@sourceregistry/node-jwt 1.3.0 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/jwks/index.d.ts +91 -0
  2. package/dist/jwks/promises.d.ts +51 -0
  3. package/dist/jwt/index.d.ts +249 -0
  4. package/dist/jwt/promises.d.ts +118 -0
  5. package/package.json +1 -1
package/dist/jwks/index.d.ts ADDED
@@ -0,0 +1,91 @@
1
+ import { KeyObject } from 'crypto';
2
+ export type JWK = RSAJWK | ECJWK | OKPJWK | OctJWK;
3
+ interface BaseJWK {
4
+ kty: string;
5
+ kid?: string;
6
+ alg?: string;
7
+ use?: 'sig' | 'enc';
8
+ key_ops?: Array<'sign' | 'verify'>;
9
+ x5c?: string[];
10
+ x5t?: string;
11
+ }
12
+ export interface RSAJWK extends BaseJWK {
13
+ kty: 'RSA';
14
+ n: string;
15
+ e: string;
16
+ d?: string;
17
+ p?: string;
18
+ q?: string;
19
+ dp?: string;
20
+ dq?: string;
21
+ qi?: string;
22
+ }
23
+ export interface ECJWK extends BaseJWK {
24
+ kty: 'EC';
25
+ crv: 'P-256' | 'P-384' | 'P-521' | 'secp256k1';
26
+ x: string;
27
+ y: string;
28
+ d?: string;
29
+ }
30
+ export interface OKPJWK extends BaseJWK {
31
+ kty: 'OKP';
32
+ crv: 'Ed25519';
33
+ x: string;
34
+ d?: string;
35
+ }
36
+ export interface OctJWK extends BaseJWK {
37
+ kty: 'oct';
38
+ k: string;
39
+ }
40
+ /**
41
+ * Export KeyObject to JWK
42
+ * @param key
43
+ */
44
+ export declare function exportJWK(key: KeyObject): JWK;
45
+ /**
46
+ * Import JWK to KeyObject
47
+ * @param jwk
48
+ */
49
+ export declare function importJWK(jwk: JWK): KeyObject;
50
+ /**
51
+ * Export public-only JWK
52
+ * @param key
53
+ */
54
+ export declare function toPublicJWK(key: KeyObject): JWK;
55
+ /**
56
+ * RFC 7638 JWK thumbprint
57
+ * @param jwk
58
+ * @param hashAlg
59
+ */
60
+ export declare function getJWKThumbprint(jwk: JWK, hashAlg?: 'sha256'): string;
61
+ /**
62
+ * Compute x5t (SHA-1) from first cert in x5c if not set
63
+ * @param jwk
64
+ */
65
+ export declare function computeX5T(jwk: JWK): string | undefined;
66
+ export declare const JWK: {
67
+ export: typeof exportJWK;
68
+ import: typeof importJWK;
69
+ toPublic: typeof toPublicJWK;
70
+ thumbprint: typeof getJWKThumbprint;
71
+ };
72
+ export interface JWKS {
73
+ keys: JWK[];
74
+ }
75
+ /**
76
+ * Convert JWKS specific key of first key to KeyObject
77
+ * @param jwks
78
+ * @param kid
79
+ * @constructor
80
+ */
81
+ export declare function JWKSToKeyObject(jwks: JWKS, kid?: string): KeyObject;
82
+ /**
83
+ * Normalize JWKS
84
+ * @param jwks
85
+ */
86
+ export declare function normalizeJWKS(jwks: JWKS): JWKS;
87
+ export declare const JWKS: {
88
+ toKeyObject: typeof JWKSToKeyObject;
89
+ normalize: typeof normalizeJWKS;
90
+ };
91
+ export {};
package/dist/jwks/promises.d.ts ADDED
@@ -0,0 +1,51 @@
1
+ import { KeyObject } from 'crypto';
2
+ import { JWK as JWKType, JWKS as JSONWebKeySet } from './';
3
+ /**
4
+ * Export a KeyObject to JWK
5
+ * @param key
6
+ */
7
+ export declare const exportJWK: (key: KeyObject) => Promise<JWKType>;
8
+ /**
9
+ * Import a JWK to KeyObject
10
+ * @param jwk
11
+ */
12
+ export declare const importJWK: (jwk: JWKType) => Promise<KeyObject>;
13
+ /**
14
+ * Export public-only JWK
15
+ * @param key
16
+ */
17
+ export declare const toPublicJWK: (key: KeyObject) => Promise<JWKType>;
18
+ /**
19
+ * RFC 7638 JWK thumbprint
20
+ * @param jwk
21
+ * @param hashAlg
22
+ */
23
+ export declare const getJWKThumbprint: (jwk: JWKType, hashAlg?: "sha256") => Promise<string>;
24
+ /**
25
+ * Resolve a KeyObject from a JWKS (kid-based)
26
+ * @param jwks
27
+ * @param kid
28
+ * @constructor
29
+ */
30
+ export declare const JWKSToKeyObject: (jwks: JSONWebKeySet, kid?: string) => Promise<KeyObject>;
31
+ /**
32
+ * Normalize JWKS (auto-generate missing kid values)
33
+ * @param jwks
34
+ */
35
+ export declare const normalizeJWKS: (jwks: JSONWebKeySet) => Promise<JSONWebKeySet>;
36
+ /**
37
+ * Compute x5t (SHA-1) from first cert in x5c if not set
38
+ * @param jwk
39
+ */
40
+ export declare const computeX5T: (jwk: JWKType) => Promise<string | undefined>;
41
+ export declare const JWK: {
42
+ export: (key: KeyObject) => Promise<JWKType>;
43
+ import: (jwk: JWKType) => Promise<KeyObject>;
44
