npm - @sourceregistry/node-jwt - Versions diffs - 1.2.1 → 1.3.1 - Mend

@sourceregistry/node-jwt 1.2.1 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/README.md +128 -147
package/dist/index-CSRWSLal.cjs +2 -0
package/dist/index-CSRWSLal.cjs.map +1 -0
package/dist/index-DyXdSqEc.js +515 -0
package/dist/index-DyXdSqEc.js.map +1 -0
package/dist/index.cjs.js +1 -1
package/dist/index.cjs.js.map +1 -1
package/dist/index.d.ts +2 -236
package/dist/index.es.js +18 -366
package/dist/index.es.js.map +1 -1
package/dist/jwks/index.d.ts +91 -0
package/dist/jwks/promises.d.ts +51 -0
package/dist/jwt/index.d.ts +249 -0
package/dist/jwt/promises.d.ts +118 -0
package/dist/promises.cjs.js +1 -1
package/dist/promises.cjs.js.map +1 -1
package/dist/promises.d.ts +2 -115
package/dist/promises.es.js +34 -15
package/dist/promises.es.js.map +1 -1
package/package.json +1 -1

package/dist/index.es.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.es.js","sources":["../src/index.ts"],"sourcesContent":["import crypto, {\n createHmac,\n createSign,\n createVerify,\n sign as cryptoSign,\n verify as cryptoVerify,\n timingSafeEqual,\n type BinaryLike,\n type KeyLike\n} from 'crypto';\n\n// Base64URL helpers (padding-safe)\nexport const base64Url = {\n encode: (input: string \| Buffer): string =>\n Buffer.from(input).toString('base64url'),\n\n decode: (input: string): string => {\n // Node.js Buffer handles unpadded base64url since v16, but we normalize for safety\n return Buffer.from(input, 'base64url').toString();\n }\n};\n\n// Timing-safe string comparison to prevent timing attacks\nconst timingSafeCompare = (a: string, b: string): boolean => {\n if (a.length !== b.length) {\n return false;\n }\n return timingSafeEqual(Buffer.from(a), Buffer.from(b));\n};\n\n// Standard JWT payload claims\nexport interface JWTPayload {\n /*\n Issuer\n /\n iss?: string;\n /\n Subject\n /\n sub?: string;\n /\n Audience\n /\n aud?: string \| string[];\n /\n Expiration Time (as UNIX timestamp)\n /\n exp?: number;\n /\n Not Before (as UNIX timestamp)\n /\n nbf?: number;\n /\n Issued At (as UNIX timestamp)\n /\n iat?: number;\n /\n JWT ID\n /\n jti?: string;\n /\n Session ID\n /\n sid?: string;\n\n /\n Custom claims\n /\n [key: string]: unknown;\n}\n\nexport interface JWTHeader {\n alg: string; // Allow unknown algs during decode\n typ?: string;\n kid?: string;\n}\n\nexport interface JWT {\n header: JWTHeader;\n payload: JWTPayload;\n signature: string;\n}\n\n// Signature algorithms\nexport const SignatureAlgorithm = {\n // HMAC\n HS256: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createHmac('sha256', secret).update(data).digest('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n const expected = createHmac('sha256', secret).update(data).digest('base64url');\n return timingSafeCompare(expected, signature);\n }\n },\n HS384: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createHmac('sha384', secret).update(data).digest('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n const expected = createHmac('sha384', secret).update(data).digest('base64url');\n return timingSafeCompare(expected, signature);\n }\n },\n HS512: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createHmac('sha512', secret).update(data).digest('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n const expected = createHmac('sha512', secret).update(data).digest('base64url');\n return timingSafeCompare(expected, signature);\n }\n },\n\n // RSA (DER-encoded signatures, base64url)\n RS256: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createSign('RSA-SHA256').update(data).end().sign(secret).toString('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n try {\n return createVerify('RSA-SHA256')\n .update(data)\n .end()\n .verify(secret, Buffer.from(signature, 'base64url'));\n } catch {\n return false;\n }\n }\n },\n RS384: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createSign('RSA-SHA384').update(data).end().sign(secret).toString('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n try {\n return createVerify('RSA-SHA384')\n .update(data)\n .end()\n .verify(secret, Buffer.from(signature, 'base64url'));\n } catch {\n return false;\n }\n }\n },\n RS512: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createSign('RSA-SHA512').update(data).end().sign(secret).toString('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n try {\n return createVerify('RSA-SHA512')\n .update(data)\n .end()\n .verify(secret, Buffer.from(signature, 'base64url'));\n } catch {\n return false;\n }\n }\n },\n\n // ECDSA (DER-encoded by default — no dsaEncoding!)\n ES256: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createSign('SHA256').update(data).end().sign(secret).toString('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n try {\n return createVerify('SHA256')\n .update(data)\n .end()\n .verify(secret, Buffer.from(signature, 'base64url'));\n } catch {\n return false;\n }\n }\n },\n ES384: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createSign('SHA384').update(data).end().sign(secret).toString('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n try {\n return createVerify('SHA384')\n .update(data)\n .end()\n .verify(secret, Buffer.from(signature, 'base64url'));\n } catch {\n return false;\n }\n }\n },\n ES512: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createSign('SHA512').update(data).end().sign(secret).toString('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n try {\n return createVerify('SHA512')\n .update(data)\n .end()\n .verify(secret, Buffer.from(signature, 'base64url'));\n } catch {\n return false;\n }\n }\n },\n ES256K: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createSign('SHA256').update(data).end().sign(secret).toString('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n try {\n return createVerify('SHA256')\n .update(data)\n .end()\n .verify(secret, Buffer.from(signature, 'base64url'));\n } catch {\n return false;\n }\n }\n },\n PS256: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createSign('RSA-SHA256')\n .update(data)\n .end()\n .sign({\n //@ts-ignore\n key: secret,\n padding: