@sourceregistry/node-jwt 1.4.1 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +41 -1
- package/dist/{index-BmAAEOLC.js → index-BH3QmxZ_.js} +241 -149
- package/dist/{index-BmAAEOLC.js.map → index-BH3QmxZ_.js.map} +1 -1
- package/dist/index-BSuQzHXZ.cjs +2 -0
- package/dist/{index-eYY-I3Pd.cjs.map → index-BSuQzHXZ.cjs.map} +1 -1
- package/dist/index.cjs.js +1 -1
- package/dist/index.es.js +9 -8
- package/dist/jwks/index.d.ts +36 -0
- package/dist/jwt/promises.d.ts +30 -30
- package/dist/promises.cjs.js +1 -1
- package/dist/promises.es.js +2 -2
- package/package.json +10 -8
- package/dist/index-eYY-I3Pd.cjs +0 -2
package/README.md
CHANGED
|
@@ -138,6 +138,7 @@ Autodetection fails for unsupported keys:
|
|
|
138
138
|
* Support **x5c/x5t** (X.509 cert chain + SHA-1 thumbprint)
|
|
139
139
|
* Normalize **JWKS** with auto-generated `kid` and `x5t`
|
|
140
140
|
* Resolve keys from **JWKS** by `kid` for verification
|
|
141
|
+
* Load remote **JWKS** with caching via `JWKS.fromWeb()`
|
|
141
142
|
|
|
142
143
|
### 🔹 Example: JWKS Key Selection
|
|
143
144
|
|
|
@@ -151,6 +152,45 @@ const jwks = JWKS.normalize({ keys: [jwk] });
|
|
|
151
152
|
// Retrieve key by kid
|
|
152
153
|
const keyObject = JWKS.toKeyObject(jwks, jwk.kid);
|
|
153
154
|
```
|
|
155
|
+
|
|
156
|
+
### 🔹 Example: Remote JWKS (`fromWeb`)
|
|
157
|
+
|
|
158
|
+
```ts
|
|
159
|
+
import { JWKS } from '@sourceregistry/node-jwt';
|
|
160
|
+
|
|
161
|
+
const jwks = await JWKS.fromWeb('https://issuer.example', {
|
|
162
|
+
ttl: 60_000,
|
|
163
|
+
timeoutMs: 2_000
|
|
164
|
+
});
|
|
165
|
+
|
|
166
|
+
const jwk = await jwks.key('my-kid');
|
|
167
|
+
const keys = await jwks.list();
|
|
168
|
+
const rsaKeys = await jwks.find({ kty: 'RSA' });
|
|
169
|
+
const firstSigKey = await jwks.findFirst({ use: 'sig' });
|
|
170
|
+
|
|
171
|
+
// Force refresh
|
|
172
|
+
await jwks.reload();
|
|
173
|
+
|
|
174
|
+
// Access cached JWKS snapshot
|
|
175
|
+
const current = jwks.export();
|
|
176
|
+
```
|
|
177
|
+
|
|
178
|
+
`fromWeb()` options:
|
|
179
|
+
|
|
180
|
+
* `fetch` — custom fetch implementation (for runtimes/framework adapters)
|
|
181
|
+
* `ttl` — cache TTL in ms (`0` disables automatic refresh)
|
|
182
|
+
* `timeoutMs` — network timeout in ms
|
|
183
|
+
* `endpointOverride` — custom endpoint (absolute or relative)
|
|
184
|
+
* `overrideEndpointCheck` — skip automatic `/.well-known/jwks.json` append
|
|
185
|
+
* `cache` — custom cache backend with `{ get(key), set(key, value) }`
|
|
186
|
+
|
|
187
|
+
### 🔹 Local Examples
|
|
188
|
+
|
|
189
|
+
See runnable examples in:
|
|
190
|
+
|
|
191
|
+
* `examples/jwt.example.ts`
|
|
192
|
+
* `examples/jwks.example.ts`
|
|
193
|
+
|
|
154
194
|
---
|
|
155
195
|
|
|
156
196
|
## 🛡️ Security Features
|
|
@@ -233,7 +273,7 @@ Decode a JWT without verification (**unsafe**).
|
|
|
233
273
|
|
|
234
274
|
## 🧪 Testing
|
|
235
275
|
|
|
236
|
-
*
|
|
276
|
+
* High branch coverage
|
|
237
277
|
* All algorithms + autodetection paths
|
|
238
278
|
* All failure modes
|
|
239
279
|
* Sync + Promise APIs
|