@sourceregistry/node-jwt 1.3.0 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/index-BmAAEOLC.js +595 -0
- package/dist/index-BmAAEOLC.js.map +1 -0
- package/dist/index-eYY-I3Pd.cjs +2 -0
- package/dist/index-eYY-I3Pd.cjs.map +1 -0
- package/dist/index.cjs.js +1 -1
- package/dist/index.es.js +1 -1
- package/dist/jwks/index.d.ts +91 -0
- package/dist/jwks/promises.d.ts +51 -0
- package/dist/jwt/index.d.ts +259 -0
- package/dist/jwt/promises.d.ts +104 -0
- package/dist/promises.cjs.js +1 -1
- package/dist/promises.cjs.js.map +1 -1
- package/dist/promises.es.js +37 -37
- package/dist/promises.es.js.map +1 -1
- package/package.json +1 -1
- package/dist/index-CSRWSLal.cjs +0 -2
- package/dist/index-CSRWSLal.cjs.map +0 -1
- package/dist/index-DyXdSqEc.js +0 -515
- package/dist/index-DyXdSqEc.js.map +0 -1
|
@@ -0,0 +1,259 @@
|
|
|
1
|
+
import { BinaryLike, KeyLike, KeyObject } from 'crypto';
|
|
2
|
+
export declare const base64Url: {
|
|
3
|
+
encode: (input: string | Buffer) => string;
|
|
4
|
+
decode: (input: string) => string;
|
|
5
|
+
};
|
|
6
|
+
export interface JWTPayload {
|
|
7
|
+
/**
|
|
8
|
+
* Issuer
|
|
9
|
+
*/
|
|
10
|
+
iss?: string;
|
|
11
|
+
/**
|
|
12
|
+
* Subject
|
|
13
|
+
*/
|
|
14
|
+
sub?: string;
|
|
15
|
+
/**
|
|
16
|
+
* Audience
|
|
17
|
+
*/
|
|
18
|
+
aud?: string | string[];
|
|
19
|
+
/**
|
|
20
|
+
* Expiration Time (as UNIX timestamp)
|
|
21
|
+
*/
|
|
22
|
+
exp?: number;
|
|
23
|
+
/**
|
|
24
|
+
* Not Before (as UNIX timestamp)
|
|
25
|
+
*/
|
|
26
|
+
nbf?: number;
|
|
27
|
+
/**
|
|
28
|
+
* Issued At (as UNIX timestamp)
|
|
29
|
+
*/
|
|
30
|
+
iat?: number;
|
|
31
|
+
/**
|
|
32
|
+
* JWT ID
|
|
33
|
+
*/
|
|
34
|
+
jti?: string;
|
|
35
|
+
/**
|
|
36
|
+
* Session ID
|
|
37
|
+
*/
|
|
38
|
+
sid?: string;
|
|
39
|
+
/**
|
|
40
|
+
* Custom claims
|
|
41
|
+
*/
|
|
42
|
+
[key: string]: unknown;
|
|
43
|
+
}
|
|
44
|
+
export interface JWTHeader {
|
|
45
|
+
alg: string;
|
|
46
|
+
typ?: string;
|
|
47
|
+
kid?: string;
|
|
48
|
+
}
|
|
49
|
+
export interface JWT {
|
|
50
|
+
header: JWTHeader;
|
|
51
|
+
payload: JWTPayload;
|
|
52
|
+
signature: string;
|
|
53
|
+
}
|
|
54
|
+
export declare const SignatureAlgorithm: {
|
|
55
|
+
readonly HS256: {
|
|
56
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
57
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
58
|
+
};
|
|
59
|
+
readonly HS384: {
|
|
60
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
61
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
62
|
+
};
|
|
63
|
+
readonly HS512: {
|
|
64
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
65
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
66
|
+
};
|
|
67
|
+
readonly RS256: {
|
|
68
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
69
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
70
|
+
};
|
|
71
|
+
readonly RS384: {
|
|
72
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
73
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
74
|
+
};
|
|
75
|
+
readonly RS512: {
|
|
76
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
77
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
78
|
+
};
|
|
79
|
+
readonly ES256: {
|
|
80
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
81
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
82
|
+
};
|
|
83
|
+
readonly ES384: {
|
|
84
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
85
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
86
|
+
};
|
|
87
|
+
readonly ES512: {
|
|
88
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
89
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
90
|
+
};
|
|
91
|
+
readonly ES256K: {
|
|
92
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
93
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
94
|
+
};
|
|
95
|
+
readonly PS256: {
|
|
96
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
97
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
98
|
+
};
|
|
99
|
+
readonly PS384: {
|
|
100
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
101
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
102
|
+
};
|
|
103
|
+
readonly PS512: {
|
|
104
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
105
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
106
|
+
};
|
|
107
|
+
readonly EdDSA: {
|
|
108
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
109
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
110
|
+
};
|
|
111
|
+
};
|
|
112
|
+
export type SupportedAlgorithm = keyof typeof SignatureAlgorithm;
|
|
113
|
+
export declare const SupportedAlgorithms: Array<SupportedAlgorithm>;
|
|
114
|
+
/**
|
|
115
|
+
* Autodetection of algorithm for KeyObjects
|
|
116
|
+
* @param key
|
|
117
|
+
* @constructor
|
|
118
|
+
*/
|
|
119
|
+
export declare function AutodetectAlgorithm(key: KeyObject): SupportedAlgorithm;
|
|
120
|
+
/**
|
|
121
|
+
* Decode a JWT string into its parts (without verification)
|
|
122
|
+
* @param token
|
|
123
|
+
*/
|
|
124
|
+
export declare const decode: (token: string) => JWT;
|
|
125
|
+
/**
|
|
126
|
+
* Sign a JWT
|
|
127
|
+
* @param payload
|
|
128
|
+
* @param secret
|
|
129
|
+
* @param options
|
|
130
|
+
*/
|
|
131
|
+
export declare const sign: (payload: JWTPayload, secret: KeyLike, options?: {
|
|
132
|
+
alg?: SupportedAlgorithm;
|
|
133
|
+
kid?: string;
|
|
134
|
+
typ?: string;
|
|
135
|
+
/**
|
|
136
|
+
* default 'der'
|
|
137
|
+
*/
|
|
138
|
+
signatureFormat?: "der" | "jose";
|
|
139
|
+
}) => string;
|
|
140
|
+
/**
|
|
141
|
+
* Verify and validate a JWT
|
|
142
|
+
* @param token
|
|
143
|
+
* @param secret
|
|
144
|
+
* @param options
