@twin.org/web 0.0.1-next.36 → 0.0.1-next.37

package/dist/cjs/index.cjs

@@ -1,7 +1,7 @@
 'use strict';
 
 var core = require('@twin.org/core');
-var crypto = require('@twin.org/crypto');
+var jose = require('jose');
 
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
@@ -345,23 +345,6 @@ const HttpStatusCode = {
     networkAuthenticationRequired: 511
 };
 
-// Copyright 2024 IOTA Stiftung.
-// SPDX-License-Identifier: Apache-2.0.
-/**
- * The cryptographic algorithms supported for JSON Web Tokens and JSON Web Keys.
- */
-// eslint-disable-next-line @typescript-eslint/naming-convention
-const JwtAlgorithms = {
-    /**
-     * HMAC using SHA-256.
-     */
-    HS256: "HS256",
-    /**
-     * EdDSA using Ed25519.
-     */
-    EdDSA: "EdDSA"
-};
-
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
 /**
@@ -714,7 +697,34 @@ class FetchHelper {
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
 /**
- * Class to encode and decode JSON Web Tokens.
+ * Class to handle JSON Web Keys.
+ */
+class Jwk {
+    /**
+     * Runtime name for the class.
+     * @internal
+     */
+    static _CLASS_NAME = "Jwk";
+    /**
+     * Convert the JWK to a crypto key.
+     * @param jwk The JWK to convert.
+     * @returns The crypto key.
+     */
+    static async toCryptoKey(jwk) {
+        core.Guards.object(Jwk._CLASS_NAME, "jwk", jwk);
+        try {
+            return jose.importJWK(jwk);
+        }
+        catch (err) {
+            throw new core.GeneralError(Jwk._CLASS_NAME, "jwkImportFailed", undefined, err);
+        }
+    }
+}
+
+// Copyright 2024 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+/**
+ * Class to handle JSON Web Tokens.
  */
 class Jwt {
     /**
@@ -731,9 +741,9 @@ class Jwt {
      */
     static async encode(header, payload, key) {
         core.Guards.object(Jwt._CLASS_NAME, "header", header);
-        core.Guards.arrayOneOf(Jwt._CLASS_NAME, "header.alg", header.alg, Object.values(JwtAlgorithms));
+        core.Guards.stringValue(Jwt._CLASS_NAME, "header.alg", header.alg);
         core.Guards.object(Jwt._CLASS_NAME, "payload", payload);
-        core.Guards.uint8Array(Jwt._CLASS_NAME, "key", key);
+        core.Guards.defined(Jwt._CLASS_NAME, "key", key);
         return Jwt.internalEncode(header, payload, key);
     }
     /**
@@ -745,7 +755,7 @@ class Jwt {
      */
     static async encodeWithSigner(header, payload, signer) {
         core.Guards.object(Jwt._CLASS_NAME, "header", header);
-        core.Guards.arrayOneOf(Jwt._CLASS_NAME, "header.alg", header.alg, Object.values(JwtAlgorithms));
+        core.Guards.stringValue(Jwt._CLASS_NAME, "header.alg", header.alg);
         core.Guards.object(Jwt._CLASS_NAME, "payload", payload);
         core.Guards.function(Jwt._CLASS_NAME, "signer", signer);
         return Jwt.internalEncode(header, payload, undefined, signer);
@@ -792,13 +802,8 @@ class Jwt {
      */
     static async verify(token, key) {
         core.Guards.stringValue(Jwt._CLASS_NAME, "token", token);
-        core.Guards.uint8Array(Jwt._CLASS_NAME, "key", key);
-        const decoded = await Jwt.decode(token);
-        const verified = await Jwt.verifySignature(decoded.header, decoded.payload, decoded.signature, key);
-        return {
-            verified,
-            ...decoded
-        };
+        core.Guards.defined(Jwt._CLASS_NAME, "key", key);
+        return Jwt.verifySignature(token, key);
     }
     /**
      * Verify a token.