+ toPublic: (key: KeyObject) => Promise<JWKType>;
45
+ thumbprint: (jwk: JWKType, hashAlg?: "sha256") => Promise<string>;
46
+ computeX5T: (jwk: JWKType) => Promise<string | undefined>;
47
+ };
48
+ export declare const JWKS: {
49
+ toKeyObject: (jwks: JSONWebKeySet, kid?: string) => Promise<KeyObject>;
50
+ normalize: (jwks: JSONWebKeySet) => Promise<JSONWebKeySet>;
51
+ };
package/dist/jwt/index.d.ts ADDED
@@ -0,0 +1,249 @@
1
+ import { BinaryLike, KeyLike, KeyObject } from 'crypto';
2
+ export declare const base64Url: {
3
+ encode: (input: string | Buffer) => string;
4
+ decode: (input: string) => string;
5
+ };
6
+ export interface JWTPayload {
7
+ /**
8
+ * Issuer
9
+ */
10
+ iss?: string;
11
+ /**
12
+ * Subject
13
+ */
14
+ sub?: string;
15
+ /**
16
+ * Audience
17
+ */
18
+ aud?: string | string[];
19
+ /**
20
+ * Expiration Time (as UNIX timestamp)
21
+ */
22
+ exp?: number;
23
+ /**
24
+ * Not Before (as UNIX timestamp)
25
+ */
26
+ nbf?: number;
27
+ /**
28
+ * Issued At (as UNIX timestamp)
29
+ */
30
+ iat?: number;
31
+ /**
32
+ * JWT ID
33
+ */
34
+ jti?: string;
35
+ /**
36
+ * Session ID
37
+ */
38
+ sid?: string;
39
+ /**
40
+ * Custom claims
41
+ */
42
+ [key: string]: unknown;
43
+ }
44
+ export interface JWTHeader {
45
+ alg: string;
46
+ typ?: string;
47
+ kid?: string;
48
+ }
49
+ export interface JWT {
50
+ header: JWTHeader;
51
+ payload: JWTPayload;
52
+ signature: string;
53
+ }
54
+ export declare const SignatureAlgorithm: {
55
+ readonly HS256: {
56
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
57
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
58
+ };
59
+ readonly HS384: {
60
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
61
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
62
+ };
63
+ readonly HS512: {
64
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
65
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
66
+ };
67
+ readonly RS256: {
68
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
69
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
70
+ };
71
+ readonly RS384: {
72
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
73
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
74
+ };
75
+ readonly RS512: {
76
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
77
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
78
+ };
79
+ readonly ES256: {
80
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
81
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
82
+ };
83
+ readonly ES384: {
84
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
85
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
86
+ };
87
+ readonly ES512: {
88
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
89
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
90
+ };
91
+ readonly ES256K: {
92
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
93
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
94
+ };
95
+ readonly PS256: {
96
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
97
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
98
+ };
99
+ readonly PS384: {
100
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
101
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
102
+ };
103
+ readonly PS512: {
104
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
105
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
106
+ };
107
+ readonly EdDSA: {
108
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
109
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
110
+ };
111
+ };
112
+ export type SupportedAlgorithm = keyof typeof SignatureAlgorithm;
113
+ export declare const SupportedAlgorithms: Array<SupportedAlgorithm>;
114
+ /**
115
+ * Autodetection of algorithm for KeyObjects
116
+ * @param key
117
+ * @constructor
118
+ */
119
+ export declare function AutodetectAlgorithm(key: KeyObject): SupportedAlgorithm;
120
+ /**
121
+ * Decode a JWT string into its parts (without verification)
122
+ * @param token
123
+ */
124
+ export declare const decode: (token: string) => JWT;
125
+ /**
126
+ * Sign a JWT
127
+ * @param payload
128
+ * @param secret
129
+ * @param options
130
+ */
131