|
|
145
|
+
*/
|
|
146
|
+
export declare const verify: (token: string, secret: KeyLike, options?: {
|
|
147
|
+
algorithms?: SupportedAlgorithm[];
|
|
148
|
+
issuer?: string;
|
|
149
|
+
subject?: string;
|
|
150
|
+
audience?: string | string[];
|
|
151
|
+
jwtId?: string;
|
|
152
|
+
ignoreExpiration?: boolean;
|
|
153
|
+
clockSkew?: number;
|
|
154
|
+
maxTokenAge?: number;
|
|
155
|
+
signatureFormat?: "der" | "jose";
|
|
156
|
+
}) => {
|
|
157
|
+
valid: true;
|
|
158
|
+
header: JWTHeader;
|
|
159
|
+
payload: JWTPayload;
|
|
160
|
+
signature: string;
|
|
161
|
+
} | {
|
|
162
|
+
valid: false;
|
|
163
|
+
error: {
|
|
164
|
+
reason: string;
|
|
165
|
+
code: string;
|
|
166
|
+
};
|
|
167
|
+
};
|
|
168
|
+
export declare const JWT: {
|
|
169
|
+
sign: (payload: JWTPayload, secret: KeyLike, options?: {
|
|
170
|
+
alg?: SupportedAlgorithm;
|
|
171
|
+
kid?: string;
|
|
172
|
+
typ?: string;
|
|
173
|
+
/**
|
|
174
|
+
* default 'der'
|
|
175
|
+
*/
|
|
176
|
+
signatureFormat?: "der" | "jose";
|
|
177
|
+
}) => string;
|
|
178
|
+
verify: (token: string, secret: KeyLike, options?: {
|
|
179
|
+
algorithms?: SupportedAlgorithm[];
|
|
180
|
+
issuer?: string;
|
|
181
|
+
subject?: string;
|
|
182
|
+
audience?: string | string[];
|
|
183
|
+
jwtId?: string;
|
|
184
|
+
ignoreExpiration?: boolean;
|
|
185
|
+
clockSkew?: number;
|
|
186
|
+
maxTokenAge?: number;
|
|
187
|
+
signatureFormat?: "der" | "jose";
|
|
188
|
+
}) => {
|
|
189
|
+
valid: true;
|
|
190
|
+
header: JWTHeader;
|
|
191
|
+
payload: JWTPayload;
|
|
192
|
+
signature: string;
|
|
193
|
+
} | {
|
|
194
|
+
valid: false;
|
|
195
|
+
error: {
|
|
196
|
+
reason: string;
|
|
197
|
+
code: string;
|
|
198
|
+
};
|
|
199
|
+
};
|
|
200
|
+
decode: (token: string) => JWT;
|
|
201
|
+
algorithms: {
|
|
202
|
+
readonly HS256: {
|
|
203
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
204
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
205
|
+
};
|
|
206
|
+
readonly HS384: {
|
|
207
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
208
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
209
|
+
};
|
|
210
|
+
readonly HS512: {
|
|
211
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
212
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
213
|
+
};
|
|
214
|
+
readonly RS256: {
|
|
215
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
216
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
217
|
+
};
|
|
218
|
+
readonly RS384: {
|
|
219
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
220
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
221
|
+
};
|
|
222
|
+
readonly RS512: {
|
|
223
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
224
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
225
|
+
};
|
|
226
|
+
readonly ES256: {
|
|
227
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
228
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
229
|
+
};
|
|
230
|
+
readonly ES384: {
|
|
231
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
232
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
233
|
+
};
|
|
234
|
+
readonly ES512: {
|
|
235
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
236
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
237
|
+
};
|
|
238
|
+
readonly ES256K: {
|
|
239
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
240
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
241
|
+
};
|
|
242
|
+
readonly PS256: {
|
|
243
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
244
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
245
|
+
};
|
|
246
|
+
readonly PS384: {
|
|
247
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
248
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
249
|
+
};
|
|
250
|
+
readonly PS512: {
|
|
251
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
252
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
253
|
+
};
|
|
254
|
+
readonly EdDSA: {
|
|
255
|
+
readonly sign: (data: BinaryLike, secret: KeyLike) => string;
|
|
256
|
+
readonly verify: (data: BinaryLike, secret: KeyLike, signature: string) => boolean;
|
|
257
|
+
};
|
|
258
|
+
};
|
|
259
|
+
};
|
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
import { JWT as JSONWebToken, sign as signSync, verify as verifySync, JWTPayload, SupportedAlgorithm, JWTHeader } from '../';
|
|
2
|
+
export { type SupportedAlgorithm, SupportedAlgorithms, SignatureAlgorithm, type JWTHeader, type JWTPayload } from '../index';
|
|
3
|
+
/**
|
|
4
|
+
* Decode a JWT string into its parts (without verification)
|
|
5
|
+
* @param token
|
|
6
|
+
*/
|
|
7
|
+
export declare const decode: (token: string) => Promise<JSONWebToken>;
|
|
8
|
+
/**
|
|
9
|
+
* Sign a JWT
|
|
10
|
+
* @see(synchronous parameters)
|
|
11
|
+
*/
|
|
12
|
+
export declare const sign: (...args: Parameters<typeof signSync>) => Promise<string>;
|
|
13
|
+
/**
|
|
14
|
+
* Verify and validate a JWT
|
|
15
|
+
* @throws { { reason: string; code: string } } if invalid
|
|
16
|
+
*/
|
|
17
|
+
export declare const verify: (...args: Parameters<typeof verifySync>) => Promise<{
|
|
18
|
+
header: JWTHeader;
|
|
19
|
+
payload: JWTPayload;
|
|
20
|
+
signature: string;
|
|
21
|
+
}>;
|
|
22
|
+
export type JWT = JSONWebToken;
|
|
23
|
+
export declare const JWT: {
|
|
24
|
+
sign: (payload: JWTPayload, secret: import('crypto').KeyLike, options?: {
|
|
25
|
+
alg?: SupportedAlgorithm;
|
|
26
|
+
kid?: string;
|
|
27
|
+
typ?: string;
|
|
28
|
+
signatureFormat?: "der" | "jose";
|
|
29
|
+
} | undefined) => Promise<string>;
|
|
30
|
+
verify: (token: string, secret: import('crypto').KeyLike, options?: {