@@ -809,79 +814,75 @@ class Jwt {
     static async verifyWithVerifier(token, verifier) {
         core.Guards.stringValue(Jwt._CLASS_NAME, "token", token);
         core.Guards.function(Jwt._CLASS_NAME, "verifier", verifier);
-        core.Guards.stringValue(Jwt._CLASS_NAME, "token", token);
-        const decoded = await Jwt.decode(token);
-        const verified = await Jwt.verifySignature(decoded.header, decoded.payload, decoded.signature, undefined, verifier);
-        return {
-            verified,
-            ...decoded
-        };
+        return Jwt.verifySignature(token, undefined, verifier);
     }
     /**
      * Verify a token by parts.
-     * @param header The header to verify.
-     * @param payload The payload to verify.
-     * @param signature The signature to verify.
+     * @param token The token to verify.
      * @param key The key for verifying the token, if not provided no verification occurs.
      * @param verifier Custom verification method.
      * @returns True if the parts are verified.
      */
-    static async verifySignature(header, payload, signature, key, verifier) {
+    static async verifySignature(token, key, verifier) {
+        core.Guards.stringValue(Jwt._CLASS_NAME, "token", token);
         const hasKey = core.Is.notEmpty(key);
         const hasVerifier = core.Is.notEmpty(verifier);
         if (!hasKey && !hasVerifier) {
             throw new core.GeneralError(Jwt._CLASS_NAME, "noKeyOrVerifier");
         }
-        let verified = false;
-        if (core.Is.object(header) &&
-            core.Is.object(payload) &&
-            core.Is.uint8Array(signature) &&
-            core.Is.arrayOneOf(header.alg, Object.values(JwtAlgorithms))) {
-            const segments = [];
-            const headerBytes = core.Converter.utf8ToBytes(JSON.stringify(header));
-            segments.push(core.Converter.bytesToBase64Url(headerBytes));
-            const payloadBytes = core.Converter.utf8ToBytes(JSON.stringify(payload));
-            segments.push(core.Converter.bytesToBase64Url(payloadBytes));
-            const jwtHeaderAndPayload = core.Converter.utf8ToBytes(segments.join("."));
-            verifier ??= async (alg, k, p, s) => Jwt.defaultVerifier(alg, k, p, s);
-            verified = await verifier(header.alg, key, jwtHeaderAndPayload, signature);
-        }
-        return verified;
+        verifier ??= async (t, k) => Jwt.defaultVerifier(t, k);
+        return verifier(token, key);
     }
     /**
      * The default signer for the JWT.
      * @param alg The algorithm to use.
      * @param key The key to sign with.
+     * @param header The header to sign.
      * @param payload The payload to sign.
      * @returns The signature.
      */
-    static async defaultSigner(alg, key, payload) {
-        core.Guards.uint8Array(Jwt._CLASS_NAME, "key", key);
-        core.Guards.uint8Array(Jwt._CLASS_NAME, "payload", payload);
-        if (alg === "HS256") {
-            const algo = new crypto.HmacSha256(key);
-            return algo.update(payload).digest();
+    static async defaultSigner(alg, key, header, payload) {
+        core.Guards.defined(Jwt._CLASS_NAME, "key", key);
+        core.Guards.object(Jwt._CLASS_NAME, "header", header);
+        core.Guards.object(Jwt._CLASS_NAME, "payload", payload);
+        const signer = new jose.SignJWT(payload);
+        header.alg = alg;
+        signer.setProtectedHeader(header);
