npm - @payello-module/jwt - Versions diffs - 1.20240419.1640 → 1.20240922.121 - Mend

@payello-module/jwt 1.20240419.1640 → 1.20240922.121

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/JWT.d.ts CHANGED Viewed

@@ -23,7 +23,7 @@ export declare class JWT {
      * @param key - The key for signing the JWT
      * @returns A promise that resolves to the signed JWT string.
      */
-    static sign(payload: JWTPayload, alg: JWTAlgorithm, key: string | BufferSource): Promise<string>;
+    static sign(payload: JWTPayload, alg: JWTAlgorithm, key: string | BufferSource, kid?: string): Promise<string>;
     /**
      * Extracts and returns the header, payload, and signature components from a JWT string.
      * @param input - The JWT string to be parsed.

package/dist/JWT.js CHANGED Viewed

@@ -40,12 +40,13 @@ export class JWT {
      * @param key - The key for signing the JWT
      * @returns A promise that resolves to the signed JWT string.
      */
-    static async sign(payload, alg, key) {
+    static async sign(payload, alg, key, kid) {
         if (typeof JWTAlgorithms[alg] == "undefined")
             throw new JwtError("Unknown algorithm");
         const _header = {
             typ: 'JWT',
-            alg: alg
+            alg: alg,
+            kid: kid
         };
         const body = base64_encode_urlsafe(JSON.stringify(_header)) +
             "." +

package/dist/JwtError.d.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 export declare class JwtError extends Error {
     type: "@payello/module-jwt#JwtError";
+    name: string;
     constructor(message: string, options?: ErrorOptions);
 }

package/dist/JwtError.js CHANGED Viewed

@@ -1,5 +1,6 @@
 export class JwtError extends Error {
     type = "@payello/module-jwt#JwtError";
+    name = "JwtError";
     constructor(message, options) {
         super(message, options);
     }

package/dist/JwtHeader.d.ts CHANGED Viewed

@@ -2,4 +2,5 @@ import { JWTAlgorithm } from "./JWTAlgorithms";
 export interface JwtHeader {
     typ: 'JWT';
     alg: JWTAlgorithm;
+    kid?: string;
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@payello-module/jwt",
-  "version": "1.20240419.1640",
+  "version": "1.20240922.121",
   "author": "Payello <devsupport@payello.com> (https://payello.com/)",
   "displayName": "@payello-module/jwt",
   "description": "JSON Web Token Module",
@@ -18,12 +18,5 @@
   "files": [
     "dist/*"
   ],
-  "license": "UNLICENSED",
-  "repository": {
-    "type": "git",
-    "url": "https://git.fuse.hk/payello/dev/payello-module/jwt"
-  },
-  "dependencies": {
-    "@payello-module/encryption": "^0.1.3"
-  }
+  "license": "UNLICENSED"
 }