|
|
31
|
+
algorithms?: SupportedAlgorithm[];
|
|
32
|
+
issuer?: string;
|
|
33
|
+
subject?: string;
|
|
34
|
+
audience?: string | string[];
|
|
35
|
+
jwtId?: string;
|
|
36
|
+
ignoreExpiration?: boolean;
|
|
37
|
+
clockSkew?: number;
|
|
38
|
+
maxTokenAge?: number;
|
|
39
|
+
signatureFormat?: "der" | "jose";
|
|
40
|
+
} | undefined) => Promise<{
|
|
41
|
+
header: JWTHeader;
|
|
42
|
+
payload: JWTPayload;
|
|
43
|
+
signature: string;
|
|
44
|
+
}>;
|
|
45
|
+
decode: (token: string) => Promise<JSONWebToken>;
|
|
46
|
+
algorithms: {
|
|
47
|
+
readonly HS256: {
|
|
48
|
+
readonly sign: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike) => string;
|
|
49
|
+
readonly verify: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike, signature: string) => boolean;
|
|
50
|
+
};
|
|
51
|
+
readonly HS384: {
|
|
52
|
+
readonly sign: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike) => string;
|
|
53
|
+
readonly verify: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike, signature: string) => boolean;
|
|
54
|
+
};
|
|
55
|
+
readonly HS512: {
|
|
56
|
+
readonly sign: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike) => string;
|
|
57
|
+
readonly verify: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike, signature: string) => boolean;
|
|
58
|
+
};
|
|
59
|
+
readonly RS256: {
|
|
60
|
+
readonly sign: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike) => string;
|
|
61
|
+
readonly verify: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike, signature: string) => boolean;
|
|
62
|
+
};
|
|
63
|
+
readonly RS384: {
|
|
64
|
+
readonly sign: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike) => string;
|
|
65
|
+
readonly verify: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike, signature: string) => boolean;
|
|
66
|
+
};
|
|
67
|
+
readonly RS512: {
|
|
68
|
+
readonly sign: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike) => string;
|
|
69
|
+
readonly verify: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike, signature: string) => boolean;
|
|
70
|
+
};
|
|
71
|
+
readonly ES256: {
|
|
72
|
+
readonly sign: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike) => string;
|
|
73
|
+
readonly verify: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike, signature: string) => boolean;
|
|
74
|
+
};
|
|
75
|
+
readonly ES384: {
|
|
76
|
+
readonly sign: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike) => string;
|
|
77
|
+
readonly verify: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike, signature: string) => boolean;
|
|
78
|
+
};
|
|
79
|
+
readonly ES512: {
|
|
80
|
+
readonly sign: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike) => string;
|
|
81
|
+
readonly verify: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike, signature: string) => boolean;
|
|
82
|
+
};
|
|
83
|
+
readonly ES256K: {
|
|
84
|
+
readonly sign: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike) => string;
|
|
85
|
+
readonly verify: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike, signature: string) => boolean;
|
|
86
|
+
};
|
|
87
|
+
readonly PS256: {
|
|
88
|
+
readonly sign: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike) => string;
|
|
89
|
+
readonly verify: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike, signature: string) => boolean;
|
|
90
|
+
};
|
|
91
|
+
readonly PS384: {
|
|
92
|
+
readonly sign: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike) => string;
|
|
93
|
+
readonly verify: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike, signature: string) => boolean;
|
|
94
|
+
};
|
|
95
|
+
readonly PS512: {
|
|
96
|
+
readonly sign: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike) => string;
|
|
97
|
+
readonly verify: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike, signature: string) => boolean;
|
|
98
|
+
};
|
|
99
|
+
readonly EdDSA: {
|
|
100
|
+
readonly sign: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike) => string;
|
|
101
|
+
readonly verify: (data: import('crypto').BinaryLike, secret: import('crypto').KeyLike, signature: string) => boolean;
|
|
102
|
+
};
|
|
103
|
+
};
|
|
104
|
+
};
|
package/dist/promises.cjs.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const o=require("./index-
|
|
1
|
+
"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const o=require("./index-eYY-I3Pd.cjs");require("crypto");const r=e=>Promise.resolve().then(()=>o.decode(e)),i=(...e)=>Promise.resolve().then(()=>o.sign(...e)),s=(...e)=>Promise.resolve().then(()=>{const t=o.verify(...e);if(!t.valid)throw t.error;const{header:W,payload:h,signature:p}=t;return{header:W,payload:h,signature:p}}),g={sign:i,verify:s,decode:r,algorithms:o.SignatureAlgorithm},n=e=>Promise.resolve().then(()=>o.exportJWK(e)),c=e=>Promise.resolve().then(()=>o.importJWK(e)),m=e=>Promise.resolve().then(()=>o.toPublicJWK(e)),l=(e,t="sha256")=>Promise.resolve().then(()=>o.getJWKThumbprint(e,t)),K=(e,t)=>Promise.resolve().then(()=>o.JWKSToKeyObject(e,t)),u=e=>Promise.resolve().then(()=>o.normalizeJWKS(e)),J=e=>Promise.resolve().then(()=>o.computeX5T(e)),a={export:n,import:c,toPublic:m,thumbprint:l,computeX5T:J},v={toKeyObject:K,normalize:u};exports.SignatureAlgorithm=o.SignatureAlgorithm;exports.SupportedAlgorithms=o.SupportedAlgorithms;exports.JWK=a;exports.JWKS=v;exports.JWKSToKeyObject=K;exports.JWT=g;exports.computeX5T=J;exports.decode=r;exports.exportJWK=n;exports.getJWKThumbprint=l;exports.importJWK=c;exports.normalizeJWKS=u;exports.sign=i;exports.toPublicJWK=m;exports.verify=s;
|
|
2
2
|
//# sourceMappingURL=promises.cjs.js.map
|