+        if (alg === "EdDSA" && core.Is.uint8Array(key)) {
+            // crypto.subtle.importKey does not support Ed25519 keys in raw format.
+            // We need to convert the key to PKCS8 format before importing.
+            // The PKCS8 format is the raw key prefixed with the ASN.1 sequence for an Ed25519 private key.
+            // The ASN.1 sequence is 48 46 02 01 00 30 05 06 03 2b 65 70 04 20 04 20
+            const pkcs8Prefix = new Uint8Array([
+                48, 46, 2, 1, 0, 48, 5, 6, 3, 43, 101, 112, 4, 34, 4, 32
+            ]); // 0x302e020100300506032b657004220420
+            const pkcs8PrivateKey = core.Uint8ArrayHelper.concat([pkcs8Prefix, key]);
+            const imported = await crypto.subtle.importKey("pkcs8", pkcs8PrivateKey, "Ed25519", false, [
+                "sign"
+            ]);
+            return signer.sign(imported);
         }
-        return crypto.Ed25519.sign(key, payload);
+        return signer.sign(key);
     }
     /**
      * The default verifier for the JWT.
-     * @param alg The algorithm to use.
+     * @param token The token to verify.
      * @param key The key to verify with.
-     * @param payload The payload to verify.
-     * @param signature The signature to verify.
      * @returns True if the signature was verified.
      */
-    static async defaultVerifier(alg, key, payload, signature) {
-        core.Guards.uint8Array(Jwt._CLASS_NAME, "key", key);
-        core.Guards.uint8Array(Jwt._CLASS_NAME, "payload", payload);
-        core.Guards.uint8Array(Jwt._CLASS_NAME, "signature", signature);
-        if (alg === "HS256") {
-            const algo = new crypto.HmacSha256(key);
-            const sigBytes = algo.update(payload).digest();
-            return core.ArrayHelper.matches(sigBytes, signature);
+    static async defaultVerifier(token, key) {
+        core.Guards.stringValue(Jwt._CLASS_NAME, "token", token);
+        core.Guards.defined(Jwt._CLASS_NAME, "key", key);
+        try {
+            const result = await jose.jwtVerify(token, key);
+            return {
+                header: result.protectedHeader,
+                payload: result.payload
+            };
+        }
+        catch (err) {
+            throw new core.GeneralError(Jwt._CLASS_NAME, "verifyFailed", undefined, err);
         }
-        return crypto.Ed25519.verify(key, payload, signature);
     }
     /**
      * Encode a token.
@@ -898,19 +899,11 @@ class Jwt {
         if (!hasKey && !hasSigner) {
             throw new core.GeneralError(Jwt._CLASS_NAME, "noKeyOrSigner");
         }
-        signer ??= async (alg, k, p) => Jwt.defaultSigner(alg, k, p);
+        signer ??= async (alg, k, h, p) => Jwt.defaultSigner(alg, k, h, p);
         if (core.Is.undefined(header.typ)) {
             header.typ = "JWT";
         }
-        const segments = [];
-        const headerBytes = core.Converter.utf8ToBytes(JSON.stringify(header));
-        segments.push(core.Converter.bytesToBase64Url(headerBytes));
-        const payloadBytes = core.Converter.utf8ToBytes(JSON.stringify(payload));
-        segments.push(core.Converter.bytesToBase64Url(payloadBytes));
-        const jwtHeaderAndPayload = core.Converter.utf8ToBytes(segments.join("."));
-        const sigBytes = await signer(header.alg, key, jwtHeaderAndPayload);
-        segments.push(core.Converter.bytesToBase64Url(sigBytes));
-        return segments.join(".");
+        return signer(header.alg, key, header, payload);
     }
 }
 
