JWT.generateKeys(alg?: JWTAlgorithm): Promise<JWTKeyPair>`
|
113
|
+
|
114
|
+
Generates a new key pair for the given algorithm. If no algorithm is provided, it defaults to "HS256" (HMAC with SHA-256).
|
115
|
+
|
116
|
+
#### `JWT.sign(payload: JWTPayload, alg: JWTAlgorithm, key: string | BufferSource): Promise<string>`
|
75
117
|
|
76
118
|
Signs the provided payload and returns a JWT string.
|
77
119
|
|
78
|
-
#### `JWT.extract(input: string, opts
|
120
|
+
#### `JWT.extract(input: string, opts?: JwtExtractOpts): Promise<JwtExtract>`
|
79
121
|
|
80
122
|
Extracts and returns the header, payload, and signature from a JWT string.
|
81
123
|
|
82
|
-
#### `JWT.
|
124
|
+
#### `JWT.verifySignature(token: string, getVerifyKey: (header: JwtHeader, payload: JWTPayload) => Promise<BufferSource | string> | BufferSource | string, throwErrors?: boolean): Promise<{ verified: boolean, extracted: JwtExtract | null }>`
|
125
|
+
|
126
|
+
Verifies a JWT string by checking the signature using the provided verification key. If `throwErrors` is set to `true`, it will throw a `JwtError` if the token is not valid.
|
83
127
|
|
84
|
-
Verifies a JWT string against a secret key retrieved by the `getSecretKey` function.
|
85
128
|
|
86
129
|
## Contributing
|
87
130
|
|
package/dist/test/test.d.ts
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
export {};
|
package/dist/test/test.js
DELETED
@@ -1,46 +0,0 @@
|
|
1
|
-
import { JWT } from "../src/JWT";
|
2
|
-
import { JWTAlgorithms } from "../src/JWTAlgorithms";
|
3
|
-
/**
|
4
|
-
* Ensures that verification works for all algorithms
|
5
|
-
*/
|
6
|
-
async function Test1() {
|
7
|
-
for (let key of Object.keys(JWTAlgorithms)) {
|
8
|
-
console.log("ALG: ", key);
|
9
|
-
const keys = await JWT.generateKeys(key);
|
10
|
-
console.log("KEYS: ", keys);
|
11
|
-
const signed = await JWT.sign({ iss: "Hello" }, key, keys.sign.base64);
|
12
|
-
console.log("SIGNED: ", signed);
|
13
|
-
const verify = await JWT.verifySignature(signed, () => { return keys.verify.base64; });
|
14
|
-
console.log("VERIFIED: ", verify);
|
15
|
-
if (!verify.verified) {
|
16
|
-
throw new Error("Not verified!");
|
17
|
-
}
|
18
|
-
console.log("----");
|
19
|
-
}
|
20
|
-
}
|
21
|
-
/**
|
22
|
-
* Ensures that signature manipulation fails for all algorithms
|
23
|
-
*/
|
24
|
-
async function Test2() {
|
25
|
-
for (let key of Object.keys(JWTAlgorithms)) {
|
26
|
-
console.log("ALG: ", key);
|
27
|
-
const keys = await JWT.generateKeys(key);
|
28
|
-
console.log("KEYS: ", keys);
|
29
|
-
const signed = await JWT.sign({ iss: "Hello" }, key, keys.sign.base64);
|
30
|
-
console.log("SIGNED: ", signed);
|
31
|
-
const signed2 = await JWT.sign({ iss: "Hello there" }, key, keys.sign.base64);
|
32
|
-
console.log("SIGNED2: ", signed);
|
33
|
-
const token = signed.split('.').map(x => (val, index) => {
|
34
|
-
if (index == 2)
|
35
|
-
return signed2.split('.')[index];
|
36
|
-
return val;
|
37
|
-
}).join('.');
|
38
|
-
const verify = await JWT.verifySignature(token, () => { return keys.verify.base64; });
|
39
|
-
console.log("VERIFIED: ", verify);
|
40
|
-
if (verify.verified) {
|
41
|
-
throw new Error("Somehow verified (shouldn't be)");
|
42
|
-
}
|
43
|
-
console.log("----");
|
44
|
-
}
|
45
|
-
}
|
46
|
-
Test1();
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|