Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
byu-jwt - npm Package Compare versions
Comparing version 3.0.7 to 3.1.0
@@ -187,3 +187,12 @@ /** | ||
| const context = verifiedJWTs.current.raw['http://wso2.org/claims/apicontext'] | ||
| if (!context.startsWith(options.basePath)) throw new AuthenticationError('Invalid API context in JWT') | ||
| if (context && !context.startsWith(options.basePath)) { | ||
| throw new AuthenticationError('Invalid API context in JWT') | ||
| } | ||
| const aud = verifiedJWTs.current.raw.aud | ||
| if (aud) { | ||
| // aud can be a string or an array: https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3 | ||
| if (typeof aud === 'string' && !aud.startsWith(options.basePath)) throw new AuthenticationError('Invalid aud in JWT') | ||
| if (!aud.some(audience => audience.startsWith(options.basePath))) throw new AuthenticationError('Invalid aud in JWT') | ||
| } | ||
| } | ||
@@ -386,3 +395,4 @@ | ||
| const matchingKey = (await initPem(cache)).find(key => key.x5t === jwtHeaders.x5t) | ||
| const validKeys = await initPem(cache) | ||
| const matchingKey = validKeys.find(key => key.x5t === jwtHeaders.x5t) | ||
| if (!matchingKey) { | ||
@@ -389,0 +399,0 @@ debug('Failed verifying JWT: x5t in JWT did not correspond to any known key') |
| { | ||
| "name": "byu-jwt", | ||
| "version": "3.0.7", | ||
| "version": "3.1.0", | ||
| "description": "The byu-jwt module provides helpful functions to retrieve a specified BYU .well-known URL and verify BYU signed JWTs.", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -144,2 +144,47 @@ /* | ||
| }) | ||
| describe('with basePath', () => { | ||
| const byuJwtWithEchoBasePath = ByuJWT({ basePath: '/echo' }) | ||
| const byuJWTWithOtherBasePath = ByuJWT({ basePath: '/other' }) | ||
| it('valid API context', () => { | ||
| const headers = {} | ||
| headers[ByuJWT.BYU_JWT_HEADER_CURRENT] = jwt | ||
| return byuJwtWithEchoBasePath.authenticate(headers) | ||
| .then(result => { | ||
| expect(result.claims).to.deep.equal(result.current.client) | ||
| }) | ||
| }) | ||
| it('invalid API context', () => { | ||
| const headers = {} | ||
| headers[ByuJWT.BYU_JWT_HEADER_CURRENT] = jwt | ||
| return byuJWTWithOtherBasePath.authenticate(headers) | ||
| .then(() => { throw Error('not this error') }) | ||
| .catch(err => { | ||
| expect(err.message).to.equal('Invalid API context in JWT') | ||
| }) | ||
| }) | ||
| // TODO: Programmatically get Tyk JWT | ||
| it.skip('valid aud', () => { | ||
| const headers = {} | ||
| headers[ByuJWT.BYU_JWT_HEADER_CURRENT] = jwt | ||
| return byuJwtWithEchoBasePath.authenticate(headers) | ||
| .then(result => { | ||
| expect(result.claims).to.deep.equal(result.current.client) | ||
| }) | ||
| }) | ||
| // TODO: Programmatically get Tyk JWT | ||
| it.skip('invalid aud', () => { | ||
| const headers = {} | ||
| headers[ByuJWT.BYU_JWT_HEADER_CURRENT] = jwt | ||
| return byuJWTWithOtherBasePath.authenticate(headers) | ||
| .then(() => { throw Error('not this error') }) | ||
| .catch(err => { | ||
| expect(err.message).to.equal('Invalid aud in JWT') | ||
| }) | ||
| }) | ||
| }) | ||
| }) | ||
@@ -146,0 +191,0 @@ |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by3.95%
55207
- Lines of code
- increased by5.82%
891
No dependency changes