@@ -1055,7 +1048,7 @@ exports.FetchHelper = FetchHelper;
 exports.HeaderTypes = HeaderTypes;
 exports.HttpMethod = HttpMethod;
 exports.HttpStatusCode = HttpStatusCode;
+exports.Jwk = Jwk;
 exports.Jwt = Jwt;
-exports.JwtAlgorithms = JwtAlgorithms;
 exports.MimeTypeHelper = MimeTypeHelper;
 exports.MimeTypes = MimeTypes;

package/dist/esm/index.mjs

@@ -1,5 +1,5 @@
-import { BaseError, StringHelper, Guards, Is, AsyncCache, ObjectHelper, Converter, GeneralError, ArrayHelper } from '@twin.org/core';
-import { HmacSha256, Ed25519 } from '@twin.org/crypto';
+import { BaseError, StringHelper, Guards, Is, AsyncCache, ObjectHelper, GeneralError, Converter, Uint8ArrayHelper } from '@twin.org/core';
+import { importJWK, SignJWT, jwtVerify } from 'jose';
 
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
@@ -343,23 +343,6 @@ const HttpStatusCode = {
     networkAuthenticationRequired: 511
 };
 
-// Copyright 2024 IOTA Stiftung.
-// SPDX-License-Identifier: Apache-2.0.
-/**
- * The cryptographic algorithms supported for JSON Web Tokens and JSON Web Keys.
- */
-// eslint-disable-next-line @typescript-eslint/naming-convention
-const JwtAlgorithms = {
-    /**
-     * HMAC using SHA-256.
-     */
-    HS256: "HS256",
-    /**
-     * EdDSA using Ed25519.
-     */
-    EdDSA: "EdDSA"
-};
-
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
 /**
@@ -712,7 +695,34 @@ class FetchHelper {
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
 /**
- * Class to encode and decode JSON Web Tokens.
+ * Class to handle JSON Web Keys.
+ */
+class Jwk {
+    /**
+     * Runtime name for the class.
+     * @internal
+     */
+    static _CLASS_NAME = "Jwk";
+    /**
+     * Convert the JWK to a crypto key.
+     * @param jwk The JWK to convert.
+     * @returns The crypto key.
+     */
+    static async toCryptoKey(jwk) {
+        Guards.object(Jwk._CLASS_NAME, "jwk", jwk);
+        try {
+            return importJWK(jwk);
+        }
+        catch (err) {
+            throw new GeneralError(Jwk._CLASS_NAME, "jwkImportFailed", undefined, err);
+        }
+    }
+}
+
+// Copyright 2024 IOTA Stiftung.
+// SPDX-License-Identifier: Apache-2.0.
+/**
+ * Class to handle JSON Web Tokens.
  */
 class Jwt {
     /**
@@ -729,9 +739,9 @@ class Jwt {
      */
     static async encode(header, payload, key) {
         Guards.object(Jwt._CLASS_NAME, "header", header);
-        Guards.arrayOneOf(Jwt._CLASS_NAME, "header.alg", header.alg, Object.values(JwtAlgorithms));
+        Guards.stringValue(Jwt._CLASS_NAME, "header.alg", header.alg);
         Guards.object(Jwt._CLASS_NAME, "payload", payload);
-        Guards.uint8Array(Jwt._CLASS_NAME, "key", key);
+        Guards.defined(Jwt._CLASS_NAME, "key", key);
         return Jwt.internalEncode(header, payload, key);
     }
     /**
@@ -743,7 +753,7 @@ class Jwt {
      */
     static async encodeWithSigner(header, payload, signer) {
         Guards.object(Jwt._CLASS_NAME, "header", header);
-        Guards.arrayOneOf(Jwt._CLASS_NAME, "header.alg", header.alg, Object.values(JwtAlgorithms));
+        Guards.stringValue(Jwt._CLASS_NAME, "header.alg", header.alg);
         Guards.object(Jwt._CLASS_NAME, "payload", payload);
         Guards.function(Jwt._CLASS_NAME, "signer", signer);
         return Jwt.internalEncode(header, payload, undefined, signer);
@@ -790,13 +800,8 @@ class Jwt {
      */
     static async verify(token, key) {
         Guards.stringValue(Jwt._CLASS_NAME, "token", token);
-        Guards.uint8Array(Jwt._CLASS_NAME, "key", key);