+ export declare const sign: (payload: JWTPayload, secret: KeyLike, options?: {
132
+ alg?: SupportedAlgorithm;
133
+ kid?: string;
134
+ typ?: string;
135
+ }) => string;
136
+ /**
137
+ * Verify and validate a JWT
138
+ * @param token
139
+ * @param secret
140
+ * @param options
141
+ */
142
+ export declare const verify: (token: string, secret: KeyLike, options?: {
143
+ algorithms?: SupportedAlgorithm[];
144
+ issuer?: string;
145
+ subject?: string;
146
+ audience?: string | string[];
147
+ jwtId?: string;
148
+ ignoreExpiration?: boolean;
149
+ clockSkew?: number;
150
+ maxTokenAge?: number;
151
+ }) => {
152
+ valid: true;
153
+ header: JWTHeader;
154
+ payload: JWTPayload;
155
+ signature: string;
156
+ } | {
157
+ valid: false;
158
+ error: {
159
+ reason: string;
160
+ code: string;
161
+ };
162
+ };
163
+ export declare const JWT: {
164
+ sign: (payload: JWTPayload, secret: KeyLike, options?: {
165
+ alg?: SupportedAlgorithm;
166
+ kid?: string;
167
+ typ?: string;
168
+ }) => string;
169
+ verify: (token: string, secret: KeyLike, options?: {
170
+ algorithms?: SupportedAlgorithm[];
171
+ issuer?: string;
172
+ subject?: string;
173
+ audience?: string | string[];
174
+ jwtId?: string;
175
+ ignoreExpiration?: boolean;
176
+ clockSkew?: number;
177
+ maxTokenAge?: number;
178
+ }) => {
179
+ valid: true;
180
+ header: JWTHeader;
181
+ payload: JWTPayload;
182
+ signature: string;
183
+ } | {
184
+ valid: false;
185
+ error: {
186
+ reason: string;
187
+ code: string;
188
+ };
189
+ };
190
+ decode: (token: string) => JWT;
191
+ algorithms: {
192
+ readonly HS256: {
193
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
194
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
195
+ };
196
+ readonly HS384: {
197
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
198
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
199
+ };
200
+ readonly HS512: {
201
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
202
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
203
+ };
204
+ readonly RS256: {
205
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
206
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
207
+ };
208
+ readonly RS384: {
209
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
210
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
211
+ };
212
+ readonly RS512: {
213
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
214
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
215
+ };
216
+ readonly ES256: {
217
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
218
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
219
+ };
220
+ readonly ES384: {
221
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
222
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
223
+ };
224
+ readonly ES512: {
225
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
226
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
227
+ };
228
+ readonly ES256K: {
229
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
230
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
231
+ };
232
+ readonly PS256: {
233
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
234
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
235
+ };
236
+ readonly PS384: {
237
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
238
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
239
+ };
240
+ readonly PS512: {
241
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
242
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
243
+ };
244
+ readonly EdDSA: {
245
+ readonly sign: (data: BinaryLike, secret: KeyLike) => string;
246
+ readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
247
+ };
248
+ };
249
+ };
package/dist/jwt/promises.d.ts ADDED
@@ -0,0 +1,118 @@
1
+ import { KeyLike } from 'crypto';
2
+ import { JWT as JSONWebToken, JWTPayload, SupportedAlgorithm, JWTHeader } from '../';
3
+ export { type SupportedAlgorithm, SupportedAlgorithms, SignatureAlgorithm, type JWTHeader, type JWTPayload } from '../index';
4
+ /**
5
+ * Decode a JWT string into its parts (without verification)
6
+ * @param token
7
+ */
8
+ export declare const decode: (token: string) => Promise<JSONWebToken>;
