Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

did-jwt

Package Overview
Dependencies
Maintainers
6
Versions
142
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

did-jwt - npm Package Compare versions

Comparing version 0.2.1-alpha.5 to 1.0.0-dev.0

4

lib/index.d.ts
import SimpleSigner from './SimpleSigner';
import NaclSigner from './NaclSigner';
import { verifyJWT, createJWT, decodeJWT, Signer } from './JWT';
import { verifyJWT, createJWT, decodeJWT, Signer, createUnsignedJWT } from './JWT';
import { toEthereumAddress } from './Digest';
export { SimpleSigner, NaclSigner, verifyJWT, createJWT, decodeJWT, toEthereumAddress, Signer };
export { SimpleSigner, NaclSigner, verifyJWT, createJWT, createUnsignedJWT, decodeJWT, toEthereumAddress, Signer };
//# sourceMappingURL=index.d.ts.map

2

lib/index.js

@@ -1,2 +0,2 @@

function r(r){return r&&"object"==typeof r&&"default"in r?r.default:r}var e=require("js-sha256"),t=require("js-sha3"),n=require("elliptic"),o=r(require("tweetnacl")),i=require("@stablelib/utf8"),a=require("buffer"),u=r(require("uport-base64url")),c=r(require("did-resolver"));function f(r){return a.Buffer.from(e.sha256.arrayBuffer(r))}function s(r){return"0x"+(e=a.Buffer.from(r.slice(2),"hex"),a.Buffer.from(t.keccak_256.arrayBuffer(e))).slice(-20).toString("hex");var e}var d=new n.ec("secp256k1");function h(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function l(r){return new Uint8Array(Array.prototype.slice.call(Buffer.from(r,"base64"),0))}var p=new n.ec("secp256k1");function v(r,e){void 0===e&&(e=!1);var t=u.toBuffer(r);if(t.length!==(e?65:64))throw new Error("wrong signature length");var n={r:t.slice(0,32).toString("hex"),s:t.slice(32,64).toString("hex")};return e&&(n.recoveryParam=t[64]),n}var w={ES256K:function(r,e,t){var n=f(r),o=v(e),i=t.find(function(r){return p.keyFromPublic(r.publicKeyHex,"hex").verify(n,o)});if(!i)throw new Error("Signature invalid for JWT");return i},"ES256K-R":function(r,e,t){var n=v(e,!0),o=f(r),i=p.recoverPubKey(o,n,n.recoveryParam),a=i.encode("hex"),u=i.encode("hex",!0),c=s(a),d=t.find(function(r){var e=r.publicKeyHex;return e===a||e===u||r.ethereumAddress===c});if(!d)throw new Error("Signature invalid for JWT");return d},Ed25519:function(r,e,t){var n=i.encode(r),a=l(u.toBase64(e)),c=t.find(function(r){return o.sign.detached.verify(n,a,l(r.publicKeyBase64))});if(!c)throw new Error("Signature invalid for JWT");return c}};function y(r){var e=w[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function g(r){return"object"==typeof r&&"r"in r&&"s"in r}function m(r){return function(e,t){try{return Promise.resolve(t(e)).then(function(e){if(g(e))return function(t){var n=e.r,o=e.s,i=e.recoveryParam,c=a.Buffer.alloc(r?65:64);if(a.Buffer.from(n,"hex").copy(c,0),a.Buffer.from(o,"hex").copy(c,32),r){if(void 0===i)throw new Error("Signer did not return a recoveryParam");c[64]=i}return u.encode(c)}();throw new Error("expected a signer function that returns a signature object instead of string")})}catch(r){return Promise.reject(r)}}}y.toSignatureObject=v;var