-        const decoded = await Jwt.decode(token);
-        const verified = await Jwt.verifySignature(decoded.header, decoded.payload, decoded.signature, key);
-        return {
-            verified,
-            ...decoded
-        };
+        Guards.defined(Jwt._CLASS_NAME, "key", key);
+        return Jwt.verifySignature(token, key);
     }
     /**
      * Verify a token.
@@ -807,79 +812,75 @@ class Jwt {
     static async verifyWithVerifier(token, verifier) {
         Guards.stringValue(Jwt._CLASS_NAME, "token", token);
         Guards.function(Jwt._CLASS_NAME, "verifier", verifier);
-        Guards.stringValue(Jwt._CLASS_NAME, "token", token);
-        const decoded = await Jwt.decode(token);
-        const verified = await Jwt.verifySignature(decoded.header, decoded.payload, decoded.signature, undefined, verifier);
-        return {
-            verified,
-            ...decoded
-        };
+        return Jwt.verifySignature(token, undefined, verifier);
     }
     /**
      * Verify a token by parts.
-     * @param header The header to verify.
-     * @param payload The payload to verify.
-     * @param signature The signature to verify.
+     * @param token The token to verify.
      * @param key The key for verifying the token, if not provided no verification occurs.
      * @param verifier Custom verification method.
      * @returns True if the parts are verified.
      */
-    static async verifySignature(header, payload, signature, key, verifier) {
+    static async verifySignature(token, key, verifier) {
+        Guards.stringValue(Jwt._CLASS_NAME, "token", token);
         const hasKey = Is.notEmpty(key);
         const hasVerifier = Is.notEmpty(verifier);
         if (!hasKey && !hasVerifier) {
             throw new GeneralError(Jwt._CLASS_NAME, "noKeyOrVerifier");
         }
-        let verified = false;
-        if (Is.object(header) &&
-            Is.object(payload) &&
-            Is.uint8Array(signature) &&
-            Is.arrayOneOf(header.alg, Object.values(JwtAlgorithms))) {
-            const segments = [];
-            const headerBytes = Converter.utf8ToBytes(JSON.stringify(header));
-            segments.push(Converter.bytesToBase64Url(headerBytes));
-            const payloadBytes = Converter.utf8ToBytes(JSON.stringify(payload));
-            segments.push(Converter.bytesToBase64Url(payloadBytes));
-            const jwtHeaderAndPayload = Converter.utf8ToBytes(segments.join("."));
-            verifier ??= async (alg, k, p, s) => Jwt.defaultVerifier(alg, k, p, s);
-            verified = await verifier(header.alg, key, jwtHeaderAndPayload, signature);
-        }
-        return verified;
+        verifier ??= async (t, k) => Jwt.defaultVerifier(t, k);
+        return verifier(token, key);
     }
     /**
      * The default signer for the JWT.
      * @param alg The algorithm to use.
      * @param key The key to sign with.
+     * @param header The header to sign.
      * @param payload The payload to sign.
      * @returns The signature.
      */
-    static async defaultSigner(alg, key, payload) {
-        Guards.uint8Array(Jwt._CLASS_NAME, "key", key);
-        Guards.uint8Array(Jwt._CLASS_NAME, "payload", payload);
-        if (alg === "HS256") {
-            const algo = new HmacSha256(key);
-            return algo.update(payload).digest();
+    static async defaultSigner(alg, key, header, payload) {
+        Guards.defined(Jwt._CLASS_NAME, "key", key);
+        Guards.object(Jwt._CLASS_NAME, "header", header);