package/dist/promises.cjs.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"promises.cjs.js","sources":["../src/jwt/promises.ts","../src/jwks/promises.ts"],"sourcesContent":["import
|
|
1
|
+
{"version":3,"file":"promises.cjs.js","sources":["../src/jwt/promises.ts","../src/jwks/promises.ts"],"sourcesContent":["import {\n type JWT as JSONWebToken,\n decode as decodeSync,\n sign as signSync,\n verify as verifySync,\n JWTPayload,\n type SupportedAlgorithm,\n JWTHeader,\n SignatureAlgorithm\n} from '../';\n\nexport {\n type SupportedAlgorithm, SupportedAlgorithms, SignatureAlgorithm, type JWTHeader, type JWTPayload\n} from '../index';\n\n/**\n * Decode a JWT string into its parts (without verification)\n * @param token\n */\nexport const decode = (token: string): Promise<JSONWebToken> =>\n Promise.resolve().then(() => decodeSync(token));\n\n/**\n * Sign a JWT\n * @see(synchronous parameters)\n */\nexport const sign = (...args: Parameters<typeof signSync>): Promise<string> =>\n Promise.resolve().then(() => signSync(...args));\n\n/**\n * Verify and validate a JWT\n * @throws { { reason: string; code: string } } if invalid\n */\nexport const verify = (...args: Parameters<typeof verifySync>): Promise<{\n header: JWTHeader;\n payload: JWTPayload;\n signature: string\n}> =>\n Promise.resolve().then(() => {\n const result = verifySync(...args);\n if (!result.valid) {\n throw result.error;\n }\n const {header, payload, signature} = result;\n return {header, payload, signature};\n });\n\nexport type JWT = JSONWebToken;\n\n//namespace export\nexport const JWT = {\n sign,\n verify,\n decode,\n algorithms: SignatureAlgorithm\n};\n","import type {KeyObject} from 'crypto';\n\nimport {\n type JWK as JWKType,\n type JWKS as JSONWebKeySet,\n exportJWK as exportJWKSYNC,\n importJWK as importJWKSYNC,\n toPublicJWK as toPublicJWKSYNC,\n getJWKThumbprint as getJWKThumbprintSYNC,\n JWKSToKeyObject as JWKSToKeyObjectSYNC,\n normalizeJWKS as normalizeJWKSSYNC,\n computeX5T as computeX5TSYNC\n} from './';\n\n/**\n * Export a KeyObject to JWK\n * @param key\n */\nexport const exportJWK = (key: KeyObject): Promise<JWKType> =>\n Promise.resolve().then(() => exportJWKSYNC(key));\n\n/**\n * Import a JWK to KeyObject\n * @param jwk\n */\nexport const importJWK = (jwk: JWKType): Promise<KeyObject> =>\n Promise.resolve().then(() => importJWKSYNC(jwk));\n\n/**\n * Export public-only JWK\n * @param key\n */\nexport const toPublicJWK = (key: KeyObject): Promise<JWKType> =>\n Promise.resolve().then(() => toPublicJWKSYNC(key));\n\n/**\n * RFC 7638 JWK thumbprint\n * @param jwk\n * @param hashAlg\n */\nexport const getJWKThumbprint = (\n jwk: JWKType,\n hashAlg: 'sha256' = 'sha256'\n): Promise<string> =>\n Promise.resolve().then(() => getJWKThumbprintSYNC(jwk, hashAlg));\n\n/**\n * Resolve a KeyObject from a JWKS (kid-based)\n * @param jwks\n * @param kid\n * @constructor\n */\nexport const JWKSToKeyObject = (\n jwks: JSONWebKeySet,\n kid?: string\n): Promise<KeyObject> =>\n Promise.resolve().then(() => JWKSToKeyObjectSYNC(jwks, kid));\n\n/**\n * Normalize JWKS (auto-generate missing kid values)\n * @param jwks\n */\nexport const normalizeJWKS = (\n jwks: JSONWebKeySet\n): Promise<JSONWebKeySet> =>\n Promise.resolve().then(() => normalizeJWKSSYNC(jwks));\n\n/**\n * Compute x5t (SHA-1) from first cert in x5c if not set\n * @param jwk\n */\nexport const computeX5T = (jwk: JWKType) => Promise.resolve().then(() => computeX5TSYNC(jwk))\n\n//namespaced exports\nexport const JWK = {\n export: exportJWK,\n import: importJWK,\n toPublic: toPublicJWK,\n thumbprint: getJWKThumbprint,\n computeX5T: computeX5T,\n};\n\n//namespaced exports\nexport const JWKS = {\n toKeyObject: JWKSToKeyObject,\n normalize: normalizeJWKS,\n};\n"],"names":["decode","token","decodeSync","sign","args","signSync","verify","result","verifySync","header","payload","signature","JWT","SignatureAlgorithm","exportJWK","key","exportJWKSYNC","importJWK","jwk","importJWKSYNC","toPublicJWK","toPublicJWKSYNC","getJWKThumbprint","hashAlg","getJWKThumbprintSYNC","JWKSToKeyObject","jwks","kid","JWKSToKeyObjectSYNC","normalizeJWKS","normalizeJWKSSYNC","computeX5T","computeX5TSYNC","JWK","JWKS"],"mappings":"0IAmBO,MAAMA,EAAUC,GACnB,QAAQ,QAAA,EAAU,KAAK,IAAMC,EAAAA,OAAWD,CAAK,CAAC,EAMrCE,EAAO,IAAIC,IACpB,QAAQ,QAAA,EAAU,KAAK,IAAMC,OAAS,GAAGD,CAAI,CAAC,EAMrCE,EAAS,IAAIF,IAKtB,QAAQ,QAAA,EAAU,KAAK,IAAM,CACzB,MAAMG,EAASC,SAAW,GAAGJ,CAAI,EACjC,GAAI,CAACG,EAAO,MACR,MAAMA,EAAO,MAEjB,KAAM,CAAC,OAAAE,EAAQ,QAAAC,EAAS,UAAAC,CAAA,EAAaJ,EACrC,MAAO,CAAC,OAAAE,EAAQ,QAAAC,EAAS,UAAAC,CAAA,CAC7B,CAAC,EAKQC,EAAM,CACf,KAAAT,EACA,OAAAG,EACA,OAAAN,EACA,WAAYa,EAAAA,kBAChB,ECrCaC,EAAaC,GACtB,QAAQ,QAAA,EAAU,KAAK,IAAMC,EAAAA,UAAcD,CAAG,CAAC,EAMtCE,EAAaC,GACtB,QAAQ,QAAA,EAAU,KAAK,IAAMC,EAAAA,UAAcD,CAAG,CAAC,EAMtCE,EAAeL,GACxB,QAAQ,QAAA,EAAU,KAAK,IAAMM,EAAAA,YAAgBN,CAAG,CAAC,EAOxCO,EAAmB,CAC5BJ,EACAK,EAAoB,WAEpB,QAAQ,QAAA,EAAU,KAAK,IAAMC,mBAAqBN,EAAKK,CAAO,CAAC,EAQtDE,EAAkB,CAC3BC,EACAC,IAEA,QAAQ,UAAU,KAAK,IAAMC,EAAAA,gBAAoBF,EAAMC,CAAG,CAAC,EAMlDE,EACTH,GAEA,QAAQ,QAAA,EAAU,KAAK,IAAMI,EAAAA,cAAkBJ,CAAI,CAAC,EAM3CK,EAAcb,GAAiB,QAAQ,QAAA,EAAU,KAAK,IAAMc,EAAAA,WAAed,CAAG,CAAC,EAG/Ee,EAAM,CACf,OAAQnB,EACR,OAAQG,EACR,SAAUG,EACV,WAAYE,EACZ,WAAAS,CACJ,EAGaG,EAAO,CAChB,YAAaT,EACb,UAAWI,CACf"}
|
package/dist/promises.es.js
CHANGED
|
@@ -1,42 +1,42 @@
|
|
|
1
|
-
import { S as
|
|
2
|
-
import { a as
|
|
1
|
+
import { S as n, d as i, s as m, v as c, e as a, i as l, t as h, g as p, h as K, n as J, c as W } from "./index-BmAAEOLC.js";
|
|
2
|
+
import { a as w } from "./index-BmAAEOLC.js";
|
|
3
3
|
import "crypto";
|
|
4
|
-
const
|
|
5
|
-
const
|
|
6
|
-
if (!
