@payello-module/jwt 1.20240419.1640 → 1.20240922.121

package/dist/JWT.d.ts

@@ -23,7 +23,7 @@ export declare class JWT {
      * @param key - The key for signing the JWT
      * @returns A promise that resolves to the signed JWT string.
      */
-    static sign(payload: JWTPayload, alg: JWTAlgorithm, key: string | BufferSource): Promise<string>;
+    static sign(payload: JWTPayload, alg: JWTAlgorithm, key: string | BufferSource, kid?: string): Promise<string>;
     /**
      * Extracts and returns the header, payload, and signature components from a JWT string.
      * @param input - The JWT string to be parsed.

package/dist/JWT.js

@@ -40,12 +40,13 @@ export class JWT {
      * @param key - The key for signing the JWT
      * @returns A promise that resolves to the signed JWT string.
      */
-    static async sign(payload, alg, key) {
+    static async sign(payload, alg, key, kid) {
         if (typeof JWTAlgorithms[alg] == "undefined")
             throw new JwtError("Unknown algorithm");
         const _header = {
             typ: 'JWT',
-            alg: alg
+            alg: alg,
+            kid: kid
         };
         const body = base64_encode_urlsafe(JSON.stringify(_header)) +
             "." +

package/dist/JwtError.d.ts

@@ -1,4 +1,5 @@
 export declare class JwtError extends Error {
     type: "@payello/module-jwt#JwtError";
+    name: string;
     constructor(message: string, options?: ErrorOptions);
 }

package/dist/JwtError.js

@@ -1,5 +1,6 @@
 export class JwtError extends Error {
     type = "@payello/module-jwt#JwtError";
+    name = "JwtError";
     constructor(message, options) {
         super(message, options);
     }

package/dist/JwtHeader.d.ts

@@ -2,4 +2,5 @@ import { JWTAlgorithm } from "./JWTAlgorithms";
 export interface JwtHeader {
     typ: 'JWT';
     alg: JWTAlgorithm;
+    kid?: string;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@payello-module/jwt",
-  "version": "1.20240419.1640",
+  "version": "1.20240922.121",
   "author": "Payello <devsupport@payello.com> (https://payello.com/)",
   "displayName": "@payello-module/jwt",
   "description": "JSON Web Token Module",
@@ -18,12 +18,5 @@
   "files": [
     "dist/*"
   ],
-  "license": "UNLICENSED",
-  "repository": {
-    "type": "git",
-    "url": "https://git.fuse.hk/payello/dev/payello-module/jwt"
-  },
-  "dependencies": {
-    "@payello-module/encryption": "^0.1.3"
-  }
+  "license": "UNLICENSED"
 }

package/readme.md

@@ -1,14 +1,31 @@
 # JWT Module
 
-This is a TypeScript library for working with JSON Web Tokens (JWT). It provides easy-to-use asynchronous methods to sign, extract, and verify JWTs using HMAC SHA256 and HMAC SHA512 hashing algorithms.
-
-This module relies on the `@payello-module/encryption` package for encryption operations.
+This is a TypeScript library for working with JSON Web Tokens (JWT). It provides easy-to-use asynchronous methods to sign, extract, and verify JWTs using a variety of hashing algorithms.
 
 ## Features
 
+- **Generate key pairs:** Create keys for all supported algorithms.
 - **Sign JWTs:** Create signed JWTs with custom payloads and options.
-- **Extract JWTs:** Extract the payload, header, and signature from a JWT.
-- **Verify JWTs:** Verify the authenticity of a JWT against a secret key.
+- **Extract JWTs:** Extract the header, payload, and signature from a JWT.
+- **Verify JWT Signature:** Verify the signature of a JWT against a verify key.
+
+### Supported algorithms
+This package supports all algorithms defined in [RFC 7518 (JSON Web Algorithms (JWA))](https://datatracker.ietf.org/doc/html/rfc7518).
+
+| Algorithm | Description |
+|-----------|-------------|
+| `HS256`   | HMAC using SHA-256 |
+| `HS384`   | HMAC using SHA-384 |
+| `HS512`   | HMAC using SHA-512 |
+| `RS256`   | RSASSA-PKCS1-v1_5 using SHA-256 |
+| `RS384`   | RSASSA-PKCS1-v1_5 using SHA-384 |
+| `RS512`   | RSASSA-PKCS1-v1_5 using SHA-512 |
+| `ES256`   | ECDSA using P-256 and SHA-256 |
+| `ES384`   | ECDSA using P-384 and SHA-384 |
+| `ES512`   | ECDSA using P-521 and SHA-512 |
+| `PS256`   | RSASSA-PSS using SHA-256 and MGF1 with SHA-256 |
+| `PS384`   | RSASSA-PSS using SHA-384 and MGF1 with SHA-384 |
+| `PS512`   | RSASSA-PSS using SHA-512 and MGF1 with SHA-512 |
 