E={ES256K:m(),"ES256K-R":m(!0),Ed25519:function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(g(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}},b={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]};function S(r){return u.encode(JSON.stringify(r))}function x(r){return r.match(/^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/)}function P(r){if(r.match(/^did:/))return r;if(x(r))return"did:uport:"+r;throw new Error("Not a valid DID '"+r+"'")}function k(r){if(!r)throw new Error("no JWT passed into decodeJWT");var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(u.decode(e[1])),payload:JSON.parse(u.decode(e[2])),signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWT")}exports.SimpleSigner=function(r){var e=d.keyFromPrivate(r);return function(r){try{var t=e.sign(f(r)),n=t.s,o=t.recoveryParam;return Promise.resolve({r:h(t.r.toString("hex")),s:h(n.toString("hex")),recoveryParam:o})}catch(r){return Promise.reject(r)}}},exports.NaclSigner=function(r){var e=l(r);return function(r){try{var t=i.encode(r),n=o.sign.detached(t,e),c=u.encode(a.Buffer.from(n));return Promise.resolve(c)}catch(r){return Promise.reject(r)}}},exports.verifyJWT=function(r,e){void 0===e&&(e={auth:null,audience:null,callbackUrl:null});try{var t=e.audience?P(e.audience):void 0,n=k(r),o=n.payload,i=n.header,a=n.signature,u=n.data;return Promise.resolve(function(r,e,t){try{var n=b[r];if(!n||0===n.length)throw new Error("No supported signature types for algorithm "+r);var o=P(e);return Promise.resolve(c(o)).then(function(e){if(!e)throw new Error("Unable to resolve DID document for "+o);var i=!t||(e.authentication||[]).map(function(r){return r.publicKey}),a=(e.publicKey||[]).filter(function(r){var e=r.type,o=r.id;return n.find(function(r){return r===e&&(!t||Array.isArray(i)&&i.indexOf(o)>=0)})});if(t&&(!a||0===a.length))throw new Error("DID document for "+o+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+o+" does not have public keys for "+r);return{authenticators:a,issuer:o,doc:e}})}catch(r){return Promise.reject(r)}}(i.alg,o.iss,e.auth)).then(function(n){var c,f=n.doc,s=n.authenticators,d=n.issuer,h=y(i.alg)(u,a,s),l=Math.floor(Date.now()/1e3);if(h){if(o.iat&&o.iat>l+300)throw new Error("JWT not valid yet (issued in the future): iat: "+o.iat+" > now: "+l);if(o.exp&&o.exp<=l-300)throw new Error("JWT has expired: exp: "+o.exp+" < now: "+l);if(o.aud)if((c=o.aud)&&(c.match(/^did:/)||x(c))){if(!t)throw new Error("JWT audience is required but your app address has not been configured");if(t!==P(o.aud))throw new Error("JWT audience does not match your DID: aud: "+o.aud+" !== yours: "+t)}else{if(!e.callbackUrl)throw new Error("JWT audience matching your callback url is required but one wasn't passed in");if(o.aud!==e.callbackUrl)throw new Error("JWT audience does not match the callback url: aud: "+o.aud+" !== url: "+e.callbackUrl)}return{payload:o,doc:f,issuer:d,signer:h,jwt:r}}})}catch(r){return Promise.reject(r)}},exports.createJWT=function(r,e){var t=e.issuer,n=e.signer,o=e.alg,i=e.expiresIn;try{if(!n)throw new Error("No Signer functionality has been configured");if(!t)throw new Error("No issuing DID has been configured");var a={typ:"JWT",alg:o||"ES256K"},u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(i){if("number"!=typeof i)throw new Error("JWT expiresIn is not a number");u.exp=u.iat+Math.floor(i)}var c=[S(a),S(Object.assign({},u,r,{iss:t}))].join("."),f=function(r){var e=E[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(a.alg);return Promise.resolve(f(c,n)).then(function(r){return[c,r].join(".")})}catch(r){return Promise.reject(r)}},exports.decodeJWT=k,exports.toEthereumAddress=s;
