byu-jwt - npm Package Compare versions
Comparing version 2.1.4 to 3.0.0
@@ -138,3 +138,3 @@ import {NextFunction, Request, Response} from 'express' | ||
| getOpenIdConfiguration(): Promise<ByuOpenIdConfig> | ||
| getPublicKey(): Promise<string> | ||
| getPem(): Promise<string> | ||
| verifyJWT(jwt: string): Promise<boolean> | ||
@@ -141,0 +141,0 @@ } |
@@ -25,3 +25,2 @@ /** | ||
| const pemGetPublicKey = promisify(require('pem').getPublicKey) | ||
| const jsonWebTokenVerify = promisify(jsonWebToken.verify) | ||
@@ -86,4 +85,4 @@ | ||
| byuJwt.getPublicKey = async function () { | ||
| return initPublicKey(byuJwt.cache) | ||
| byuJwt.getPem = async function () { | ||
| return initPem(byuJwt.cache) | ||
| } | ||
@@ -281,8 +280,8 @@ | ||
| /** | ||
| * Get the public key for the OpenID configuration | ||
| * Get the .pem certificate for the OpenID configuration | ||
| * @param {object} cache | ||
| * @returns {string} | ||
| */ | ||
| async function getPublicKey (cache) { | ||
| debug('getting public key') | ||
| async function getPem (cache) { | ||
| debug('getting pem') | ||
| const openIdConfig = await initOpenId(cache) | ||
@@ -296,12 +295,10 @@ try { | ||
| // extract public key | ||
| const { publicKey } = await pemGetPublicKey(cert) | ||
| debug('public key acquired') | ||
| debug('pem acquired') | ||
| const maxAge = getMaxAge(result.headers) | ||
| const ttl = maxAgeInMinutes(maxAge) | ||
| cache.byuCert.setTTL(ttl) | ||
| cache.byuCert.setCache(publicKey) | ||
| return publicKey | ||
| cache.byuCert.setCache(cert) | ||
| return cert | ||
| } catch (err) { | ||
| debug('failed to get public key') | ||
| debug('failed to get pem') | ||
| cache.byuCert.clearCache() | ||
@@ -348,4 +345,4 @@ throw err | ||
| async function initPublicKey (cache) { | ||
| return cache.byuCert.getCache() || getPublicKey(cache) | ||
| async function initPem (cache) { | ||
| return cache.byuCert.getCache() || getPem(cache) | ||
| } | ||
@@ -370,7 +367,7 @@ | ||
| const algorithms = openIdConfig.id_token_signing_alg_values_supported | ||
| const publicKey = await getPublicKey(cache) | ||
| const pem = await getPem(cache) | ||
| debug('verifying JWT') | ||
| try { | ||
| const verifiedJWT = await jsonWebTokenVerify(jwt, publicKey, { algorithms }) | ||
| const verifiedJWT = await jsonWebTokenVerify(jwt, pem, { algorithms }) | ||
| debug('verified JWT') | ||
@@ -377,0 +374,0 @@ return verifiedJWT |
| { | ||
| "name": "byu-jwt", | ||
| "version": "2.1.4", | ||
| "version": "3.0.0", | ||
| "description": "The byu-jwt module provides helpful functions to retrieve a specified BYU .well-known URL and verify BYU signed JWTs.", | ||
@@ -10,3 +10,3 @@ "main": "index.js", | ||
| }, | ||
| "author": "Matthew Hailstone", | ||
| "author": "Gary Crye", | ||
| "license": "Apache-2.0", | ||
@@ -26,13 +26,12 @@ "bugs": { | ||
| "debug": "^4.1.1", | ||
| "jsonwebtoken": "^8.5.1", | ||
| "pem": "^1.14.3" | ||
| "jsonwebtoken": "^8.5.1" | ||
| }, | ||
| "devDependencies": { | ||
| "@types/express": "^4.17.2", | ||
| "@types/express": "^4.17.4", | ||
| "chai": "^4.2.0", | ||
| "mocha": "^7.0.1", | ||
| "nyc": "^15.0.0", | ||
| "request": "^2.88.0", | ||
| "standard": "^14.3.1" | ||
| "mocha": "^7.1.1", | ||
| "nyc": "^15.0.1", | ||
| "request": "^2.88.2", | ||
| "standard": "^14.3.3" | ||
| } | ||
| } |
@@ -16,3 +16,3 @@ # byu-jwt | ||
| - [Get OpenID Configuration](#get-openid-configuration) | ||
| - [Get Public Key](#get-public-key) | ||
| - [Get Pem](#get-pem) | ||
| - [Verify JWT](#verify-jwt) | ||
@@ -26,2 +26,6 @@ - [Cache Time to Live](#cache-time-to-live) | ||
| ## Migrate from v2 to v3 | ||
| * `getPublicKey` has been [removed](https://github.com/byu-oit/byu-jwt-nodejs/commit/fe16edddd1f59a4f6c37acc29d9a20b5878626bd) - If you were using it, look into the new `getPem` function | ||
| * Ensure that the [`openssl`](https://nodejs.org/en/docs/meta/topics/dependencies/#openssl) shipped with your version of Node supports the algorithms you need - We're now using that instead of expecting an `openssl` executable to be found on the system. | ||
| ## API | ||
@@ -139,11 +143,11 @@ | ||
| ### Get Public Key | ||
| ### Get Pem | ||
| Get the public key for the OpenID configuration. | ||
| Get the certificate for the OpenID configuration, in .pem format. | ||
| `ByuJWT.prototype.getPublicKey ()` | ||
| `ByuJWT.prototype.getPem ()` | ||
| **Parameters** None | ||
| **Returns** a promise that resolves to the public key `string`. | ||
| **Returns** a promise that resolves to the pem `string`. | ||
@@ -198,4 +202,4 @@ ### Verify JWT | ||
| 2. Run `awslogin` (https://github.com/byu-oit/awslogin) | ||
| 2. Set the `TOKEN` environment variable | ||
| 3. Run `npm test` |
@@ -63,6 +63,7 @@ /* | ||
| it('can get public key', () => { | ||
| return byuJWT.getPublicKey() | ||
| it('can get pem', () => { | ||
| return byuJWT.getPem() | ||
| .then(value => { | ||
| expect(value).to.match(/^-+BEGIN PUBLIC KEY-+/) | ||
| expect(value).to.match(/^-----BEGIN CERTIFICATE-----/) | ||
| expect(value).to.match(/-----END CERTIFICATE-----$/) | ||
| }) | ||
@@ -69,0 +70,0 @@ }) |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.49%
49222
- Dependency count
- decreased by-33.33%
2
- Number of lines in readme file
- increased by2.03%
201
Worsened metrics
- Lines of code
- decreased by-0.25%
794
Dependency changes
- Removedpem@^1.14.3
- Removedcharenc@0.0.2(transitive)
- Removedcrypt@0.0.2(transitive)
- Removedes6-promisify@7.0.0(transitive)
- Removedis-buffer@1.1.6(transitive)
- Removedisexe@2.0.0(transitive)
- Removedmd5@2.3.0(transitive)
- Removedos-tmpdir@1.0.2(transitive)
- Removedpem@1.15.1(transitive)
- Removedwhich@2.0.2(transitive)