crypto.constants.RSA_PKCS1_PSS_PADDING,\n saltLength: 32\n })\n .toString('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n try {\n return createVerify('RSA-SHA256')\n .update(data)\n .end()\n .verify({\n //@ts-ignore\n key: secret,\n padding: crypto.constants.RSA_PKCS1_PSS_PADDING,\n saltLength: 32\n }, Buffer.from(signature, 'base64url'));\n } catch {\n return false;\n }\n }\n },\n PS384: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createSign('RSA-SHA384')\n .update(data)\n .end()\n .sign({\n //@ts-ignore\n key: secret,\n padding: crypto.constants.RSA_PKCS1_PSS_PADDING,\n saltLength: 48\n })\n .toString('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n try {\n return createVerify('RSA-SHA384')\n .update(data)\n .end()\n .verify({\n //@ts-ignore\n key: secret,\n padding: crypto.constants.RSA_PKCS1_PSS_PADDING,\n saltLength: 48\n }, Buffer.from(signature, 'base64url'));\n } catch {\n return false;\n }\n }\n },\n PS512: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n createSign('RSA-SHA512')\n .update(data)\n .end()\n .sign({\n //@ts-ignore\n key: secret,\n padding: crypto.constants.RSA_PKCS1_PSS_PADDING,\n saltLength: 64\n })\n .toString('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n try {\n return createVerify('RSA-SHA512')\n .update(data)\n .end()\n .verify({\n //@ts-ignore\n key: secret,\n padding: crypto.constants.RSA_PKCS1_PSS_PADDING,\n saltLength: 64\n }, Buffer.from(signature, 'base64url'));\n } catch {\n return false;\n }\n }\n },\n EdDSA: {\n sign: (data: BinaryLike, secret: KeyLike) =>\n cryptoSign(null, typeof data === 'string' ? Buffer.from(data, 'utf8') : data, secret)\n .toString('base64url'),\n verify: (data: BinaryLike, secret: KeyLike, signature: string) => {\n try {\n return cryptoVerify(\n null,\n typeof data === 'string' ? Buffer.from(data, 'utf8') : data,\n secret,\n Buffer.from(signature, 'base64url')\n );\n } catch {\n return false;\n }\n }\n }\n} as const;\n\nexport type SupportedAlgorithm = keyof typeof SignatureAlgorithm;\n\nexport const SupportedAlgorithms = Object.keys(SignatureAlgorithm) as Array<SupportedAlgorithm>;\n\n/\n Decode a JWT string into its parts (without verification)\n /\nexport const decode = (token: string): JWT => {\n const parts = token.split('.');\n if (parts.length !== 3) {\n throw new Error('Invalid JWT: must contain exactly 3 parts separated by \".\"');\n }\n\n const [headerPart, payloadPart, signature] = parts;\n\n if (!headerPart \|\| !payloadPart \|\| !signature) {\n throw new Error('Invalid JWT: empty part detected');\n }\n\n try {\n const header = JSON.parse(base64Url.decode(headerPart)) as JWTHeader;\n const payload = JSON.parse(base64Url.decode(payloadPart)) as JWTPayload;\n return {header, payload, signature};\n } catch (err) {\n throw new Error(`Invalid JWT: malformed header or payload (${(err as Error).message})`);\n }\n};\n\n/\n Sign a JWT\n /\nexport const sign = (\n payload: JWTPayload,\n secret: KeyLike,\n options: {\n alg?: SupportedAlgorithm;\n kid?: string;\n typ?: string;\n } = {}\n): string => {\n const alg = options.alg ?? 'HS256';\n const typ = options.typ ?? 'JWT';\n\n if (!(alg in SignatureAlgorithm)) {\n throw new Error(`Unsupported algorithm: ${alg}`);\n }\n\n const header: JWTHeader = {alg, typ};\n if (options.kid) header.kid = options.kid;\n\n const headerEncoded = base64Url.encode(JSON.stringify(header));\n const payloadEncoded = base64Url.encode(JSON.stringify(payload));\n\n const signingInput = `${headerEncoded}.${payloadEncoded}`;\n const signature = SignatureAlgorithm[alg].sign(signingInput, secret);\n\n return `${headerEncoded}.${payloadEncoded}.${signature}`;\n};\n\n/\n Verify and validate a JWT\n */\nexport const verify = (\n token: string,\n secret: KeyLike,\n options: {\n algorithms?: SupportedAlgorithm[]; // Whitelist of allowed algorithms\n issuer?: string;\n subject?: string;\n audience?: string \| string[];\n jwtId?: string;\n ignoreExpiration?: boolean;\n clockSkew?: number; // in seconds, default 0\n maxTokenAge?: number; // Maximum age in seconds\n } = {}\n):\n \| { valid: true; header: JWTHeader; payload: JWTPayload; signature: string }\n \| { valid: false; error: { reason: string; code: string } } => {\n let decoded: JWT;\n try {\n decoded = decode(token);\n } catch (err) {\n return {\n valid: false,\n error: {\n reason: (err as Error).message,\n code: 'INVALID_TOKEN'\n }\n };\n }\n\n const {header, payload, signature} = decoded;\n\n // Validate algorithm\n const alg = header.alg as SupportedAlgorithm;\n if (!(alg in SignatureAlgorithm)) {\n return {\n valid: false,\n error: {\n reason: `Unsupported or unknown algorithm: ${header.alg}`,\n code: 'INVALID_ALGORITHM'\n }\n };\n }\n\n // Algorithm whitelist validation (prevents algorithm confusion attacks)\n if (options.algorithms && options.algorithms.length > 0) {\n if (!options.algorithms.includes(alg)) {\n return {\n valid: false,\n error: {\n reason: `Algorithm \"${alg}\" is not in the allowed algorithms list`,\n code: 'ALGORITHM_NOT_ALLOWED'\n }\n };\n }\n }\n\n // Validate 'typ' header (must be 'JWT' if present)\n if (header.typ !== undefined && header.typ !== 'JWT') {\n return {\n valid: false,\n error: {\n reason: `Invalid token type: expected 'JWT', got '${header.typ}'`,\n code: 'INVALID_TYPE'\n }\n };\n }\n\n // Verify signature\n const signingInput = `${base64Url.encode(JSON.stringify(header))}.${base64Url.encode(JSON.stringify(payload))}`;\n const isValidSignature = SignatureAlgorithm[alg].verify(signingInput, secret, signature);\n\n if (!isValidSignature) {\n return {\n valid: false,\n error: {\n reason: \"Signature verification failed\",\n code: 'INVALID_SIGNATURE'\n }\n };\n }\n\n // Time validation\n const now = Math.floor(Date.now() / 1000);\n const skew = options.clockSkew ?? 0;\n\n if (!options.ignoreExpiration) {\n if (payload.exp !== undefined && now > payload.exp + skew) {\n return {\n valid: false,\n error: {\n reason: 'Token expired',\n code: 'TOKEN_EXPIRED'\n }\n };\n }\n }\n\n if (payload.nbf !== undefined && now + skew < payload.nbf) {\n return {\n valid: false,\n error: {\n reason: 'Token not yet valid',\n code: 'TOKEN_NOT_ACTIVE'\n }\n };\n }\n\n if (payload.iat !