function r(r){return r&&"object"==typeof r&&"default"in r?r.default:r}var e=require("js-sha256"),n=require("js-sha3"),t=require("elliptic"),o=r(require("tweetnacl")),i=require("@stablelib/utf8"),a=require("buffer"),u=r(require("uport-base64url")),c=r(require("did-resolver"));function f(r){return a.Buffer.from(e.sha256.arrayBuffer(r))}function s(r){return"0x"+(e=a.Buffer.from(r.slice(2),"hex"),a.Buffer.from(n.keccak_256.arrayBuffer(e))).slice(-20).toString("hex");var e}var d=new t.ec("secp256k1");function l(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function h(r){return new Uint8Array(Array.prototype.slice.call(Buffer.from(r,"base64"),0))}var p=new t.ec("secp256k1");function v(r,e){void 0===e&&(e=!1);var n=u.toBuffer(r);if(n.length!==(e?65:64))throw new Error("wrong signature length");var t={r:n.slice(0,32).toString("hex"),s:n.slice(32,64).toString("hex")};return e&&(t.recoveryParam=n[64]),t}var w={ES256K:function(r,e,n){var t=f(r),o=v(e),i=n.find(function(r){return p.keyFromPublic(r.publicKeyHex,"hex").verify(t,o)});if(!i)throw new Error("Signature invalid for JWT");return i},"ES256K-R":function(r,e,n){var t=v(e,!0),o=f(r),i=p.recoverPubKey(o,t,t.recoveryParam),a=i.encode("hex"),u=i.encode("hex",!0),c=s(a),d=n.find(function(r){var e=r.publicKeyHex;return e===a||e===u||r.ethereumAddress===c});if(!d)throw new Error("Signature invalid for JWT");return d},Ed25519:function(r,e,n){var t=i.encode(r),a=h(u.toBase64(e)),c=n.find(function(r){return o.sign.detached.verify(t,a,h(r.publicKeyBase64))});if(!c)throw new Error("Signature invalid for JWT");return c}};function y(r){var e=w[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function g(r){return"object"==typeof r&&"r"in r&&"s"in r}function m(r){return function(e,n){try{return Promise.resolve(n(e)).then(function(e){if(g(e))return function(n){var t=e.r,o=e.s,i=e.recoveryParam,c=a.Buffer.alloc(r?65:64);if(a.Buffer.from(t,"hex").copy(c,0),a.Buffer.from(o,"hex").copy(c,32),r){if(void 0===i)throw new Error("Signer did not return a recoveryParam");c[64]=i}return u.encode(c)}();throw new Error("expected a signer function that returns a signature object instead of string")})}catch(r){return Promise.reject(r)}}}y.toSignatureObject=v;var b={ES256K:m(),"ES256K-R":m(!0),Ed25519:function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(g(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}},E={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]};function x(r){return u.encode(JSON.stringify(r))}function S(r){return r.match(/^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/)}function P(r){if(r.match(/^did:/))return r;if(S(r))return"did:uport:"+r;throw new Error("Not a valid DID '"+r+"'")}function J(r){if(!r)throw new Error("no JWT passed into