|
|
7
|
-
throw
|
|
8
|
-
const { header:
|
|
9
|
-
return { header:
|
|
10
|
-
}),
|
|
11
|
-
sign:
|
|
12
|
-
verify:
|
|
13
|
-
decode:
|
|
14
|
-
algorithms:
|
|
15
|
-
},
|
|
16
|
-
export:
|
|
17
|
-
import:
|
|
18
|
-
toPublic:
|
|
19
|
-
thumbprint:
|
|
20
|
-
computeX5T:
|
|
21
|
-
},
|
|
22
|
-
toKeyObject:
|
|
23
|
-
normalize:
|
|
4
|
+
const v = (e) => Promise.resolve().then(() => i(e)), u = (...e) => Promise.resolve().then(() => m(...e)), P = (...e) => Promise.resolve().then(() => {
|
|
5
|
+
const o = c(...e);
|
|
6
|
+
if (!o.valid)
|
|
7
|
+
throw o.error;
|
|
8
|
+
const { header: t, payload: s, signature: r } = o;
|
|
9
|
+
return { header: t, payload: s, signature: r };
|
|
10
|
+
}), j = {
|
|
11
|
+
sign: u,
|
|
12
|
+
verify: P,
|
|
13
|
+
decode: v,
|
|
14
|
+
algorithms: n
|
|
15
|
+
}, g = (e) => Promise.resolve().then(() => a(e)), $ = (e) => Promise.resolve().then(() => l(e)), b = (e) => Promise.resolve().then(() => h(e)), d = (e, o = "sha256") => Promise.resolve().then(() => p(e, o)), S = (e, o) => Promise.resolve().then(() => K(e, o)), T = (e) => Promise.resolve().then(() => J(e)), y = (e) => Promise.resolve().then(() => W(e)), z = {
|
|
16
|
+
export: g,
|
|
17
|
+
import: $,
|
|
18
|
+
toPublic: b,
|
|
19
|
+
thumbprint: d,
|
|
20
|
+
computeX5T: y
|
|
21
|
+
}, O = {
|
|
22
|
+
toKeyObject: S,
|
|
23
|
+
normalize: T
|
|
24
24
|
};
|
|
25
25
|
export {
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
26
|
+
z as JWK,
|
|
27
|
+
O as JWKS,
|
|
28
|
+
S as JWKSToKeyObject,
|
|
29
|
+
j as JWT,
|
|
30
|
+
n as SignatureAlgorithm,
|
|
31
|
+
w as SupportedAlgorithms,
|
|
32
|
+
y as computeX5T,
|
|
33
|
+
v as decode,
|
|
34
|
+
g as exportJWK,
|
|
35
|
+
d as getJWKThumbprint,
|
|
36
|
+
$ as importJWK,
|
|
37
|
+
T as normalizeJWKS,
|
|
38
|
+
u as sign,
|
|
39
|
+
b as toPublicJWK,
|
|
40
|
+
P as verify
|
|
41
41
|
};
|
|
42
42
|
//# sourceMappingURL=promises.es.js.map
|
package/dist/promises.es.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"promises.es.js","sources":["../src/jwt/promises.ts","../src/jwks/promises.ts"],"sourcesContent":["import
|
|
1
|
+
{"version":3,"file":"promises.es.js","sources":["../src/jwt/promises.ts","../src/jwks/promises.ts"],"sourcesContent":["import {\n type JWT as JSONWebToken,\n decode as decodeSync,\n sign as signSync,\n verify as verifySync,\n JWTPayload,\n type SupportedAlgorithm,\n JWTHeader,\n SignatureAlgorithm\n} from '../';\n\nexport {\n type SupportedAlgorithm, SupportedAlgorithms, SignatureAlgorithm, type JWTHeader, type JWTPayload\n} from '../index';\n\n/**\n * Decode a JWT string into its parts (without verification)\n * @param token\n */\nexport const decode = (token: string): Promise<JSONWebToken> =>\n Promise.resolve().then(() => decodeSync(token));\n\n/**\n * Sign a JWT\n * @see(synchronous parameters)\n */\nexport const sign = (...args: Parameters<typeof signSync>): Promise<string> =>\n Promise.resolve().then(() => signSync(...args));\n\n/**\n * Verify and validate a JWT\n * @throws { { reason: string; code: string } } if invalid\n */\nexport const verify = (...args: Parameters<typeof verifySync>): Promise<{\n header: JWTHeader;\n payload: JWTPayload;\n signature: string\n}> =>\n Promise.resolve().then(() => {\n const result = verifySync(...args);\n if (!result.valid) {\n throw result.error;\n }\n const {header, payload, signature} = result;\n return {header, payload, signature};\n });\n\nexport type JWT = JSONWebToken;\n\n//namespace export\nexport const JWT = {\n sign,\n verify,\n decode,\n algorithms: SignatureAlgorithm\n};\n","import type {KeyObject} from 'crypto';\n\nimport {\n type JWK as JWKType,\n type JWKS as JSONWebKeySet,\n exportJWK as exportJWKSYNC,\n importJWK as importJWKSYNC,\n toPublicJWK as toPublicJWKSYNC,\n getJWKThumbprint as getJWKThumbprintSYNC,\n JWKSToKeyObject as JWKSToKeyObjectSYNC,\n normalizeJWKS as normalizeJWKSSYNC,\n computeX5T as computeX5TSYNC\n} from './';\n\n/**\n * Export a KeyObject to JWK\n * @param key\n */\nexport const exportJWK = (key: KeyObject): Promise<JWKType> =>\n Promise.resolve().then(() => exportJWKSYNC(key));\n\n/**\n * Import a JWK to KeyObject\n * @param jwk\n */\nexport const importJWK = (jwk: JWKType): Promise<KeyObject> =>\n Promise.resolve().then(() => importJWKSYNC(jwk));\n\n/**\n * Export public-only JWK\n * @param key\n */\nexport const toPublicJWK = (key: KeyObject): Promise<JWKType> =>\n