== undefined && now + skew < payload.iat) {\n return {\n valid: false,\n error: {\n reason: 'Token issued in the future',\n code: 'TOKEN_FUTURE_ISSUED'\n }\n };\n }\n\n // Maximum token age validation\n if (options.maxTokenAge !== undefined && payload.iat !== undefined) {\n const tokenAge = now - payload.iat;\n if (tokenAge > options.maxTokenAge) {\n return {\n valid: false,\n error: {\n reason: `Token age (${tokenAge}s) exceeds maximum allowed age (${options.maxTokenAge}s)`,\n code: 'TOKEN_TOO_OLD'\n }\n };\n }\n }\n\n // --- Claim validations (only if options provided) ---\n\n // Issuer (`iss`)\n if (options.issuer !== undefined) {\n if (payload.iss === undefined) {\n return {\n valid: false,\n error: {\n reason: 'Token missing required issuer claim (\"iss\")',\n code: 'MISSING_ISSUER'\n }\n };\n }\n if (options.issuer !== payload.iss) {\n return {\n valid: false,\n error: {\n reason: `Invalid token issuer: expected \"${options.issuer}\", got \"${payload.iss}\"`,\n code: 'INVALID_ISSUER'\n }\n };\n }\n }\n\n // Subject (`sub`)\n if (options.subject !== undefined) {\n if (payload.sub === undefined) {\n return {\n valid: false,\n error: {\n reason: 'Token missing required subject claim (\"sub\")',\n code: 'MISSING_SUBJECT'\n }\n };\n }\n if (options.subject !== payload.sub) {\n return {\n valid: false,\n error: {\n reason: `Invalid token subject: expected \"${options.subject}\", got \"${payload.sub}\"`,\n code: 'INVALID_SUBJECT'\n }\n };\n }\n }\n\n // Audience (`aud`)\n if (options.audience !== undefined) {\n const aud = payload.aud;\n if (aud === undefined) {\n return {\n valid: false,\n error: {\n reason: 'Token missing required audience claim (\"aud\")',\n code: 'MISSING_AUDIENCE'\n }\n };\n }\n\n const expectedAud = Array.isArray(options.audience) ? options.audience : [options.audience];\n const tokenAud = Array.isArray(aud) ? aud : [aud];\n\n const hasMatch = expectedAud.some(a => tokenAud.includes(a));\n if (!hasMatch) {\n return {\n valid: false,\n error: {\n reason: 'Audience claim mismatch',\n code: 'INVALID_AUDIENCE'\n }\n };\n }\n }\n\n // JWT ID (`jti`)\n if (options.jwtId !== undefined) {\n if (payload.jti === undefined) {\n return {\n valid: false,\n error: {\n reason: 'Token missing required JWT ID claim (\"jti\")',\n code: 'MISSING_JTI'\n }\n };\n }\n if (options.jwtId !== payload.jti) {\n return {\n valid: false,\n error: {\n reason: `Invalid JWT ID: expected \"${options.jwtId}\", got \"${payload.jti}\"`,\n code: 'INVALID_JTI'\n }\n };\n }\n }\n\n return {valid: true, header, payload, signature};\n};\n\n// Optional: namespace export\nexport const JWT = {\n sign,\n verify,\n decode,\n algorithms: SignatureAlgorithm\n};\n"],"names":["base64Url","input","timingSafeCompare","a","b","timingSafeEqual","SignatureAlgorithm","data","secret","createHmac","signature","expected","createSign","createVerify","crypto","cryptoSign","cryptoVerify","SupportedAlgorithms","decode","token","parts","headerPart","payloadPart","header","payload","err","sign","options","alg","typ","headerEncoded","payloadEncoded","signingInput","verify","decoded","now","skew","tokenAge","aud","expectedAud","tokenAud","JWT"],"mappings":";AAYO,MAAMA,IAAY;AAAA,EACrB,QAAQ,CAACC,MACL,OAAO,KAAKA,CAAK,EAAE,SAAS,WAAW;AAAA,EAE3C,QAAQ,CAACA,MAEE,OAAO,KAAKA,GAAO,WAAW,EAAE,SAAA;AAE/C,GAGMC,IAAoB,CAACC,GAAWC,MAC9BD,EAAE,WAAWC,EAAE,SACR,KAEJC,EAAgB,OAAO,KAAKF,CAAC,GAAG,OAAO,KAAKC,CAAC,CAAC,GAyD5CE,IAAqB;AAAA;AAAA,EAE9B,OAAO;AAAA,IACH,MAAM,CAACC,GAAkBC,MACrBC,EAAW,UAAUD,CAAM,EAAE,OAAOD,CAAI,EAAE,OAAO,WAAW;AAAA,IAChE,QAAQ,CAACA,GAAkBC,GAAiBE,MAAsB;AAC9D,YAAMC,IAAWF,EAAW,UAAUD,CAAM,EAAE,OAAOD,CAAI,EAAE,OAAO,WAAW;AAC7E,aAAOL,EAAkBS,GAAUD,CAAS;AAAA,IAChD;AAAA,EAAA;AAAA,EAEJ,OAAO;AAAA,IACH,MAAM,CAACH,GAAkBC,MACrBC,EAAW,UAAUD,CAAM,EAAE,OAAOD,CAAI,EAAE,OAAO,WAAW;AAAA,IAChE,QAAQ,CAACA,GAAkBC,GAAiBE,MAAsB;AAC9D,YAAMC,IAAWF,EAAW,UAAUD,CAAM,EAAE,OAAOD,CAAI,EAAE,OAAO,WAAW;AAC7E,aAAOL,EAAkBS,GAAUD,CAAS;AAAA,IAChD;AAAA,EAAA;AAAA,EAEJ,OAAO;AAAA,IACH,MAAM,CAACH,GAAkBC,MACrBC,EAAW,UAAUD,CAAM,EAAE,OAAOD,CAAI,EAAE,OAAO,WAAW;AAAA,IAChE,QAAQ,CAACA,GAAkBC,GAAiBE,MAAsB;AAC9D,YAAMC,IAAWF,EAAW,UAAUD,CAAM,EAAE,OAAOD,CAAI,EAAE,OAAO,WAAW;AAC7E,aAAOL,EAAkBS,GAAUD,CAAS;AAAA,IAChD;AAAA,EAAA;AAAA;AAAA,EAIJ,OAAO;AAAA,IACH,MAAM,CAACH,GAAkBC,MACrBI,EAAW,YAAY,EAAE,OAAOL,CAAI,EAAE,MAAM,KAAKC,CAAM,EAAE,SAAS,WAAW;AAAA,IACjF,QAAQ,CAACD,GAAkBC,GAAiBE,MAAsB;AAC9D,UAAI;AACA,eAAOG,EAAa,YAAY,EAC3B,OAAON,CAAI,EACX,IAAA,EACA,OAAOC,GAAQ,OAAO,KAAKE,GAAW,WAAW,CAAC;AAAA,MAC3D,QAAQ;AACJ,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EAAA;AAAA,EAEJ,OAAO;AAAA,IACH,MAAM,CAACH,GAAkBC,MACrBI,EAAW,YAAY,EAAE,OAAOL,CAAI,EAAE,MAAM,KAAKC,CAAM,EAAE,SAAS,WAAW;AAAA,IACjF,QAAQ,CAACD,GAAkBC,GAAiBE,MAAsB;AAC9D,UAAI;AACA,eAAOG,EAAa,YAAY,EAC3B,OAAON,CAAI,EACX,IAAA,EACA,OAAOC,GAAQ,OAAO,KAAKE,GAAW,WAAW,CAAC;AAAA,MAC3D,QAAQ;AACJ,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EAAA;AAAA,EAEJ,OAAO;AAAA,IACH,MAAM,CAACH,GAAkBC,MACrBI,EAAW,YAAY,EAAE,OAAOL,CAAI,EAAE,MAAM,KAAKC,CAAM,EAAE,SAAS,WAAW;AAAA,IACjF,QAAQ,CAACD,GAAkBC,GAAiBE,MAAsB;AAC9D,UAAI;AACA,eAAOG,EAAa,YAAY,EAC3B,OAAON,CAAI,EACX,IAAA,EACA,OAAOC,GAAQ,OAAO,KAAKE,GAAW,WAAW,CAAC;AAAA,MAC3D,QAAQ;AACJ,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EAAA;AAAA;AAAA,EAIJ,OAAO;AAAA,IACH,MAAM,CAACH,GAAkBC,MACrBI,EAAW,QAAQ,EAAE,OAAOL,CAAI,EAAE,MAAM,KAAKC,CAAM,EAAE,SAAS,WAAW;AAAA,IAC7E,QAAQ,CAACD,GAAkBC,GAAiBE,MAAsB;AAC9D,UAAI;AACA,eAAOG,EAAa,QAAQ,EACvB,OAAON,CAAI,EACX,IAAA,EACA,OAAOC,GAAQ,OAAO,KAAKE,GAAW,WAAW,CAAC;AAAA,MAC3D,QAAQ;AACJ,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EAAA;AAAA,EAEJ,OAAO;AAAA,IACH,MAAM,CAACH,GAAkBC,MACrBI,EAAW,QAAQ,EAAE,OAAOL,CAAI,EAAE,MAAM,KAAKC,CAAM,EAAE,SAAS,WAAW;AAAA,IAC7E,QAAQ,CAACD,GAAkBC,GAAiBE,MAAsB;AAC9D,UAAI;AACA,eAAOG,EAAa,QAAQ,EACvB,OAAON,CAAI,EACX,IAAA,EACA,OAAOC,GAAQ,OAAO,KAAKE,GAAW,WAAW,CAAC;AAAA,MAC3D,QAAQ;AACJ,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EAAA;AAAA,EAEJ,OAAO;AAAA,IACH,MAAM,CAACH,GAAkBC,MACrBI,EAAW,QAAQ,EAAE,OAAOL,CAAI,EAAE,MAAM,KAAKC,CAAM,EAAE,SAAS,WAAW;AAAA,IAC7E,QAAQ,CAACD,GAAkBC,GAAiBE,MAAsB;AAC9D,UAAI;AACA,eAAOG,EAAa,QAAQ,EACvB,OAAON,CAAI,EACX,IAAA,EACA,OAAOC,GAAQ,OAAO,KAAKE,GAAW,WAAW,CAAC;AAAA,MAC3D,QAAQ;AACJ,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EAAA;AAAA,EAEJ,QAAQ;AAAA,IACJ,MAAM,CAACH,GAAkBC,MACrBI,EAAW,QAAQ,EAAE,OAAOL,CAAI,EAAE,MAAM,KAAKC,CAAM,EAAE,SAAS,WAAW;AAAA,IAC7E,QAAQ,CAACD,GAAkBC,GAAiBE,MAAsB;AAC9D,UAAI;AACA,eAAOG,EAAa,QAAQ,EACvB,OAAON,CAAI,EACX,IAAA,EACA,OAAOC,GAAQ,OAAO,KAAKE,GAAW,WAAW,CAAC;AAAA,MAC3D,QAAQ;AACJ,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EAAA;AAAA,EAEJ,OAAO;AAAA,IACH,MAAM,CAACH,GAAkBC,MACrBI,EAAW,YAAY,EAClB,OAAOL,CAAI,EACX,IAAA,EACA,KAAK;AAAA;AAAA,MAEF,KAAKC;AAAA,MACL,SAASM,EAAO,UAAU;AAAA,MAC1B,YAAY;AAAA,IAAA,CACf,EACA,SAAS,WAAW;AAAA,IAC7B,QAAQ,CAACP,GAAkBC,GAAiBE,MAAsB;AAC9D,UAAI;AACA,eAAOG,EAAa,YAAY,EAC3B,OAAON,CAAI,EACX,IAAA,EACA,OAAO;AAAA;AAAA,UAEJ,KAAKC;AAAA,UACL,SAASM,EAAO,UAAU;AAAA,UAC1B,YAAY;AAAA,QAAA,GACb,OAAO,KAAKJ,GAAW,WAAW,CAAC;AAAA,MAC9C,QAAQ;AACJ,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EAAA;AAAA,EAEJ,OAAO;AAAA,IACH,MAAM,CAACH,GAAkBC,MACrBI,EAAW,YAAY,EAClB,OAAOL,CAAI,EACX,IAAA,EACA,KAAK;AAAA;AAAA,MAEF,KAAKC;AAAA,MACL,SAASM,EAAO,UAAU;AAAA,MAC1B,YAAY;AAAA,IAAA,CACf,EACA,SAAS,WAAW;AAAA,IAC7B,QAAQ,CAACP,GAAkBC,GAAiBE,MAAsB;AAC9D,UAAI;AACA,eAAOG,EAAa,YAAY,EAC3B,OAAON,CAAI,EACX,IAAA,EACA,OAAO;AAAA;AAAA,UAEJ,KAAKC;AAAA,UACL,SAASM,EAAO,UAAU;AAAA,UAC1B,YAAY;AAAA,QAAA,GACb,OAAO,KAAKJ,GAAW,WAAW,CAAC;AAAA,MAC9C,QAAQ;AACJ,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EAAA;AAAA,EAEJ,OAAO;AAAA,IACH,MAAM,CAACH,GAAkBC,MACrBI,EAAW,YAAY,EAClB,OAAOL,CAAI,EACX,IAAA,EACA,KAAK;AAAA;AAAA,MAEF,KAAKC;AAAA,MACL,SAASM,EAAO,UAAU;AAAA,MAC1B,YAAY;AAAA,IAAA,CACf,EACA,SAAS,WAAW;AAAA,IAC7B,QAAQ,CAACP,GAAkBC,GAAiBE,MAAsB;AAC9D,UAAI;AACA,eAAOG,EAAa,YAAY,EAC3B,OAAON,CAAI,EACX,IAAA,EACA,OAAO;AAAA;AAAA,UAEJ,KAAKC;AAAA,UACL,SAASM,EAAO,UAAU;AAAA,UAC1B,YAAY;AAAA,QAAA,GACb,OAAO,KAAKJ,GAAW,WAAW,CAAC;AAAA,MAC9C,QAAQ;AACJ,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EAAA;AAAA,EAEJ,OAAO;AAAA,IACH,MAAM,CAACH,GAAkBC,MACrBO,EAAW,MAAM,OAAOR,KAAS,WAAW,OAAO,KAAKA,GAAM,MAAM,IAAIA,GAAMC,CAAM,EAC/E,SAAS,WAAW;AAAA,IAC7B,QAAQ,CAACD,GAAkBC,GAAiBE,MAAsB;AAC9D,UAAI;AACA,eAAOM;AAAAA,UACH;AAAA,UACA,OAAOT,KAAS,WAAW,OAAO,KAAKA,GAAM,MAAM,IAAIA;AAAA,UACvDC;AAAA,UACA,OAAO,KAAKE,GAAW,WAAW;AAAA,QAAA;AAAA,MAE1C,QAAQ;AACJ,eAAO;AAAA,MACX;AAAA,IACJ;AAAA,EAAA;AAER,GAIaO,IAAsB,OAAO,KAAKX,CAAkB,GAKpDY,IAAS,CAACC,MAAuB;AAC1C,QAAMC,IAAQD,EAAM,MAAM,GAAG;AAC7B,MAAIC,EAAM,WAAW;AACjB,UAAM,IAAI,MAAM,4DAA4D;AAGhF,QAAM,CAACC,GAAYC,GAAaZ,CAAS,IAAIU;AAE7C,MAAI,CAACC,KAAc,CAACC,KAAe,CAACZ;AAChC,UAAM,IAAI,MAAM,kCAAkC;AAGtD,MAAI;AACA,UAAMa,IAAS,KAAK,MAAMvB,EAAU,OAAOqB,CAAU,CAAC,GAChDG,IAAU,KAAK,MAAMxB,EAAU,OAAOsB,CAAW,CAAC;AACxD,WAAO,EAAC,QAAAC,GAAQ,SAAAC,GAAS,WAAAd,EAAA;AAAA,EAC7B,SAASe,GAAK;AACV,UAAM,IAAI,MAAM,6CAA8CA,EAAc,OAAO,GAAG;AAAA,EAC1F;AACJ,GAKaC,IAAO,CAChBF,GACAhB,GACAmB,IAII,CAAA,MACK;AACT,QAAMC,IAAMD,EAAQ,OAAO,SACrBE,IAAMF,EAAQ,OAAO;AAE3B,MAAI,EAAEC,KAAOtB;AACT,UAAM,IAAI,MAAM,0BAA0BsB,CAAG,EAAE;AAGnD,QAAML,IAAoB,EAAC,KAAAK,GAAK,KAAAC,EAAA;AAChC,EAAIF,EAAQ,QAAKJ,EAAO,MAAMI,EAAQ;AAEtC,QAAMG,IAAgB9B,EAAU,OAAO,KAAK,UAAUuB,CAAM,CAAC,GACvDQ,IAAiB/B,EAAU,OAAO,KAAK,UAAUwB,CAAO,CAAC,GAEzDQ,IAAe,GAAGF,CAAa,IAAIC,CAAc,IACjDrB,IAAYJ,EAAmBsB,CAAG,EAAE,KAAKI,GAAcxB,CAAM;AAEnE,SAAO,GAAGsB,CAAa,IAAIC,CAAc,IAAIrB,CAAS;AAC1D,GAKauB,IAAS,CAClBd,GACAX,GACAmB,IASI,CAAA,MAG2D;AAC/D,MAAIO;AACJ,MAAI;AACA,IAAAA,IAAUhB,EAAOC,CAAK;AAAA,EAC1B,SAASM,GAAK;AACV,WAAO;AAAA,MACH,OAAO;AAAA,MACP,OAAO;AAAA,QACH,QAASA,EAAc;AAAA,QACvB,MAAM;AAAA,MAAA;AAAA,IACV;AAAA,EAER;AAEA,QAAM,EAAC,QAAAF,GAAQ,SAAAC,GAAS,WAAAd,EAAA,IAAawB,GAG/BN,IAAML,EAAO;AACnB,MAAI,EAAEK,KAAOtB;AACT,WAAO;AAAA,MACH,OAAO;AAAA,MACP,OAAO;AAAA,QACH,QAAQ,qCAAqCiB,EAAO,GAAG;AAAA,QACvD,MAAM;AAAA,MAAA;AAAA,IACV;AAKR,MAAII,EAAQ,cAAcA,EAAQ,WAAW,SAAS,KAC9C,CAACA,EAAQ,WAAW,SAASC,CAAG;AAChC,WAAO;AAAA,MACH,OAAO;AAAA,MACP,OAAO;AAAA,QACH,QAAQ,cAAcA,CAAG;AAAA,QACzB,MAAM;AAAA,MAAA;AAAA,IACV;AAMZ,MAAIL,EAAO,QAAQ,UAAaA,EAAO,QAAQ;AAC3C,WAAO;AAAA,MACH,OAAO;AAAA,MACP,OAAO;AAAA,QACH,QAAQ,4CAA4CA,EAAO,GAAG;AAAA,QAC9D,MAAM;AAAA,MAAA;AAAA,IACV;AAKR,QAAMS,IAAe,GAAGhC,EAAU,OAAO,KAAK,UAAUuB,CAAM,CAAC,CAAC,IAAIvB,EAAU,OAAO,KAAK,UAAUwB,CAAO,CAAC,CAAC;AAG7G,MAAI,CAFqBlB,EAAmBsB,CAAG,EAAE,OAAOI,GAAcxB,GAAQE,CAAS;AAGnF,WAAO;AAAA,MACH,OAAO;AAAA,MACP,OAAO;AAAA,QACH,QAAQ;AAAA,QACR,MAAM;AAAA,MAAA;AAAA,IACV;AAKR,QAAMyB,IAAM,KAAK,MAAM,KAAK,IAAA,IAAQ,GAAI,GAClCC,IAAOT,EAAQ,aAAa;AAElC,MAAI,CAACA,EAAQ,oBACLH,EAAQ,QAAQ,UAAaW,IAAMX,EAAQ,MAAMY;AACjD,WAAO;AAAA,MACH,OAAO;AAAA,MACP,OAAO;AAAA,QACH,QAAQ;AAAA,QACR,MAAM;AAAA,MAAA;AAAA,IACV;AAKZ,MAAIZ,EAAQ,QAAQ,UAAaW,IAAMC,IAAOZ,EAAQ;AAClD,WAAO;AAAA,MACH,OAAO;AAAA,MACP,OAAO;AAAA,QACH,QAAQ;AAAA,QACR,MAAM;AAAA,MAAA;AAAA,IACV;AAIR,MAAIA,EAAQ,QAAQ,UAAaW,IAAMC,IAAOZ,EAAQ;AAClD,WAAO;AAAA,MACH,OAAO;AAAA,MACP,OAAO;AAAA,QACH,QAAQ;AAAA,QACR,MAAM;AAAA,MAAA;AAAA,IACV;AAKR,MAAIG,EAAQ,gBAAgB,UAAaH,EAAQ,QAAQ,QAAW;AAChE,UAAMa,IAAWF,IAAMX,EAAQ;AAC/B,QAAIa,IAAWV,EAAQ;AACnB,aAAO;AAAA,QACH,OAAO;AAAA,QACP,OAAO;AAAA,UACH,QAAQ,cAAcU,CAAQ,mCAAmCV,EAAQ,WAAW;AAAA,UACpF,MAAM;AAAA,QAAA;AAAA,MACV;AAAA,EAGZ;AAKA,MAAIA,EAAQ,WAAW,QAAW;AAC9B,QAAIH,EAAQ,QAAQ;AAChB,aAAO;AAAA,QACH,OAAO;AAAA,QACP,OAAO;AAAA,UACH,QAAQ;AAAA,UACR,MAAM;AAAA,QAAA;AAAA,MACV;AAGR,QAAIG,EAAQ,WAAWH,EAAQ;AAC3B,aAAO;AAAA,QACH,OAAO;AAAA,QACP,OAAO;AAAA,UACH,QAAQ,mCAAmCG,EAAQ,MAAM,WAAWH,EAAQ,GAAG;AAAA,UAC/E,MAAM;AAAA,QAAA;AAAA,MACV;AAAA,EAGZ;AAGA,MAAIG,EAAQ,YAAY,QAAW;AAC/B,QAAIH,EAAQ,QAAQ;AAChB,aAAO;AAAA,QACH,OAAO;AAAA,QACP,OAAO;AAAA,UACH,QAAQ;AAAA,UACR,MAAM;AAAA,QAAA;AAAA,MACV;AAGR,QAAIG,EAAQ,YAAYH,EAAQ;AAC5B,aAAO;AAAA,QACH,OAAO;AAAA,QACP,OAAO;AAAA,UACH,QAAQ,oCAAoCG,EAAQ,OAAO,WAAWH,EAAQ,GAAG;AAAA,UACjF,MAAM;AAAA,QAAA;AAAA,MACV;AAAA,EAGZ;AAGA,MAAIG,EAAQ,aAAa,QAAW;AAChC,UAAMW,IAAMd,EAAQ;AACpB,QAAIc,MAAQ;AACR,aAAO;AAAA,QACH,OAAO;AAAA,QACP,OAAO;AAAA,UACH,QAAQ;AAAA,UACR,MAAM;AAAA,QAAA;AAAA,MACV;AAIR,UAAMC,IAAc,MAAM,QAAQZ,EAAQ,QAAQ,IAAIA,EAAQ,WAAW,CAACA,EAAQ,QAAQ,GACpFa,IAAW,MAAM,QAAQF,CAAG,IAAIA,IAAM,CAACA,CAAG;AAGhD,QAAI,CADaC,EAAY,KAAK,OAAKC,EAAS,SAASrC,CAAC,CAAC;AAEvD,aAAO;AAAA,QACH,OAAO;AAAA,QACP,OAAO;AAAA,UACH,QAAQ;AAAA,UACR,MAAM;AAAA,QAAA;AAAA,MACV;AAAA,EAGZ;AAGA,MAAIwB,EAAQ,UAAU,QAAW;AAC7B,QAAIH,EAAQ,QAAQ;AAChB,aAAO;AAAA,QACH,OAAO;AAAA,QACP,OAAO;AAAA,UACH,QAAQ;AAAA,UACR,MAAM;AAAA,QAAA;AAAA,MACV;AAGR,QAAIG,EAAQ,UAAUH,EAAQ;AAC1B,aAAO;AAAA,QACH,OAAO;AAAA,QACP,OAAO;AAAA,UACH,QAAQ,6BAA6BG,EAAQ,KAAK,WAAWH,EAAQ,GAAG;AAAA,UACxE,MAAM;AAAA,QAAA;AAAA,MACV;AAAA,EAGZ;AAEA,SAAO,EAAC,OAAO,IAAM,QAAAD,GAAQ,SAAAC,GAAS,WAAAd,EAAA;AAC1C,GAGa+B,IAAM;AAAA,EACf,MAAAf;AAAA,EACA,QAAAO;AAAA,EACA,QAAAf;AAAA,EACA,YAAYZ;AAChB;"}