decodeJWT");var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(u.decode(e[1])),payload:JSON.parse(u.decode(e[2])),signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWT")}exports.SimpleSigner=function(r){var e=d.keyFromPrivate(r);return function(r){try{var n=e.sign(f(r)),t=n.s,o=n.recoveryParam;return Promise.resolve({r:l(n.r.toString("hex")),s:l(t.toString("hex")),recoveryParam:o})}catch(r){return Promise.reject(r)}}},exports.NaclSigner=function(r){var e=h(r);return function(r){try{var n=i.encode(r),t=o.sign.detached(n,e),c=u.encode(a.Buffer.from(t));return Promise.resolve(c)}catch(r){return Promise.reject(r)}}},exports.verifyJWT=function(r,e){void 0===e&&(e={auth:null,audience:null,callbackUrl:null});try{var n=e.audience?P(e.audience):void 0,t=J(r),o=t.payload,i=t.header,a=t.signature,u=t.data;return Promise.resolve(function(r,e,n){try{var t=E[r];if(!t||0===t.length)throw new Error("No supported signature types for algorithm "+r);var o=P(e);return Promise.resolve(c(o)).then(function(e){if(!e)throw new Error("Unable to resolve DID document for "+o);var i=!n||(e.authentication||[]).map(function(r){return r.publicKey}),a=(e.publicKey||[]).filter(function(r){var e=r.type,o=r.id;return t.find(function(r){return r===e&&(!n||Array.isArray(i)&&i.indexOf(o)>=0)})});if(n&&(!a||0===a.length))throw new Error("DID document for "+o+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+o+" does not have public keys for "+r);return{authenticators:a,issuer:o,doc:e}})}catch(r){return Promise.reject(r)}}(i.alg,o.iss,e.auth)).then(function(t){var c,f=t.doc,s=t.authenticators,d=t.issuer,l=y(i.alg)(u,a,s),h=Math.floor(Date.now()/1e3);if(l){if(o.nbf&&o.nbf>h+300)throw new Error("JWT not valid yet (issued in the future): nbf: "+o.nbf+" > now: "+h);if(o.exp&&o.exp<=h-300)throw new Error("JWT has expired: exp: "+o.exp+" < now: "+h);if(o.aud)if((c=o.aud)&&(c.match(/^did:/)||S(c))){if(!n)throw new Error("JWT audience is required but your app address has not been configured");if(n!==P(o.aud))throw new Error("JWT audience does not match your DID: aud: "+o.aud+" !== yours: "+n)}else{if(!e.callbackUrl)throw new Error("JWT audience matching your callback url is required but one wasn't passed in");if(o.aud!==e.callbackUrl)throw new Error("JWT audience does not match the callback url: aud: "+o.aud+" !== url: "+e.callbackUrl)}return{payload:o,doc:f,issuer:d,signer:l,jwt:r}}})}catch(r){return Promise.reject(r)}},exports.createJWT=function(r,e){var n=e.issuer,t=e.signer,o=e.alg,i=e.expiresIn;try{if(!t)throw new Error("No Signer functionality has been configured");var a={typ:"JWT",alg:o||"ES256K"},u={nbf:Math.floor(Date.now()/1e3),exp:void 0};if(i){if("number"!=typeof i)throw new Error("JWT expiresIn is not a number");u.exp=u.nbf+Math.floor(i)}var c=[x(a),x(Object.assign({},u,r,{iss:n}))].join("."),f=function(r){var e=b[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(a.alg);return Promise.resolve(f(c,t)).then(function(r){return[c,r].join(".")})}catch(r){return Promise.reject(r)}},exports.createUnsignedJWT=function(r){return[x({type:"JWT",alg:"none,"}),x(r),""].join(".")},exports.decodeJWT=J,exports.toEthereumAddress=s;
//# sourceMappingURL=index.js.map