+        Guards.object(Jwt._CLASS_NAME, "payload", payload);
+        const signer = new SignJWT(payload);
+        header.alg = alg;
+        signer.setProtectedHeader(header);
+        if (alg === "EdDSA" && Is.uint8Array(key)) {
+            // crypto.subtle.importKey does not support Ed25519 keys in raw format.
+            // We need to convert the key to PKCS8 format before importing.
+            // The PKCS8 format is the raw key prefixed with the ASN.1 sequence for an Ed25519 private key.
+            // The ASN.1 sequence is 48 46 02 01 00 30 05 06 03 2b 65 70 04 20 04 20
+            const pkcs8Prefix = new Uint8Array([
+                48, 46, 2, 1, 0, 48, 5, 6, 3, 43, 101, 112, 4, 34, 4, 32
+            ]); // 0x302e020100300506032b657004220420
+            const pkcs8PrivateKey = Uint8ArrayHelper.concat([pkcs8Prefix, key]);
+            const imported = await crypto.subtle.importKey("pkcs8", pkcs8PrivateKey, "Ed25519", false, [
+                "sign"
+            ]);
+            return signer.sign(imported);
         }
-        return Ed25519.sign(key, payload);
+        return signer.sign(key);
     }
     /**
      * The default verifier for the JWT.
-     * @param alg The algorithm to use.
+     * @param token The token to verify.
      * @param key The key to verify with.
-     * @param payload The payload to verify.
-     * @param signature The signature to verify.
      * @returns True if the signature was verified.
      */
-    static async defaultVerifier(alg, key, payload, signature) {
-        Guards.uint8Array(Jwt._CLASS_NAME, "key", key);
-        Guards.uint8Array(Jwt._CLASS_NAME, "payload", payload);
-        Guards.uint8Array(Jwt._CLASS_NAME, "signature", signature);
-        if (alg === "HS256") {
-            const algo = new HmacSha256(key);
-            const sigBytes = algo.update(payload).digest();
-            return ArrayHelper.matches(sigBytes, signature);
+    static async defaultVerifier(token, key) {
+        Guards.stringValue(Jwt._CLASS_NAME, "token", token);
+        Guards.defined(Jwt._CLASS_NAME, "key", key);
+        try {
+            const result = await jwtVerify(token, key);
+            return {
+                header: result.protectedHeader,
+                payload: result.payload
+            };
+        }
+        catch (err) {
+            throw new GeneralError(Jwt._CLASS_NAME, "verifyFailed", undefined, err);
         }
-        return Ed25519.verify(key, payload, signature);
     }
     /**
      * Encode a token.
@@ -896,19 +897,11 @@ class Jwt {
         if (!hasKey && !hasSigner) {
             throw new GeneralError(Jwt._CLASS_NAME, "noKeyOrSigner");
         }
-        signer ??= async (alg, k, p) => Jwt.defaultSigner(alg, k, p);
+        signer ??= async (alg, k, h, p) => Jwt.defaultSigner(alg, k, h, p);
         if (Is.undefined(header.typ)) {
             header.typ = "JWT";
         }
-        const segments = [];
-        const headerBytes = Converter.utf8ToBytes(JSON.stringify(header));
-        segments.push(Converter.bytesToBase64Url(headerBytes));
-        const payloadBytes = Converter.utf8ToBytes(JSON.stringify(payload));
-        segments.push(Converter.bytesToBase64Url(payloadBytes));
-        const jwtHeaderAndPayload = Converter.utf8ToBytes(segments.join("."));
-        const sigBytes = await signer(header.alg, key, jwtHeaderAndPayload);
-        segments.push(Converter.bytesToBase64Url(sigBytes));
-        return segments.join(".");
+        return signer(header.alg, key, header, payload);
     }
 }
 