1	+ {"version":3,"file":"index.es.js","sources":[],"sourcesContent":[],"names":[],"mappings":";"}

package/dist/jwks/index.d.ts ADDED Viewed

@@ -0,0 +1,91 @@
+import { KeyObject } from 'crypto';
+export type JWK = RSAJWK | ECJWK | OKPJWK | OctJWK;
+interface BaseJWK {
+    kty: string;
+    kid?: string;
+    alg?: string;
+    use?: 'sig' | 'enc';
+    key_ops?: Array<'sign' | 'verify'>;
+    x5c?: string[];
+    x5t?: string;
+}
+export interface RSAJWK extends BaseJWK {
+    kty: 'RSA';
+    n: string;
+    e: string;
+    d?: string;
+    p?: string;
+    q?: string;
+    dp?: string;
+    dq?: string;
+    qi?: string;
+}
+export interface ECJWK extends BaseJWK {
+    kty: 'EC';
+    crv: 'P-256' | 'P-384' | 'P-521' | 'secp256k1';
+    x: string;
+    y: string;
+    d?: string;
+}
+export interface OKPJWK extends BaseJWK {
+    kty: 'OKP';
+    crv: 'Ed25519';
+    x: string;
+    d?: string;
+}
+export interface OctJWK extends BaseJWK {
+    kty: 'oct';
+    k: string;
+}
+/**
+ * Export KeyObject to JWK
+ * @param key
+ */
+export declare function exportJWK(key: KeyObject): JWK;
+/**
+ * Import JWK to KeyObject
+ * @param jwk
+ */
+export declare function importJWK(jwk: JWK): KeyObject;
+/**
+ * Export public-only JWK
+ * @param key
+ */
+export declare function toPublicJWK(key: KeyObject): JWK;
+/**
+ * RFC 7638 JWK thumbprint
+ * @param jwk
+ * @param hashAlg
+ */
+export declare function getJWKThumbprint(jwk: JWK, hashAlg?: 'sha256'): string;
+/**
+ * Compute x5t (SHA-1) from first cert in x5c if not set
+ * @param jwk
+ */
+export declare function computeX5T(jwk: JWK): string | undefined;
+export declare const JWK: {
+    export: typeof exportJWK;
+    import: typeof importJWK;
+    toPublic: typeof toPublicJWK;
+    thumbprint: typeof getJWKThumbprint;
+};
+export interface JWKS {
+    keys: JWK[];
+}
+/**
+ * Convert JWKS specific key of first key to KeyObject
+ * @param jwks
+ * @param kid
+ * @constructor
+ */
+export declare function JWKSToKeyObject(jwks: JWKS, kid?: string): KeyObject;
+/**
+ * Normalize JWKS
+ * @param jwks
+ */
+export declare function normalizeJWKS(jwks: JWKS): JWKS;
+export declare const JWKS: {
+    toKeyObject: typeof JWKSToKeyObject;
+    normalize: typeof normalizeJWKS;
+};
+export {};

package/dist/jwks/promises.d.ts ADDED Viewed

@@ -0,0 +1,51 @@
+import { KeyObject } from 'crypto';
+import { JWK as JWKType, JWKS as JSONWebKeySet } from './';
+/**
+ * Export a KeyObject to JWK
+ * @param key
+ */
+export declare const exportJWK: (key: KeyObject) => Promise<JWKType>;
+/**
+ * Import a JWK to KeyObject
+ * @param jwk
+ */
+export declare const importJWK: (jwk: JWKType) => Promise<KeyObject>;
+/**
+ * Export public-only JWK
+ * @param key
+ */
+export declare const toPublicJWK: (key: KeyObject) => Promise<JWKType>;
+/**
+ * RFC 7638 JWK thumbprint
+ * @param jwk
+ * @param hashAlg
+ */
+export declare const getJWKThumbprint: (jwk: JWKType, hashAlg?: "sha256") => Promise<string>;
+/**
+ * Resolve a KeyObject from a JWKS (kid-based)
+ * @param jwks
+ * @param kid
+ * @constructor
+ */
+export declare const JWKSToKeyObject: (jwks: JSONWebKeySet, kid?: string) => Promise<KeyObject>;
+/**
+ * Normalize JWKS (auto-generate missing kid values)
+ * @param jwks
+ */
+export declare const normalizeJWKS: (jwks: JSONWebKeySet) => Promise<JSONWebKeySet>;
+/**
+ * Compute x5t (SHA-1) from first cert in x5c if not set
+ * @param jwk
+ */
+export declare const computeX5T: (jwk: JWKType) => Promise<string | undefined>;
+export declare const JWK: {
+    export: (key: KeyObject) => Promise<JWKType>;
+    import: (jwk: JWKType) => Promise<KeyObject>;
+    toPublic: (key: KeyObject) => Promise<JWKType>;
+    thumbprint: (jwk: JWKType, hashAlg?: "sha256") => Promise<string>;
+    computeX5T: (jwk: JWKType) => Promise<string | undefined>;
+};
+export declare const JWKS: {
+    toKeyObject: (jwks: JSONWebKeySet, kid?: string) => Promise<KeyObject>;
+    normalize: (jwks: JSONWebKeySet) => Promise<JSONWebKeySet>;
+};

package/dist/jwt/index.d.ts ADDED Viewed

@@ -0,0 +1,249 @@
+import { BinaryLike, KeyLike, KeyObject } from 'crypto';
+export declare const base64Url: {
+    encode: (input: string | Buffer) => string;
+    decode: (input: string) => string;
+};
+export interface JWTPayload {
+    /**
+     * Issuer
+     */
+    iss?: string;
+    /**
+     * Subject
+     */
+    sub?: string;
+    /**
+     * Audience
+     */
+    aud?: string | string[];
+    /**
+     * Expiration Time (as UNIX timestamp)
+     */
+    exp?: number;
+    /**
+     * Not Before (as UNIX timestamp)
+     */
+    nbf?: number;
+    /**
+     * Issued At (as UNIX timestamp)
+     */
+    iat?: number;
+    /**
+     * JWT ID
+     */
+    jti?: string;
+    /**
+     * Session ID
+     */
+    sid?: string;
+    /**
+     * Custom claims
+     */
+    [key: string]: unknown;
+}
+export interface JWTHeader {
+    alg: string;
+    typ?: string;
+    kid?: string;
+}
+export interface JWT {
+    header: JWTHeader;
+    payload: JWTPayload;
+    signature: string;
+}
+export declare const SignatureAlgorithm: {
+    readonly HS256: {
+        readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+        readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+    };
+    readonly HS384: {
+        readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+        readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+    };
+    readonly HS512: {
+        readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+        readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+    };
+    readonly RS256: {
+        readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+        readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+    };