2

lib/index.umd.js

@@ -1,2 +0,2 @@

!function(r,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("js-sha256"),require("js-sha3"),require("elliptic"),require("tweetnacl"),require("@stablelib/utf8"),require("buffer"),require("uport-base64url"),require("did-resolver")):"function"==typeof define&&define.amd?define(["exports","js-sha256","js-sha3","elliptic","tweetnacl","@stablelib/utf8","buffer","uport-base64url","did-resolver"],e):e(r.didJwt={},r.jsSha256,r.jsSha3,r.elliptic,r.tweetnacl,r.utf8,r.buffer,r.base64url,r.resolve)}(this,function(r,e,t,n,i,o,a,u,c){function f(r){return a.Buffer.from(e.sha256.arrayBuffer(r))}function s(r){return"0x"+(e=a.Buffer.from(r.slice(2),"hex"),a.Buffer.from(t.keccak_256.arrayBuffer(e))).slice(-20).toString("hex");var e}i=i&&i.hasOwnProperty("default")?i.default:i,u=u&&u.hasOwnProperty("default")?u.default:u,c=c&&c.hasOwnProperty("default")?c.default:c;var d=new n.ec("secp256k1");function l(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function h(r){return new Uint8Array(Array.prototype.slice.call(Buffer.from(r,"base64"),0))}var p=new n.ec("secp256k1");function w(r,e){void 0===e&&(e=!1);var t=u.toBuffer(r);if(t.length!==(e?65:64))throw new Error("wrong signature length");var n={r:t.slice(0,32).toString("hex"),s:t.slice(32,64).toString("hex")};return e&&(n.recoveryParam=t[64]),n}var v={ES256K:function(r,e,t){var n=f(r),i=w(e),o=t.find(function(r){return p.keyFromPublic(r.publicKeyHex,"hex").verify(n,i)});if(!o)throw new Error("Signature invalid for JWT");return o},"ES256K-R":function(r,e,t){var n=w(e,!0),i=f(r),o=p.recoverPubKey(i,n,n.recoveryParam),a=o.encode("hex"),u=o.encode("hex",!0),c=s(a),d=t.find(function(r){var e=r.publicKeyHex;return e===a||e===u||r.ethereumAddress===c});if(!d)throw new Error("Signature invalid for JWT");return d},Ed25519:function(r,e,t){var n=o.encode(r),a=h(u.toBase64(e)),c=t.find(function(r){return i.sign.detached.verify(n,a,h(r.publicKeyBase64))});if(!c)throw new Error("Signature invalid for JWT");return c}};function y(r){var e=v[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function g(r){return"object"==typeof r&&"r"in r&&"s"in r}function m(r){return function(e,t){try{return Promise.resolve(t(e)).then(function(e){if(g(e))return function(t){var n=e.r,i=e.s,o=e.recoveryParam,c=a.Buffer.alloc(r?65:64);if(a.Buffer.from(n,"hex").copy(c,0),a.Buffer.from(i,"hex").copy(c,32),r){if(void 0===o)throw new Error("Signer did not return a recoveryParam");c[64]=o}return u.encode(c)}();throw new Error("expected a signer function that returns a signature object instead of string")})}catch(r){return Promise.reject(r)}}}y.toSignatureObject=w;var b={ES256K:m(),"ES256K-R":m(!0),Ed25519:function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(g(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}},E={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]};function S(r){return u.encode(JSON.stringify(r))}function x(r){return r.match(/^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/)}function P(r){if(r.match(/^did:/))return r;if(x(r))return"did:uport:"+r;throw new Error("Not a valid DID '"+r+"'")}function j(r){if(!r)throw new Error("no JWT passed into decodeJWT");var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(u.decode(e[1])),payload:JSON.parse(u.decode(e[2])),signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWT")}r.SimpleSigner=function(r){var e=d.keyFromPrivate(r);return function(r){try{var t=e.sign(f(r)),n=t.s,i=t.recoveryParam;return Promise.resolve({r:l(t.r.toString("hex")),s:l(n.toString("hex")),recoveryParam:i})}catch(r){return Promise.reject(r)}}},r.NaclSigner=function(r){var e=h(r);return function(r){try{var