Promise.resolve().then(() => toPublicJWKSYNC(key));\n\n/**\n * RFC 7638 JWK thumbprint\n * @param jwk\n * @param hashAlg\n */\nexport const getJWKThumbprint = (\n jwk: JWKType,\n hashAlg: 'sha256' = 'sha256'\n): Promise<string> =>\n Promise.resolve().then(() => getJWKThumbprintSYNC(jwk, hashAlg));\n\n/**\n * Resolve a KeyObject from a JWKS (kid-based)\n * @param jwks\n * @param kid\n * @constructor\n */\nexport const JWKSToKeyObject = (\n jwks: JSONWebKeySet,\n kid?: string\n): Promise<KeyObject> =>\n Promise.resolve().then(() => JWKSToKeyObjectSYNC(jwks, kid));\n\n/**\n * Normalize JWKS (auto-generate missing kid values)\n * @param jwks\n */\nexport const normalizeJWKS = (\n jwks: JSONWebKeySet\n): Promise<JSONWebKeySet> =>\n Promise.resolve().then(() => normalizeJWKSSYNC(jwks));\n\n/**\n * Compute x5t (SHA-1) from first cert in x5c if not set\n * @param jwk\n */\nexport const computeX5T = (jwk: JWKType) => Promise.resolve().then(() => computeX5TSYNC(jwk))\n\n//namespaced exports\nexport const JWK = {\n export: exportJWK,\n import: importJWK,\n toPublic: toPublicJWK,\n thumbprint: getJWKThumbprint,\n computeX5T: computeX5T,\n};\n\n//namespaced exports\nexport const JWKS = {\n toKeyObject: JWKSToKeyObject,\n normalize: normalizeJWKS,\n};\n"],"names":["decode","token","decodeSync","sign","args","signSync","verify","result","verifySync","header","payload","signature","JWT","SignatureAlgorithm","exportJWK","key","exportJWKSYNC","importJWK","jwk","importJWKSYNC","toPublicJWK","toPublicJWKSYNC","getJWKThumbprint","hashAlg","getJWKThumbprintSYNC","JWKSToKeyObject","jwks","kid","JWKSToKeyObjectSYNC","normalizeJWKS","normalizeJWKSSYNC","computeX5T","computeX5TSYNC","JWK","JWKS"],"mappings":";;;AAmBO,MAAMA,IAAS,CAACC,MACnB,QAAQ,QAAA,EAAU,KAAK,MAAMC,EAAWD,CAAK,CAAC,GAMrCE,IAAO,IAAIC,MACpB,QAAQ,QAAA,EAAU,KAAK,MAAMC,EAAS,GAAGD,CAAI,CAAC,GAMrCE,IAAS,IAAIF,MAKtB,QAAQ,QAAA,EAAU,KAAK,MAAM;AACzB,QAAMG,IAASC,EAAW,GAAGJ,CAAI;AACjC,MAAI,CAACG,EAAO;AACR,UAAMA,EAAO;AAEjB,QAAM,EAAC,QAAAE,GAAQ,SAAAC,GAAS,WAAAC,EAAA,IAAaJ;AACrC,SAAO,EAAC,QAAAE,GAAQ,SAAAC,GAAS,WAAAC,EAAA;AAC7B,CAAC,GAKQC,IAAM;AAAA,EACf,MAAAT;AAAA,EACA,QAAAG;AAAA,EACA,QAAAN;AAAA,EACA,YAAYa;AAChB,GCrCaC,IAAY,CAACC,MACtB,QAAQ,QAAA,EAAU,KAAK,MAAMC,EAAcD,CAAG,CAAC,GAMtCE,IAAY,CAACC,MACtB,QAAQ,QAAA,EAAU,KAAK,MAAMC,EAAcD,CAAG,CAAC,GAMtCE,IAAc,CAACL,MACxB,QAAQ,QAAA,EAAU,KAAK,MAAMM,EAAgBN,CAAG,CAAC,GAOxCO,IAAmB,CAC5BJ,GACAK,IAAoB,aAEpB,QAAQ,QAAA,EAAU,KAAK,MAAMC,EAAqBN,GAAKK,CAAO,CAAC,GAQtDE,IAAkB,CAC3BC,GACAC,MAEA,QAAQ,UAAU,KAAK,MAAMC,EAAoBF,GAAMC,CAAG,CAAC,GAMlDE,IAAgB,CACzBH,MAEA,QAAQ,QAAA,EAAU,KAAK,MAAMI,EAAkBJ,CAAI,CAAC,GAM3CK,IAAa,CAACb,MAAiB,QAAQ,QAAA,EAAU,KAAK,MAAMc,EAAed,CAAG,CAAC,GAG/Ee,IAAM;AAAA,EACf,QAAQnB;AAAA,EACR,QAAQG;AAAA,EACR,UAAUG;AAAA,EACV,YAAYE;AAAA,EACZ,YAAAS;AACJ,GAGaG,IAAO;AAAA,EAChB,aAAaT;AAAA,EACb,WAAWI;AACf;"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sourceregistry/node-jwt",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.4.0",
|
|
4
4
|
"description": "A lightweight, zero-dependency TypeScript library for creating, verifying and decoding JSON Web Tokens (JWT).",
|
|
5
5
|
"main": "./dist/index.cjs.js",
|
|
6
6
|
"module": "./dist/index.es.js",
|
package/dist/index-CSRWSLal.cjs
DELETED
|
@@ -1,2 +0,0 @@
|
|
|
1
|
-
"use strict";const a=require("crypto"),d={encode:e=>Buffer.from(e).toString("base64url"),decode:e=>Buffer.from(e,"base64url").toString()},y=(e,r)=>e.length!==r.length?!1:a.timingSafeEqual(Buffer.from(e),Buffer.from(r)),f={HS256:{sign:(e,r)=>a.createHmac("sha256",r).update(e).digest("base64url"),verify:(e,r,t)=>{const i=a.createHmac("sha256",r).update(e).digest("base64url");return y(i,t)}},HS384:{sign:(e,r)=>a.createHmac("sha384",r).update(e).digest("base64url"),verify:(e,r,t)=>{const i=a.createHmac("sha384",r).update(e).digest("base64url");return y(i,t)}},HS512:{sign:(e,r)=>a.createHmac("sha512",r).update(e).digest("base64url"),verify:(e,r,t)=>{const i=a.createHmac("sha512",r).update(e).digest("base64url");return y(i,t)}},RS256:{sign:(e,r)=>a.createSign("RSA-SHA256").update(e).end().sign(r).toString("base64url"),verify:(e,r,t)=>{try{return a.createVerify("RSA-SHA256").update(e).end().verify(r,Buffer.from(t,"base64url"))}catch{return!1}}},RS384:{sign:(e,r)=>a.createSign("RSA-SHA384").update(e).end().sign(r).toString("base64url"),verify:(e,r,t)=>{try{return a.createVerify("RSA-SHA384").update(e).end().verify(r,Buffer.from(t,"base64url"))}catch{return!1}}},RS512:{sign:(e,r)=>a.createSign("RSA-SHA512").update(e).end().sign(r).toString("base64url"),verify:(e,r,t)=>{try{return