9
+ /**
10
+ * Sign a JWT
11
+ * @param payload
12
+ * @param secret
13
+ * @param options
14
+ */
15
+ export declare const sign: (payload: JWTPayload, secret: KeyLike, options?: {
16
+ alg?: SupportedAlgorithm;
17
+ kid?: string;
18
+ typ?: string;
19
+ }) => Promise<string>;
20
+ /**
21
+ * Verify and validate a JWT
22
+ * @throws { { reason: string; code: string } } if invalid
23
+ */
24
+ export declare const verify: (token: string, secret: KeyLike, options?: {
25
+ algorithms?: SupportedAlgorithm[];
26
+ issuer?: string;
27
+ subject?: string;
28
+ audience?: string | string[];
29
+ jwtId?: string;
30
+ ignoreExpiration?: boolean;
31
+ clockSkew?: number;
32
+ maxTokenAge?: number;
33
+ }) => Promise<{
34
+ header: JWTHeader;
35
+ payload: JWTPayload;
36
+ signature: string;
37
+ }>;
38
+ export type JWT = JSONWebToken;
39
+ export declare const JWT: {
40
+ sign: (payload: JWTPayload, secret: KeyLike, options?: {
41
+ alg?: SupportedAlgorithm;
42
+ kid?: string;
43
+ typ?: string;
44
+ }) => Promise<string>;
45
+ verify: (token: string, secret: KeyLike, options?: {
46
+ algorithms?: SupportedAlgorithm[];
47
+ issuer?: string;
48
+ subject?: string;
49
+ audience?: string | string[];
50
+ jwtId?: string;
51
+ ignoreExpiration?: boolean;
52
+ clockSkew?: number;
53
+ maxTokenAge?: number;
54
+ }) => Promise<{
55
+ header: JWTHeader;
56
+ payload: JWTPayload;
57
+ signature: string;
58
+ }>;
59
+ decode: (token: string) => Promise<JSONWebToken>;
60
+ algorithms: {
61
+ readonly HS256: {
62
+ readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
63
+ readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
64
+ };
65
+ readonly HS384: {
66
+ readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
67
+ readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
68
+ };
69
+ readonly HS512: {
70
+ readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
71
+ readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
72
+ };
73
+ readonly RS256: {
74
+ readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
75
+ readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
76
+ };
77
+ readonly RS384: {
78
+ readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
79
+ readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
80
+ };
81
+ readonly RS512: {
82
+ readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
83
+ readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
84
+ };
85
+ readonly ES256: {
86
+ readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
87
+ readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
88
+ };
89
+ readonly ES384: {
90
+ readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
91
+ readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
92
+ };
93
+ readonly ES512: {
94
+ readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
95
+ readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
96
+ };
97
+ readonly ES256K: {
98
+ readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
99
+ readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
100
+ };
101
+ readonly PS256: {
102
+ readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
103
+ readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
104
+ };
105
+ readonly PS384: {
106
+ readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
107
+ readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
108
+ };
109
+ readonly PS512: {
110
+ readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
111
+ readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
112
+ };
113
+ readonly EdDSA: {
114
+ readonly sign: (data: import('crypto').BinaryLike, secret: KeyLike) => string;
115
+ readonly verify: (data: import('crypto').BinaryLike, secret: KeyLike, signature: string) => boolean;
116
+ };
117
+ };
118
+ };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sourceregistry/node-jwt",
3
- "version": "1.3.0",
3
+ "version": "1.3.1",
4
4
  "description": "A lightweight, zero-dependency TypeScript library for creating, verifying and decoding JSON Web Tokens (JWT).",
5
5
  "main": "./dist/index.cjs.js",
6
6
  "module": "./dist/index.es.js",