+    readonly RS384: {
+        readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+        readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+    };
+    readonly RS512: {
+        readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+        readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+    };
+    readonly ES256: {
+        readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+        readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+    };
+    readonly ES384: {
+        readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+        readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+    };
+    readonly ES512: {
+        readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+        readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+    };
+    readonly ES256K: {
+        readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+        readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+    };
+    readonly PS256: {
+        readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+        readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+    };
+    readonly PS384: {
+        readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+        readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+    };
+    readonly PS512: {
+        readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+        readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+    };
+    readonly EdDSA: {
+        readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+        readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+    };
+};
+export type SupportedAlgorithm = keyof typeof SignatureAlgorithm;
+export declare const SupportedAlgorithms: Array<SupportedAlgorithm>;
+/**
+ * Autodetection of algorithm for KeyObjects
+ * @param key
+ * @constructor
+ */
+export declare function AutodetectAlgorithm(key: KeyObject): SupportedAlgorithm;
+/**
+ * Decode a JWT string into its parts (without verification)
+ * @param token
+ */
+export declare const decode: (token: string) => JWT;
+/**
+ * Sign a JWT
+ * @param payload
+ * @param secret
+ * @param options
+ */
+export declare const sign: (payload: JWTPayload, secret: KeyLike, options?: {
+    alg?: SupportedAlgorithm;
+    kid?: string;
+    typ?: string;
+}) => string;
+/**
+ * Verify and validate a JWT
+ * @param token
+ * @param secret
+ * @param options
+ */
+export declare const verify: (token: string, secret: KeyLike, options?: {
+    algorithms?: SupportedAlgorithm[];
+    issuer?: string;
+    subject?: string;
+    audience?: string | string[];
+    jwtId?: string;
+    ignoreExpiration?: boolean;
+    clockSkew?: number;
+    maxTokenAge?: number;
+}) => {
+    valid: true;
+    header: JWTHeader;
+    payload: JWTPayload;
+    signature: string;
+} | {
+    valid: false;
+    error: {
+        reason: string;
+        code: string;
+    };
+};
+export declare const JWT: {
+    sign: (payload: JWTPayload, secret: KeyLike, options?: {
+        alg?: SupportedAlgorithm;
+        kid?: string;
+        typ?: string;
+    }) => string;
+    verify: (token: string, secret: KeyLike, options?: {
+        algorithms?: SupportedAlgorithm[];
+        issuer?: string;
+        subject?: string;
+        audience?: string | string[];
+        jwtId?: string;
+        ignoreExpiration?: boolean;
+        clockSkew?: number;
+        maxTokenAge?: number;
+    }) => {
+        valid: true;
+        header: JWTHeader;
+        payload: JWTPayload;
+        signature: string;
+    } | {
+        valid: false;
+        error: {
+            reason: string;
+            code: string;
+        };
+    };
+    decode: (token: string) => JWT;
+    algorithms: {
+        readonly HS256: {
+            readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly HS384: {
+            readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly HS512: {
+            readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly RS256: {
+            readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly RS384: {
+            readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly RS512: {
+            readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly ES256: {
+            readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly ES384: {
+            readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly ES512: {
+            readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly ES256K: {
+            readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly PS256: {
+            readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly PS384: {
+            readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly PS512: {
+            readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly EdDSA: {
+            readonly sign: (data: BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+    };
+};

package/dist/jwt/promises.d.ts ADDED Viewed

@@ -0,0 +1,118 @@
+import { KeyLike } from 'crypto';
+import { JWT as JSONWebToken, JWTPayload, SupportedAlgorithm, JWTHeader } from '../';
+export { type SupportedAlgorithm, SupportedAlgorithms, SignatureAlgorithm, type JWTHeader, type JWTPayload } from '../index';
+/**
+ * Decode a JWT string into its parts (without verification)
+ * @param token
+ */
+export declare const decode: (token: string) => Promise<JSONWebToken>;
+/**
+ * Sign a JWT
+ * @param payload
+ * @param secret
+ * @param options
+ */
+export declare const sign: (payload: JWTPayload, secret: KeyLike, options?: {
+    alg?: SupportedAlgorithm;
+    kid?: string;
+    typ?: string;
+}) => Promise<string>;
+/**
+ * Verify and validate a JWT
+ * @throws { { reason: string; code: string } } if invalid
+ */
+export declare const verify: (token: string, secret: KeyLike, options?: {
+    algorithms?: SupportedAlgorithm[];
+    issuer?: string;
+    subject?: string;
+    audience?: string | string[];
+    jwtId?: string;
+    ignoreExpiration?: boolean;
+    clockSkew?: number;
+    maxTokenAge?: number;
+}) => Promise<{