@@ -1048,4 +1041,4 @@ class MimeTypeHelper {
     }
 }
 
-export { FetchError, FetchHelper, HeaderTypes, HttpMethod, HttpStatusCode, Jwt, JwtAlgorithms, MimeTypeHelper, MimeTypes };
+export { FetchError, FetchHelper, HeaderTypes, HttpMethod, HttpStatusCode, Jwk, Jwt, MimeTypeHelper, MimeTypes };

package/dist/types/index.d.ts

@@ -7,8 +7,9 @@ export * from "./models/IHttpHeaders";
 export * from "./models/IJwk";
 export * from "./models/IJwtHeader";
 export * from "./models/IJwtPayload";
-export * from "./models/jwtAlgorithms";
+export * from "./models/jwkCryptoKey";
 export * from "./models/mimeTypes";
 export * from "./utils/fetchHelper";
+export * from "./utils/jwk";
 export * from "./utils/jwt";
 export * from "./utils/mimeTypeHelper";

package/dist/types/models/IJwk.d.ts

@@ -1,62 +1,6 @@
-import type { JwtAlgorithms } from "./jwtAlgorithms";
+import type { JWK } from "jose";
 /**
  * The fields in a JSON Web Key.
  */
-export interface IJwk {
-    /**
-     * Additional fields in the key.
-     */
-    [key: string]: unknown;
-    /**
-     * The cryptographic algorithm for the key.
-     */
-    alg?: JwtAlgorithms;
-    /**
-     * The intended use for the key.
-     */
-    use?: string;
-    /**
-     * The operation(s) that the key is intended to be used for.
-     */
-    key_ops?: string[];
-    /**
-     * The key type parameter.
-     */
-    kty: string;
-    /**
-     * The public key parameters.
-     */
-    n?: string;
-    /**
-     * Exponent parameter.
-     */
-    e?: string;
-    /**
-     * The private key parameters.
-     */
-    d?: string;
-    /**
-     * The private key parameters.
-     */
-    p?: string;
-    /**
-     * The private key parameters.
-     */
-    q?: string;
-    /**
-     * The private key parameters.
-     */
-    dp?: string;
-    /**
-     * The private key parameters.
-     */
-    dq?: string;
-    /**
-     * The private key parameters.
-     */
-    qi?: string;
-    /**
-     * The key ID.
-     */
-    kid?: string;
+export interface IJwk extends JWK {
 }

package/dist/types/models/IJwtHeader.d.ts

@@ -1,22 +1,6 @@
-import type { JwtAlgorithms } from "./jwtAlgorithms";
+import type { JWTHeaderParameters } from "jose";
 /**
  * The fields in a JSON Web Token header.
  */
-export interface IJwtHeader {
-    /**
-     * Additional fields in the header.
-     */
-    [key: string]: unknown;
-    /**
-     * The type of the token.
-     */
-    typ?: string;
-    /**
-     * The algorithm used to sign the token.
-     */
-    alg: JwtAlgorithms;
-    /**
-     * The key ID.
-     */
-    kid?: string;
+export interface IJwtHeader extends JWTHeaderParameters {
 }

package/dist/types/models/IJwtPayload.d.ts

@@ -1,37 +1,6 @@
+import type { JWTPayload } from "jose";
 /**
  * The fields in a JSON Web Token payload.
  */
-export interface IJwtPayload {
-    /**
-     * Additional fields in the payload.
-     */
-    [key: string]: unknown;
-    /**
-     * The issuer of the token.
-     */
-    iss?: string;
-    /**
-     * The subject of the token.
-     */
-    sub?: string;
-    /**
-     * The audience of the token.
-     */
-    aud?: string;
-    /**
-     * The expiration time of the token.
-     */
-    exp?: number;
-    /**
-     * The not before time of the token.
-     */
-    nbf?: number;
-    /**
-     * The issued at time of the token.
-     */
-    iat?: number;
-    /**
-     * The JWT ID.
-     */
-    jti?: string;
+export interface IJwtPayload extends JWTPayload {
 }

package/dist/types/models/jwkCryptoKey.d.ts

@@ -0,0 +1,5 @@
+import type { CryptoKey } from "jose";
+/**
+ * The crypto key for a JWK.
+ */
+export type JwkCryptoKey = CryptoKey | Uint8Array;

package/dist/types/utils/jwk.d.ts

@@ -0,0 +1,13 @@
+import type { IJwk } from "../models/IJwk";
+import type { JwkCryptoKey } from "../models/jwkCryptoKey";
+/**
+ * Class to handle JSON Web Keys.
+ */
+export declare class Jwk {
+    /**
+     * Convert the JWK to a crypto key.
+     * @param jwk The JWK to convert.
+     * @returns The crypto key.
+     */
+    static toCryptoKey(jwk: IJwk): Promise<JwkCryptoKey>;
+}