package/readme.md CHANGED Viewed

@@ -1,14 +1,31 @@
 # JWT Module
-This is a TypeScript library for working with JSON Web Tokens (JWT). It provides easy-to-use asynchronous methods to sign, extract, and verify JWTs using HMAC SHA256 and HMAC SHA512 hashing algorithms.
-This module relies on the `@payello-module/encryption` package for encryption operations.
+This is a TypeScript library for working with JSON Web Tokens (JWT). It provides easy-to-use asynchronous methods to sign, extract, and verify JWTs using a variety of hashing algorithms.
 ## Features
+- **Generate key pairs:** Create keys for all supported algorithms.
 - **Sign JWTs:** Create signed JWTs with custom payloads and options.
-- **Extract JWTs:** Extract the payload, header, and signature from a JWT.
-- **Verify JWTs:** Verify the authenticity of a JWT against a secret key.
+- **Extract JWTs:** Extract the header, payload, and signature from a JWT.
+- **Verify JWT Signature:** Verify the signature of a JWT against a verify key.
+### Supported algorithms
+This package supports all algorithms defined in [RFC 7518 (JSON Web Algorithms (JWA))](https://datatracker.ietf.org/doc/html/rfc7518).
+| Algorithm | Description |
+|-----------|-------------|
+| `HS256`   | HMAC using SHA-256 |
+| `HS384`   | HMAC using SHA-384 |
+| `HS512`   | HMAC using SHA-512 |
+| `RS256`   | RSASSA-PKCS1-v1_5 using SHA-256 |
+| `RS384`   | RSASSA-PKCS1-v1_5 using SHA-384 |
+| `RS512`   | RSASSA-PKCS1-v1_5 using SHA-512 |
+| `ES256`   | ECDSA using P-256 and SHA-256 |
+| `ES384`   | ECDSA using P-384 and SHA-384 |
+| `ES512`   | ECDSA using P-521 and SHA-512 |
+| `PS256`   | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 |
+| `PS384`   | RSASSA-PSS using SHA-384 and MGF1 with SHA-384 |
+| `PS512`   | RSASSA-PSS using SHA-512 and MGF1 with SHA-512 |
 ## Installation
@@ -22,19 +39,33 @@ yarn add @payello-module/jwt
 ## Usage
+### Generating Key Pairs
+To generate a key pair for a specific algorithm, you can use the `generateKeys` method:
+```typescript
+import { JWT } from '@payello-module/jwt';
+const alg = 'RS256'; // or any other supported algorithm
+JWT.generateKeys(alg)
+  .then(keyPair => {
+    console.log('Sign Key (Private Key):', keyPair.sign.base64);
+    console.log('Verify Key (Public Key):', keyPair.verify.base64);
+  })
+  .catch(error => console.error(error));
+```
 ### Signing a JWT
 ```typescript
 import { JWT } from '@payello-module/jwt';
 const payload = { /* Your JWT payload here */ };
-const options = {
-  privKey: 'your_private_key',
-  pubKey: 'your_public_key',
-  algorithm: 'HS512' // or 'HS256'
-};
+const alg = 'HS512'; // or any other supported algorithm
+const key = 'your_signing_key';
-JWT.sign(payload, options)
+JWT.sign(payload, alg, key)
   .then(token => console.log(token))
   .catch(error => console.error(error));
 ```
@@ -59,29 +90,41 @@ JWT.extract(token)
 import { JWT } from '@payello-module/jwt';
 const token = 'your.jwt.token';
-const getSecretKey = async (issuer) => {
-  // Logic to retrieve the secret key for a given issuer
-  return 'secret_key';
+const getVerifyKey = async (header, payload) => {
+  // Logic to retrieve the verification key for the given header and payload
+  return 'verify_key';
 };
-JWT.verify(token, { getSecretKey })
-  .then(isVerified => console.log(isVerified))
+JWT.verifySignature(token, getVerifyKey)
+  .then(({ verified, extracted }) => {
+    if (verified) {
+      console.log('JWT is verified');
+      console.log(extracted);
+    } else {
+      console.log('JWT verification failed');
+    }
+  })
   .catch(error => console.error(error));
 ```
 ## API Reference
-#### `JWT.sign(payload: any, options: JwtSignOpts): Promise<string>`
+#### `JWT.generateKeys(alg?: JWTAlgorithm): Promise<JWTKeyPair>`
+Generates a new key pair for the given algorithm. If no algorithm is provided, it defaults to "HS256" (HMAC with SHA-256).
+#### `JWT.sign(payload: JWTPayload, alg: JWTAlgorithm, key: string | BufferSource): Promise<string>`
 Signs the provided payload and returns a JWT string.
-#### `JWT.extract(input: string, opts: JwtExtractOpts): Promise<JwtExtract>`
+#### `JWT.extract(input: string, opts?: JwtExtractOpts): Promise<JwtExtract>`
 Extracts and returns the header, payload, and signature from a JWT string.
-#### `JWT.verify(input: string, opts: { getSecretKey(issuer: string): Promise<string> }): Promise<boolean>`
+#### `JWT.verifySignature(token: string, getVerifyKey: (header: JwtHeader, payload: JWTPayload) => Promise<BufferSource | string> | BufferSource | string, throwErrors?: boolean): Promise<{ verified: boolean, extracted: JwtExtract | null }>`
+Verifies a JWT string by checking the signature using the provided verification key. If `throwErrors` is set to `true`, it will throw a `JwtError` if the token is not valid.
-Verifies a JWT string against a secret key retrieved by the `getSecretKey` function.
 ## Contributing