+    header: JWTHeader;
+    payload: JWTPayload;
+    signature: string;
+}>;
+export type JWT = JSONWebToken;
+export declare const JWT: {
+    sign: (payload: JWTPayload, secret: KeyLike, options?: {
+        alg?: SupportedAlgorithm;
+        kid?: string;
+        typ?: string;
+    }) => Promise<string>;
+    verify: (token: string, secret: KeyLike, options?: {
+        algorithms?: SupportedAlgorithm[];
+        issuer?: string;
+        subject?: string;
+        audience?: string | string[];
+        jwtId?: string;
+        ignoreExpiration?: boolean;
+        clockSkew?: number;
+        maxTokenAge?: number;
+    }) => Promise<{
+        header: JWTHeader;
+        payload: JWTPayload;
+        signature: string;
+    }>;
+    decode: (token: string) => Promise<JSONWebToken>;
+    algorithms: {
+        readonly HS256: {
+            readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly HS384: {
+            readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly HS512: {
+            readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly RS256: {
+            readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly RS384: {
+            readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly RS512: {
+            readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly ES256: {
+            readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly ES384: {
+            readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly ES512: {
+            readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly ES256K: {
+            readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly PS256: {
+            readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly PS384: {
+            readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly PS512: {
+            readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+        readonly EdDSA: {
+            readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
+            readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
+        };
+    };
+};

package/dist/promises.cjs.js CHANGED Viewed

@@ -1,2 +1,2 @@
-"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const e=require("./index.cjs.js"),s=r=>Promise.resolve().then(()=>e.decode(r)),n=(r,o,t={})=>Promise.resolve().then(()=>e.sign(r,o,t)),g=(r,o,t={})=>Promise.resolve().then(()=>{const i=e.verify(r,o,t);if(!i.valid)throw i.error;const{header:l,payload:d,signature:c}=i;return{header:l,payload:d,signature:c}}),u={sign:n,verify:g,decode:s,algorithms:e.SignatureAlgorithm};exports.SignatureAlgorithm=e.SignatureAlgorithm;exports.SupportedAlgorithms=e.SupportedAlgorithms;exports.JWT=u;exports.decode=s;exports.sign=n;exports.verify=g;
+"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const o=require("./index-CSRWSLal.cjs");require("crypto");const s=e=>Promise.resolve().then(()=>o.decode(e)),n=(e,t,r={})=>Promise.resolve().then(()=>o.sign(e,t,r)),c=(e,t,r={})=>Promise.resolve().then(()=>{const i=o.verify(e,t,r);if(!i.valid)throw i.error;const{header:p,payload:g,signature:a}=i;return{header:p,payload:g,signature:a}}),v={sign:n,verify:c,decode:s,algorithms:o.SignatureAlgorithm},m=e=>Promise.resolve().then(()=>o.exportJWK(e)),l=e=>Promise.resolve().then(()=>o.importJWK(e)),K=e=>Promise.resolve().then(()=>o.toPublicJWK(e)),u=(e,t="sha256")=>Promise.resolve().then(()=>o.getJWKThumbprint(e,t)),J=(e,t)=>Promise.resolve().then(()=>o.JWKSToKeyObject(e,t)),W=e=>Promise.resolve().then(()=>o.normalizeJWKS(e)),h=e=>Promise.resolve().then(()=>o.computeX5T(e)),P={export:m,import:l,toPublic:K,thumbprint:u,computeX5T:h},S={toKeyObject:J,normalize:W};exports.SignatureAlgorithm=o.SignatureAlgorithm;exports.SupportedAlgorithms=o.SupportedAlgorithms;exports.JWK=P;exports.JWKS=S;exports.JWKSToKeyObject=J;exports.JWT=v;exports.computeX5T=h;exports.decode=s;exports.exportJWK=m;exports.getJWKThumbprint=u;exports.importJWK=l;exports.normalizeJWKS=W;exports.sign=n;exports.toPublicJWK=K;exports.verify=c;
 //# sourceMappingURL=promises.cjs.js.map

package/dist/promises.cjs.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"promises.cjs.js","sources":["../src/promises.ts"],"sourcesContent":["import type { KeyLike } from 'crypto';\nimport {\n type JWT as JSONWebToken,\n decode as decodeSync,\n sign as signSync,\n verify as verifySync,\n JWTPayload,\n type SupportedAlgorithm,\n JWTHeader,\n SignatureAlgorithm\n} from '~~./index.js~~';\n\nexport { type SupportedAlgorithm, SupportedAlgorithms, SignatureAlgorithm, type JWTHeader, type JWTPayload } from './index~~.js~~';\n\n/*\n Decode a JWT string into its parts (without verification)\n /\nexport const decode = (token: string): Promise<JSONWebToken> =>\n Promise.resolve().then(() => decodeSync(token));\n\n/\n Sign a JWT\n /\nexport const sign = (\n payload: JWTPayload,\n secret: KeyLike,\n options: {\n alg?: SupportedAlgorithm;\n kid?: string;\n typ?: string;\n } = {}\n): Promise<string> =>\n Promise.resolve().then(() => signSync(payload, secret, options));\n\n/\n Verify and validate a JWT\n \n @throws { { reason: string; code: string } } if invalid\n */\nexport const verify = (\n token: string,\n secret: KeyLike,\n options: {\n algorithms?: SupportedAlgorithm[]; // Whitelist of allowed algorithms\n issuer?: string;\n subject?: string;\n audience?: string \| string[];\n jwtId?: string;\n ignoreExpiration?: boolean;\n clockSkew?: number; // in seconds, default 0\n maxTokenAge?: number; // Maximum age in seconds\n } = {}\n): Promise<{ header: JWTHeader; payload: JWTPayload; signature: string }> =>\n Promise.resolve().then(() => {\n const result = verifySync(token, secret, options);\n if (!result.valid) {\n throw result.error;\n }\n const { header, payload, signature } = result;\n return { header, payload, signature };\n });\n\nexport type JWT = JSONWebToken;\n\nexport const JWT = {\n sign,\n verify,\n decode,\n algorithms: SignatureAlgorithm\n};\n"],"names":["decode","token","decodeSync","sign","payload","secret","options","signSync","verify","result","verifySync","header","signature","JWT","SignatureAlgorithm"],"mappings":"~~kHAiBaA~~,EAAUC,GACnB,QAAQ,QAAA,EAAU,KAAK,IAAMC,EAAAA,OAAWD,CAAK,CAAC,~~EAKrCE~~,EAAO,CAChBC,EACAC,EACAC,EAII,CAAA,IAEJ,QAAQ,QAAA,EAAU,KAAK,IAAMC,EAAAA,KAASH,EAASC,EAAQC,CAAO,CAAC,~~EAOtDE~~,EAAS,CAClBP,EACAI,EACAC,EASI,CAAA,IAEJ,QAAQ,UAAU,KAAK,IAAM,CACzB,MAAMG,EAASC,EAAAA,OAAWT,EAAOI,EAAQC,CAAO,EAChD,GAAI,CAACG,EAAO,MACR,MAAMA,EAAO,MAEjB,KAAM,CAAE,OAAAE,EAAQ,QAAAP,EAAS,UAAAQ,CAAA,EAAcH,EACvC,MAAO,CAAE,OAAAE,EAAQ,QAAAP,EAAS,UAAAQ,CAAA,CAC9B,CAAC,~~EAIQC~~,EAAM,CACf,KAAAV,EACA,OAAAK,EACA,OAAAR,EACA,WAAYc,EAAAA,kBAChB"}