a.createVerify("RSA-SHA512").update(e).end().verify(r,Buffer.from(t,"base64url"))}catch{return!1}}},ES256:{sign:(e,r)=>a.createSign("SHA256").update(e).end().sign(r).toString("base64url"),verify:(e,r,t)=>{try{return a.createVerify("SHA256").update(e).end().verify(r,Buffer.from(t,"base64url"))}catch{return!1}}},ES384:{sign:(e,r)=>a.createSign("SHA384").update(e).end().sign(r).toString("base64url"),verify:(e,r,t)=>{try{return a.createVerify("SHA384").update(e).end().verify(r,Buffer.from(t,"base64url"))}catch{return!1}}},ES512:{sign:(e,r)=>a.createSign("SHA512").update(e).end().sign(r).toString("base64url"),verify:(e,r,t)=>{try{return a.createVerify("SHA512").update(e).end().verify(r,Buffer.from(t,"base64url"))}catch{return!1}}},ES256K:{sign:(e,r)=>a.createSign("SHA256").update(e).end().sign(r).toString("base64url"),verify:(e,r,t)=>{try{return a.createVerify("SHA256").update(e).end().verify(r,Buffer.from(t,"base64url"))}catch{return!1}}},PS256:{sign:(e,r)=>a.createSign("RSA-SHA256").update(e).end().sign({key:r,padding:a.constants.RSA_PKCS1_PSS_PADDING,saltLength:32}).toString("base64url"),verify:(e,r,t)=>{try{return a.createVerify("RSA-SHA256").update(e).end().verify({key:r,padding:a.constants.RSA_PKCS1_PSS_PADDING,saltLength:32},Buffer.from(t,"base64url"))}catch{return!1}}},PS384:{sign:(e,r)=>a.createSign("RSA-SHA384").update(e).end().sign({key:r,padding:a.constants.RSA_PKCS1_PSS_PADDING,saltLength:48}).toString("base64url"),verify:(e,r,t)=>{try{return a.createVerify("RSA-SHA384").update(e).end().verify({key:r,padding:a.constants.RSA_PKCS1_PSS_PADDING,saltLength:48},Buffer.from(t,"base64url"))}catch{return!1}}},PS512:{sign:(e,r)=>a.createSign("RSA-SHA512").update(e).end().sign({key:r,padding:a.constants.RSA_PKCS1_PSS_PADDING,saltLength:64}).toString("base64url"),verify:(e,r,t)=>{try{return a.createVerify("RSA-SHA512").update(e).end().verify({key:r,padding:a.constants.RSA_PKCS1_PSS_PADDING,saltLength:64},Buffer.from(t,"base64url"))}catch{return!1}}},EdDSA:{sign:(e,r)=>a.sign(null,typeof e=="string"?Buffer.from(e,"utf8"):e,r).toString("base64url"),verify:(e,r,t)=>{try{return a.verify(null,typeof e=="string"?Buffer.from(e,"utf8"):e,r,Buffer.from(t,"base64url"))}catch{return!1}}}},H=Object.keys(f);function A(e){if(e.type==="secret")return"HS256";if(e.type!=="private")throw new Error("Only private or symmetric keys can be used to sign JWTs");const r=e.asymmetricKeyType,t=e.asymmetricKeyDetails;switch(r){case"rsa":return"RS256";case"rsa-pss":{const i=t?.hashAlgorithm??"sha256";switch(i){case"sha256":return"PS256";case"sha384":return"PS384";case"sha512":return"PS512";default:throw new Error(`Unsupported RSA-PSS hash algorithm: ${i}`)}}case"ec":{const i=t?.namedCurve;switch(i){case"P-256":case"prime256v1":return"ES256";case"P-384":case"secp384r1":return"ES384";case"P-521":case"secp521r1":return"ES512";case"secp256k1":return"ES256K";default:throw new Error(`Unsupported EC curve: ${i}`)}}case"ed25519":return"EdDSA";default:throw new Error(`Unsupported asymmetric key type: ${r}`)}}function D(e){if(typeof e=="object"&&"type"in e)return e;try{return a.createPrivateKey(e)}catch{const r=typeof e=="string"?Buffer.from(e,"utf8"):Buffer.isBuffer(e)?e:(()=>{throw new Error("Unsupported key type")})();return a.createSecretKey(r)}}const p=e=>{const r=e.split(".");if(r.length!==3)throw new Error('Invalid JWT: must contain exactly 3 parts separated by "."');const[t,i,s]=r;if(!t||!i||!s)throw new Error("Invalid JWT: empty part detected");try{const n=JSON.parse(d.decode(t)),c=JSON.parse(d.decode(i));return{header:n,payload:c,signature:s}}catch(n){throw new Error(`Invalid JWT: malformed header or payload (${n.message})`)}},b=(e,r,t={})=>{const i=D(r),s=t.alg??A(i),n=t.typ??"JWT";if(!(s in f))throw new Error(`Unsupported algorithm: ${s}`);const c={alg:s,typ:n};t.kid&&(c.kid=t.kid);const u=d.encode(JSON.stringify(c)),S=d.encode(JSON.stringify(e)),v=`${u}.${S}`,l=f[s].sign(v,r);return`${u}.${S}.${l}`},I=(e,r,t={})=>{let i;try{i=p(e)}catch(o){return{valid:!1,error:{reason:o.message,code:"INVALID_TOKEN"}}}const{header:s,payload:n,signature:c}=i,u=s.alg;if(!(u in f))return{valid:!1,error:{reason:`Unsupported or unknown algorithm: ${s.alg}`,code:"INVALID_ALGORITHM"}};if(t.algorithms&&t.algorithms.length>0&&!t.algorithms.includes(u))return{valid:!1,error:{reason:`Algorithm "${u}" is not in the allowed algorithms list`,code:"ALGORITHM_NOT_ALLOWED"}};if(s.typ!