🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@simplewebauthn/server

Package Overview
Dependencies
Maintainers
1
Versions
89
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@simplewebauthn/server - npm Package Compare versions

Comparing version

7.2.0
to
7.3.0

2

dist/helpers/convertPEMToBytes.js

@@ -12,3 +12,3 @@ "use strict";

.replace('-----END CERTIFICATE-----', '')
.replace(/\n/g, '');
.replace(/[\n ]/g, '');
return iso_1.isoBase64URL.toBuffer(certBase64, 'base64');

@@ -15,0 +15,0 @@ }

5

dist/metadata/verifyJWT.d.ts
/**
* Lightweight verification for FIDO MDS JWTs.
* Lightweight verification for FIDO MDS JWTs. Supports use of EC2 and RSA.
*
* Currently assumes `"alg": "ES256"` in the JWT header, it's what FIDO MDS uses. If this ever
* needs to support more JWS algorithms, here's the list of them:
* If this ever needs to support more JWS algorithms, here's the list of them:
*

@@ -7,0 +6,0 @@ * https://www.rfc-editor.org/rfc/rfc7518.html#section-3.1

19

dist/metadata/verifyJWT.js

@@ -8,7 +8,7 @@ "use strict";

const verifyEC2_1 = require("../helpers/iso/isoCrypto/verifyEC2");
const verifyRSA_1 = require("../helpers/iso/isoCrypto/verifyRSA");
/**
* Lightweight verification for FIDO MDS JWTs.
* Lightweight verification for FIDO MDS JWTs. Supports use of EC2 and RSA.
*
* Currently assumes `"alg": "ES256"` in the JWT header, it's what FIDO MDS uses. If this ever
* needs to support more JWS algorithms, here's the list of them:
* If this ever needs to support more JWS algorithms, here's the list of them:
*

@@ -22,6 +22,8 @@ * https://www.rfc-editor.org/rfc/rfc7518.html#section-3.1

const certCOSE = (0, convertX509PublicKeyToCOSE_1.convertX509PublicKeyToCOSE)(leafCert);
const data = iso_1.isoUint8Array.fromUTF8String(`${header}.${payload}`);
const signatureBytes = iso_1.isoBase64URL.toBuffer(signature);
if ((0, cose_1.isCOSEPublicKeyEC2)(certCOSE)) {
return (0, verifyEC2_1.verifyEC2)({
data: iso_1.isoUint8Array.fromUTF8String(`${header}.${payload}`),
signature: iso_1.isoBase64URL.toBuffer(signature),
data,
signature: signatureBytes,
cosePublicKey: certCOSE,

@@ -31,2 +33,9 @@ shaHashOverride: cose_1.COSEALG.ES256,

}
else if ((0, cose_1.isCOSEPublicKeyRSA)(certCOSE)) {
return (0, verifyRSA_1.verifyRSA)({
data,
signature: signatureBytes,
cosePublicKey: certCOSE,
});
}
const kty = certCOSE.get(cose_1.COSEKEYS.kty);

@@ -33,0 +42,0 @@ throw new Error(`JWT verification with public key of kty ${kty} is not supported by this method`);

4

package.json
{
"name": "@simplewebauthn/server",
"version": "7.2.0",
"version": "7.3.0",
"description": "SimpleWebAuthn for Servers",

@@ -65,3 +65,3 @@ "main": "dist/index.js",

},
"gitHead": "73630d7431abde0f13cabc601c7821135d95b18c"
"gitHead": "0ab19d8f8319ff6a36dbb53d14750bd345947eb8"
}
dist/helpers/convertPEMToBytes.js.map

Sorry, the diff of this file is not supported yet

dist/metadata/verifyJWT.js.map

Sorry, the diff of this file is not supported yet