t=o.encode(r),n=i.sign.detached(t,e),c=u.encode(a.Buffer.from(n));return Promise.resolve(c)}catch(r){return Promise.reject(r)}}},r.verifyJWT=function(r,e){void 0===e&&(e={auth:null,audience:null,callbackUrl:null});try{var t=e.audience?P(e.audience):void 0,n=j(r),i=n.payload,o=n.header,a=n.signature,u=n.data;return Promise.resolve(function(r,e,t){try{var n=E[r];if(!n||0===n.length)throw new Error("No supported signature types for algorithm "+r);var i=P(e);return Promise.resolve(c(i)).then(function(e){if(!e)throw new Error("Unable to resolve DID document for "+i);var o=!t||(e.authentication||[]).map(function(r){return r.publicKey}),a=(e.publicKey||[]).filter(function(r){var e=r.type,i=r.id;return n.find(function(r){return r===e&&(!t||Array.isArray(o)&&o.indexOf(i)>=0)})});if(t&&(!a||0===a.length))throw new Error("DID document for "+i+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+i+" does not have public keys for "+r);return{authenticators:a,issuer:i,doc:e}})}catch(r){return Promise.reject(r)}}(o.alg,i.iss,e.auth)).then(function(n){var c,f=n.doc,s=n.authenticators,d=n.issuer,l=y(o.alg)(u,a,s),h=Math.floor(Date.now()/1e3);if(l){if(i.iat&&i.iat>h+300)throw new Error("JWT not valid yet (issued in the future): iat: "+i.iat+" > now: "+h);if(i.exp&&i.exp<=h-300)throw new Error("JWT has expired: exp: "+i.exp+" < now: "+h);if(i.aud)if((c=i.aud)&&(c.match(/^did:/)||x(c))){if(!t)throw new Error("JWT audience is required but your app address has not been configured");if(t!==P(i.aud))throw new Error("JWT audience does not match your DID: aud: "+i.aud+" !== yours: "+t)}else{if(!e.callbackUrl)throw new Error("JWT audience matching your callback url is required but one wasn't passed in");if(i.aud!==e.callbackUrl)throw new Error("JWT audience does not match the callback url: aud: "+i.aud+" !== url: "+e.callbackUrl)}return{payload:i,doc:f,issuer:d,signer:l,jwt:r}}})}catch(r){return Promise.reject(r)}},r.createJWT=function(r,e){var t=e.issuer,n=e.signer,i=e.alg,o=e.expiresIn;try{if(!n)throw new Error("No Signer functionality has been configured");if(!t)throw new Error("No issuing DID has been configured");var a={typ:"JWT",alg:i||"ES256K"},u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(o){if("number"!=typeof o)throw new Error("JWT expiresIn is not a number");u.exp=u.iat+Math.floor(o)}var c=[S(a),S(Object.assign({},u,r,{iss:t}))].join("."),f=function(r){var e=b[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(a.alg);return Promise.resolve(f(c,n)).then(function(r){return[c,r].join(".")})}catch(r){return Promise.reject(r)}},r.decodeJWT=j,r.toEthereumAddress=s});
!function(r,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("js-sha256"),require("js-sha3"),require("elliptic"),require("tweetnacl"),require("@stablelib/utf8"),require("buffer"),require("uport-base64url"),require("did-resolver")):"function"==typeof define&&define.amd?define(["exports","js-sha256","js-sha3","elliptic","tweetnacl","@stablelib/utf8","buffer","uport-base64url","did-resolver"],e):e(r.didJwt={},r.jsSha256,r.jsSha3,r.elliptic,r.tweetnacl,r.utf8,r.buffer,r.base64url,r.resolve)}(this,function(r,e,t,n,o,i,a,u,c){function f(r){return a.Buffer.from(e.sha256.arrayBuffer(r))}function s(r){return"0x"+(e=a.Buffer.from(r.slice(2),"hex"),a.Buffer.from(t.keccak_256.arrayBuffer(e))).slice(-20).toString("hex");var e}o=o&&o.hasOwnProperty("default")?o.default:o,u=u&&u.hasOwnProperty("default")?u.default:u,c=c&&c.hasOwnProperty("default")?c.default:c;var d=new n.ec("secp256k1");function l(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function h(r){return new Uint8Array(Array.prototype.slice.call(Buffer.from(r,"base64"),0))}var p=new n.ec("secp256k1");function w(r,e){void 0===e&&(e=!1);var t=u.toBuffer(r);if(t.length!