@logto/js - npm Package Compare versions
Comparing version 3.0.2 to 4.0.0-alpha.0
@@ -17,3 +17,3 @@ import camelcaseKeys from 'camelcase-keys'; | ||
| headers: ContentType.formUrlEncoded, | ||
| body: parameters, | ||
| body: parameters.toString(), | ||
| }); | ||
@@ -46,3 +46,3 @@ return camelcaseKeys(snakeCaseCodeTokenResponse); | ||
| headers: ContentType.formUrlEncoded, | ||
| body: parameters, | ||
| body: parameters.toString(), | ||
| }); | ||
@@ -49,0 +49,0 @@ return camelcaseKeys(snakeCaseRefreshTokenTokenResponse); |
| import { QueryKey, Prompt } from '../consts/index.js'; | ||
| import '@silverhand/essentials'; | ||
| import 'jose'; | ||
| import { withDefaultScopes } from '../utils/scopes.js'; | ||
@@ -5,0 +3,0 @@ |
@@ -9,3 +9,3 @@ export { fetchTokenByAuthorizationCode, fetchTokenByRefreshToken } from './core/fetch-token.js'; | ||
| export { LogtoError, LogtoRequestError, OidcError, isLogtoRequestError } from './utils/errors.js'; | ||
| export { decodeIdToken, verifyIdToken } from './utils/id-token.js'; | ||
| export { decodeIdToken } from './utils/id-token.js'; | ||
| export { decodeAccessToken } from './utils/access-token.js'; | ||
@@ -12,0 +12,0 @@ export { withDefaultScopes } from './utils/scopes.js'; |
| import type { Nullable } from '@silverhand/essentials'; | ||
| import type { JWTVerifyGetKey } from 'jose'; | ||
| export type IdTokenClaims = { | ||
@@ -45,3 +44,2 @@ /** Issuer of this token. */ | ||
| } & Record<string, unknown>; | ||
| export declare const verifyIdToken: (idToken: string, clientId: string, issuer: string, jwks: JWTVerifyGetKey) => Promise<void>; | ||
| export declare const decodeIdToken: (token: string) => IdTokenClaims; |
| import { urlSafeBase64 } from '@silverhand/essentials'; | ||
| import { jwtVerify } from 'jose'; | ||
| import { isArbitraryObject } from './arbitrary-object.js'; | ||
| import { LogtoError } from './errors.js'; | ||
| const issuedAtTimeTolerance = 300; // 5 minutes | ||
| /* eslint-disable complexity */ | ||
@@ -43,8 +41,2 @@ /** | ||
| /* eslint-enable complexity */ | ||
| const verifyIdToken = async (idToken, clientId, issuer, jwks) => { | ||
| const result = await jwtVerify(idToken, jwks, { audience: clientId, issuer }); | ||
| if (Math.abs((result.payload.iat ?? 0) - Date.now() / 1000) > issuedAtTimeTolerance) { | ||
| throw new LogtoError('id_token.invalid_iat'); | ||
| } | ||
| }; | ||
| const decodeIdToken = (token) => { | ||
@@ -61,2 +53,2 @@ const { 1: encodedPayload } = token.split('.'); | ||
| export { decodeIdToken, verifyIdToken }; | ||
| export { decodeIdToken }; |
| { | ||
| "name": "@logto/js", | ||
| "version": "3.0.2", | ||
| "version": "4.0.0-alpha.0", | ||
| "type": "module", | ||
@@ -24,4 +24,3 @@ "main": "./lib/index.cjs", | ||
| "@silverhand/essentials": "^2.8.7", | ||
| "camelcase-keys": "^7.0.1", | ||
| "jose": "^5.0.0" | ||
| "camelcase-keys": "^7.0.1" | ||
| }, | ||
@@ -39,2 +38,3 @@ "devDependencies": { | ||
| "jest-matcher-specific-error": "^1.0.0", | ||
| "jose": "^5.0.0", | ||
| "lint-staged": "^15.0.0", | ||
@@ -41,0 +41,0 @@ "nock": "^13.3.0", |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Improved metrics
- Dependency count
- decreased by-33.33%
2
Worsened metrics
- Total package byte prevSize
- decreased by-1.69%
64809
- Dev dependency count
- increased by5.88%
18
- Lines of code
- decreased by-1.61%
1470
- Number of low quality alerts
- increased by100%
2
Dependency changes
- Removedjose@^5.0.0
- Removedjose@5.10.0(transitive)