1	+ {"version":3,"file":"promises.cjs.js","sources":["../src/jwt/promises.ts","../src/jwks/promises.ts"],"sourcesContent":["import type { KeyLike } from 'crypto';\nimport {\n type JWT as JSONWebToken,\n decode as decodeSync,\n sign as signSync,\n verify as verifySync,\n JWTPayload,\n type SupportedAlgorithm,\n JWTHeader,\n SignatureAlgorithm\n} from '../';\n\nexport { type SupportedAlgorithm, SupportedAlgorithms, SignatureAlgorithm, type JWTHeader, type JWTPayload } from '../index';\n\n/*\n Decode a JWT string into its parts (without verification)\n * @param token\n /\nexport const decode = (token: string): Promise<JSONWebToken> =>\n Promise.resolve().then(() => decodeSync(token));\n\n/\n Sign a JWT\n * @param payload\n * @param secret\n * @param options\n /\nexport const sign = (\n payload: JWTPayload,\n secret: KeyLike,\n options: {\n alg?: SupportedAlgorithm;\n kid?: string;\n typ?: string;\n } = {}\n): Promise<string> =>\n Promise.resolve().then(() => signSync(payload, secret, options));\n\n/\n Verify and validate a JWT\n * @throws { { reason: string; code: string } } if invalid\n /\nexport const verify = (\n token: string,\n secret: KeyLike,\n options: {\n algorithms?: SupportedAlgorithm[]; // Whitelist of allowed algorithms\n issuer?: string;\n subject?: string;\n audience?: string \| string[];\n jwtId?: string;\n ignoreExpiration?: boolean;\n clockSkew?: number; // in seconds, default 0\n maxTokenAge?: number; // Maximum age in seconds\n } = {}\n): Promise<{ header: JWTHeader; payload: JWTPayload; signature: string }> =>\n Promise.resolve().then(() => {\n const result = verifySync(token, secret, options);\n if (!result.valid) {\n throw result.error;\n }\n const { header, payload, signature } = result;\n return { header, payload, signature };\n });\n\nexport type JWT = JSONWebToken;\n\n//namespace export\nexport const JWT = {\n sign,\n verify,\n decode,\n algorithms: SignatureAlgorithm\n};\n","import type {KeyObject} from 'crypto';\n\nimport {\n type JWK as JWKType,\n type JWKS as JSONWebKeySet,\n exportJWK as exportJWKSYNC,\n importJWK as importJWKSYNC,\n toPublicJWK as toPublicJWKSYNC,\n getJWKThumbprint as getJWKThumbprintSYNC,\n JWKSToKeyObject as JWKSToKeyObjectSYNC,\n normalizeJWKS as normalizeJWKSSYNC,\n computeX5T as computeX5TSYNC\n} from './';\n\n/\n Export a KeyObject to JWK\n * @param key\n /\nexport const exportJWK = (key: KeyObject): Promise<JWKType> =>\n Promise.resolve().then(() => exportJWKSYNC(key));\n\n/\n Import a JWK to KeyObject\n * @param jwk\n /\nexport const importJWK = (jwk: JWKType): Promise<KeyObject> =>\n Promise.resolve().then(() => importJWKSYNC(jwk));\n\n/\n Export public-only JWK\n * @param key\n /\nexport const toPublicJWK = (key: KeyObject): Promise<JWKType> =>\n Promise.resolve().then(() => toPublicJWKSYNC(key));\n\n/\n RFC 7638 JWK thumbprint\n * @param jwk\n * @param hashAlg\n /\nexport const getJWKThumbprint = (\n jwk: JWKType,\n hashAlg: 'sha256' = 'sha256'\n): Promise<string> =>\n Promise.resolve().then(() => getJWKThumbprintSYNC(jwk, hashAlg));\n\n/\n Resolve a KeyObject from a JWKS (kid-based)\n * @param jwks\n * @param kid\n * @constructor\n /\nexport const JWKSToKeyObject = (\n jwks: JSONWebKeySet,\n kid?: string\n): Promise<KeyObject> =>\n Promise.resolve().then(() => JWKSToKeyObjectSYNC(jwks, kid));\n\n/\n Normalize JWKS (auto-generate missing kid values)\n * @param jwks\n /\nexport const normalizeJWKS = (\n jwks: JSONWebKeySet\n): Promise<JSONWebKeySet> =>\n Promise.resolve().then(() => normalizeJWKSSYNC(jwks));\n\n/\n Compute x5t (SHA-1) from first cert in x5c if not set\n * @param jwk\n */\nexport const computeX5T = (jwk: JWKType) => Promise.resolve().then(() => computeX5TSYNC(jwk))\n\n//namespaced exports\nexport const JWK = {\n export: exportJWK,\n import: importJWK,\n toPublic: toPublicJWK,\n thumbprint: getJWKThumbprint,\n computeX5T: computeX5T,\n};\n\n//namespaced exports\nexport const JWKS = {\n toKeyObject: JWKSToKeyObject,\n normalize: normalizeJWKS,\n};\n"],"names":["decode","token","decodeSync","sign","payload","secret","options","signSync","verify","result","verifySync","header","signature","JWT","SignatureAlgorithm","exportJWK","key","exportJWKSYNC","importJWK","jwk","importJWKSYNC","toPublicJWK","toPublicJWKSYNC","getJWKThumbprint","hashAlg","getJWKThumbprintSYNC","JWKSToKeyObject","jwks","kid","JWKSToKeyObjectSYNC","normalizeJWKS","normalizeJWKSSYNC","computeX5T","computeX5TSYNC","JWK","JWKS"],"mappings":"0IAkBO,MAAMA,EAAUC,GACnB,QAAQ,QAAA,EAAU,KAAK,IAAMC,EAAAA,OAAWD,CAAK,CAAC,EAQrCE,EAAO,CAChBC,EACAC,EACAC,EAII,CAAA,IAEJ,QAAQ,QAAA,EAAU,KAAK,IAAMC,EAAAA,KAASH,EAASC,EAAQC,CAAO,CAAC,EAMtDE,EAAS,CAClBP,EACAI,EACAC,EASI,CAAA,IAEJ,QAAQ,UAAU,KAAK,IAAM,CACzB,MAAMG,EAASC,EAAAA,OAAWT,EAAOI,EAAQC,CAAO,EAChD,GAAI,CAACG,EAAO,MACR,MAAMA,EAAO,MAEjB,KAAM,CAAE,OAAAE,EAAQ,QAAAP,EAAS,UAAAQ,CAAA,EAAcH,EACvC,MAAO,CAAE,OAAAE,EAAQ,QAAAP,EAAS,UAAAQ,CAAA,CAC9B,CAAC,EAKQC,EAAM,CACf,KAAAV,EACA,OAAAK,EACA,OAAAR,EACA,WAAYc,EAAAA,kBAChB,ECvDaC,EAAaC,GACtB,QAAQ,QAAA,EAAU,KAAK,IAAMC,EAAAA,UAAcD,CAAG,CAAC,EAMtCE,EAAaC,GACtB,QAAQ,QAAA,EAAU,KAAK,IAAMC,EAAAA,UAAcD,CAAG,CAAC,EAMtCE,EAAeL,GACxB,QAAQ,QAAA,EAAU,KAAK,IAAMM,EAAAA,YAAgBN,CAAG,CAAC,EAOxCO,EAAmB,CAC5BJ,EACAK,EAAoB,WAEpB,QAAQ,QAAA,EAAU,KAAK,IAAMC,mBAAqBN,EAAKK,CAAO,CAAC,EAQtDE,EAAkB,CAC3BC,EACAC,IAEA,QAAQ,UAAU,KAAK,IAAMC,EAAAA,gBAAoBF,EAAMC,CAAG,CAAC,EAMlDE,EACTH,GAEA,QAAQ,QAAA,EAAU,KAAK,IAAMI,EAAAA,cAAkBJ,CAAI,CAAC,EAM3CK,EAAcb,GAAiB,QAAQ,QAAA,EAAU,KAAK,IAAMc,EAAAA,WAAed,CAAG,CAAC,EAG/Ee,EAAM,CACf,OAAQnB,EACR,OAAQG,EACR,SAAUG,EACV,WAAYE,EACZ,WAAAS,CACJ,EAGaG,EAAO,CAChB,YAAaT,EACb,UAAWI,CACf"}