==void 0&&s.typ!=="JWT")return{valid:!1,error:{reason:`Invalid token type: expected 'JWT', got '${s.typ}'`,code:"INVALID_TYPE"}};const S=`${d.encode(JSON.stringify(s))}.${d.encode(JSON.stringify(n))}`;if(!f[u].verify(S,r,c))return{valid:!1,error:{reason:"Signature verification failed",code:"INVALID_SIGNATURE"}};const l=Math.floor(Date.now()/1e3),g=t.clockSkew??0;if(!t.ignoreExpiration&&n.exp!==void 0&&l>n.exp+g)return{valid:!1,error:{reason:"Token expired",code:"TOKEN_EXPIRED"}};if(n.nbf!==void 0&&l+g<n.nbf)return{valid:!1,error:{reason:"Token not yet valid",code:"TOKEN_NOT_ACTIVE"}};if(n.iat!==void 0&&l+g<n.iat)return{valid:!1,error:{reason:"Token issued in the future",code:"TOKEN_FUTURE_ISSUED"}};if(t.maxTokenAge!==void 0&&n.iat!==void 0){const o=l-n.iat;if(o>t.maxTokenAge)return{valid:!1,error:{reason:`Token age (${o}s) exceeds maximum allowed age (${t.maxTokenAge}s)`,code:"TOKEN_TOO_OLD"}}}if(t.issuer!==void 0){if(n.iss===void 0)return{valid:!1,error:{reason:'Token missing required issuer claim ("iss")',code:"MISSING_ISSUER"}};if(t.issuer!==n.iss)return{valid:!1,error:{reason:`Invalid token issuer: expected "${t.issuer}", got "${n.iss}"`,code:"INVALID_ISSUER"}}}if(t.subject!==void 0){if(n.sub===void 0)return{valid:!1,error:{reason:'Token missing required subject claim ("sub")',code:"MISSING_SUBJECT"}};if(t.subject!==n.sub)return{valid:!1,error:{reason:`Invalid token subject: expected "${t.subject}", got "${n.sub}"`,code:"INVALID_SUBJECT"}}}if(t.audience!==void 0){const o=n.aud;if(o===void 0)return{valid:!1,error:{reason:'Token missing required audience claim ("aud")',code:"MISSING_AUDIENCE"}};const _=Array.isArray(t.audience)?t.audience:[t.audience],N=Array.isArray(o)?o:[o];if(!_.some(W=>N.includes(W)))return{valid:!1,error:{reason:"Audience claim mismatch",code:"INVALID_AUDIENCE"}}}if(t.jwtId!==void 0){if(n.jti===void 0)return{valid:!1,error:{reason:'Token missing required JWT ID claim ("jti")',code:"MISSING_JTI"}};if(t.jwtId!==n.jti)return{valid:!1,error:{reason:`Invalid JWT ID: expected "${t.jwtId}", got "${n.jti}"`,code:"INVALID_JTI"}}}return{valid:!0,header:s,payload:n,signature:c}},R={sign:b,verify:I,decode:p,algorithms:f};function E(e){if(!e||typeof e!="object")throw new Error("Invalid KeyObject");return e.export({format:"jwk"})}function h(e){if(!e||typeof e!="object")throw new Error("Invalid JWK");switch(e.kty){case"oct":{if(!("k"in e)||typeof e.k!="string")throw new Error('Invalid oct JWK: missing "k"');return a.createSecretKey(Buffer.from(e.k,"base64url"))}case"RSA":case"EC":case"OKP":return"d"in e&&typeof e.d=="string"?a.createPrivateKey({format:"jwk",key:e}):a.createPublicKey({format:"jwk",key:e});default:throw new Error(`Unsupported JWK key type: ${e.kty}`)}}function K(e){if(!e||typeof e!="object")throw new Error("Invalid KeyObject");const t=(e.type==="private"?a.createPublicKey(e):e).export({format:"jwk"});return delete t.d,delete t.p,delete t.q,delete t.dp,delete t.dq,delete t.qi,t}function m(e,r="sha256"){if(!e||typeof e!="object")throw new Error("Invalid JWK");let t;switch(e.kty){case"RSA":t={e:e.e,kty:e.kty,n:e.n};break;case"EC":t={crv:e.crv,kty:e.kty,x:e.x,y:e.y};break;case"OKP":t={crv:e.crv,kty:e.kty,x:e.x};break;case"oct":t={k:e.k,kty:e.kty};break;default:throw new Error(`Unsupported JWK key type: ${e.kty}`)}const i=JSON.stringify(Object.keys(t).sort().reduce((s,n)=>(s[n]=t[n],s),{}));return a.createHash(r).update(i).digest("base64url")}function T(e){if(e.x5c?.length)return a.createHash("sha1").update(Buffer.from(e.x5c[0],"base64")).digest("base64url")}const x={export:E,import:h,toPublic:K,thumbprint:m};function J(e,r){if(!e||!Array.isArray(e.keys))throw new Error("Invalid JWKS");let t;if(r&&(t=e.keys.find(i=>i.kid===r)),!t&&e.keys.length===1&&(t=e.keys[0]),!t)throw new Error("Key not found in JWKS");return h(t)}function P(e){return{keys:e.keys.map(r=>({...r,kid:r.kid??m(r),x5t:r.x5t??T(r)}))}}const O={toKeyObject:J,normalize:P};exports.AutodetectAlgorithm=A;exports.JWK=x;exports.JWKS=O;exports.JWKSToKeyObject=J;exports.JWT=R;exports.SignatureAlgorithm=f;exports.SupportedAlgorithms=H;exports.base64Url=d;exports.computeX5T=T;exports.decode=p;exports.exportJWK=E;exports.getJWKThumbprint=m;exports.importJWK=h;exports.normalizeJWKS=P;exports.sign=b;exports.toPublicJWK=K;exports.verify=I;
|
|
2
|
-
//# sourceMappingURL=index-CSRWSLal.cjs.map
|