 ## Installation
 
@@ -22,19 +39,33 @@ yarn add @payello-module/jwt
 
 ## Usage
 
+### Generating Key Pairs
+
+To generate a key pair for a specific algorithm, you can use the `generateKeys` method:
+
+```typescript
+import { JWT } from '@payello-module/jwt';
+
+const alg = 'RS256'; // or any other supported algorithm
+
+JWT.generateKeys(alg)
+  .then(keyPair => {
+    console.log('Sign Key (Private Key):', keyPair.sign.base64);
+    console.log('Verify Key (Public Key):', keyPair.verify.base64);
+  })
+  .catch(error => console.error(error));
+```
+
 ### Signing a JWT
 
 ```typescript
 import { JWT } from '@payello-module/jwt';
 
 const payload = { /* Your JWT payload here */ };
-const options = {
-  privKey: 'your_private_key',
-  pubKey: 'your_public_key',
-  algorithm: 'HS512' // or 'HS256'
-};
+const alg = 'HS512'; // or any other supported algorithm
+const key = 'your_signing_key';
 
-JWT.sign(payload, options)
+JWT.sign(payload, alg, key)
   .then(token => console.log(token))
   .catch(error => console.error(error));
 ```
@@ -59,29 +90,41 @@ JWT.extract(token)
 import { JWT } from '@payello-module/jwt';
 
 const token = 'your.jwt.token';
-const getSecretKey = async (issuer) => {
-  // Logic to retrieve the secret key for a given issuer
-  return 'secret_key';
+const getVerifyKey = async (header, payload) => {
+  // Logic to retrieve the verification key for the given header and payload
+  return 'verify_key';
 };
 
-JWT.verify(token, { getSecretKey })
-  .then(isVerified => console.log(isVerified))
+JWT.verifySignature(token, getVerifyKey)
+  .then(({ verified, extracted }) => {
+    if (verified) {
+      console.log('JWT is verified');
+      console.log(extracted);
+    } else {
+      console.log('JWT verification failed');
+    }
+  })
   .catch(error => console.error(error));
 ```
 
 ## API Reference
 
-#### `JWT.sign(payload: any, options: JwtSignOpts): Promise<string>`
+#### `JWT.generateKeys(alg?: JWTAlgorithm): Promise<JWTKeyPair>`
+
+Generates a new key pair for the given algorithm. If no algorithm is provided, it defaults to "HS256" (HMAC with SHA-256).
+
+#### `JWT.sign(payload: JWTPayload, alg: JWTAlgorithm, key: string | BufferSource): Promise<string>`
 
 Signs the provided payload and returns a JWT string.
 
-#### `JWT.extract(input: string, opts: JwtExtractOpts): Promise<JwtExtract>`
+#### `JWT.extract(input: string, opts?: JwtExtractOpts): Promise<JwtExtract>`
 
 Extracts and returns the header, payload, and signature from a JWT string.
 
-#### `JWT.verify(input: string, opts: { getSecretKey(issuer: string): Promise<string> }): Promise<boolean>`
+#### `JWT.verifySignature(token: string, getVerifyKey: (header: JwtHeader, payload: JWTPayload) => Promise<BufferSource | string> | BufferSource | string, throwErrors?: boolean): Promise<{ verified: boolean, extracted: JwtExtract | null }>`
+
+Verifies a JWT string by checking the signature using the provided verification key. If `throwErrors` is set to `true`, it will throw a `JwtError` if the token is not valid.
 
-Verifies a JWT string against a secret key retrieved by the `getSecretKey` function.
 
 ## Contributing