==(e?65:64))throw new Error("wrong signature length");var n={r:t.slice(0,32).toString("hex"),s:t.slice(32,64).toString("hex")};return e&&(n.recoveryParam=t[64]),n}var v={ES256K:function(r,e,t){var n=f(r),o=w(e),i=t.find(function(r){return p.keyFromPublic(r.publicKeyHex,"hex").verify(n,o)});if(!i)throw new Error("Signature invalid for JWT");return i},"ES256K-R":function(r,e,t){var n=w(e,!0),o=f(r),i=p.recoverPubKey(o,n,n.recoveryParam),a=i.encode("hex"),u=i.encode("hex",!0),c=s(a),d=t.find(function(r){var e=r.publicKeyHex;return e===a||e===u||r.ethereumAddress===c});if(!d)throw new Error("Signature invalid for JWT");return d},Ed25519:function(r,e,t){var n=i.encode(r),a=h(u.toBase64(e)),c=t.find(function(r){return o.sign.detached.verify(n,a,h(r.publicKeyBase64))});if(!c)throw new Error("Signature invalid for JWT");return c}};function y(r){var e=v[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function g(r){return"object"==typeof r&&"r"in r&&"s"in r}function m(r){return function(e,t){try{return Promise.resolve(t(e)).then(function(e){if(g(e))return function(t){var n=e.r,o=e.s,i=e.recoveryParam,c=a.Buffer.alloc(r?65:64);if(a.Buffer.from(n,"hex").copy(c,0),a.Buffer.from(o,"hex").copy(c,32),r){if(void 0===i)throw new Error("Signer did not return a recoveryParam");c[64]=i}return u.encode(c)}();throw new Error("expected a signer function that returns a signature object instead of string")})}catch(r){return Promise.reject(r)}}}y.toSignatureObject=w;var b={ES256K:m(),"ES256K-R":m(!0),Ed25519:function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(g(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}},E={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]};function S(r){return u.encode(JSON.stringify(r))}function x(r){return r.match(/^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/)}function P(r){if(r.match(/^did:/))return r;if(x(r))return"did:uport:"+r;throw new Error("Not a valid DID '"+r+"'")}function j(r){if(!r)throw new Error("no JWT passed into decodeJWT");var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(u.decode(e[1])),payload:JSON.parse(u.decode(e[2])),signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWT")}r.SimpleSigner=function(r){var e=d.keyFromPrivate(r);return function(r){try{var t=e.sign(f(r)),n=t.s,o=t.recoveryParam;return Promise.resolve({r:l(t.r.toString("hex")),s:l(n.toString("hex")),recoveryParam:o})}catch(r){return Promise.reject(r)}}},r.NaclSigner=function(r){var e=h(r);return function(r){try{var t=i.encode(r),n=o.sign.detached(t,e),c=u.encode(a.Buffer.from(n));return Promise.resolve(c)}catch(r){return Promise.reject(r)}}},r.verifyJWT=function(r,e){void 0===e&&(e={auth:null,audience:null,callbackUrl:null});try{var t=e.audience?P(e.audience):void 0,n=j(r),o=n.payload,i=n.header,a=n.signature,u=n.data;return Promise.resolve(function(r,e,t){try{var n=E[r];if(!n||0===n.length)throw new Error("No supported signature types for algorithm "+r);var o=P(e);return Promise.resolve(c(o)).then(function(e){if(!e)throw new Error("Unable to resolve DID document for "+o);var i=!t||(e.authentication||[]).map(function(r){return r.publicKey}),a=(e.publicKey||[]).filter(function(r){var e=r.type,o=r.id;return n.find(function(r){return r===e&&(!t||Array.isArray(i)&&i.indexOf(o)>=0)})});if(t&&(!a||0===a.length))throw new Error("DID document for "+o+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+o+" does not have public keys for "+r);return{authenticators:a,issuer:o,doc:e}})}catch(r){return Promise.reject(r)}}(i.alg,o.iss,e.auth)).then(function(n){var c,f=n.doc,s=n.authenticators,d=n.issuer,l=y(i.alg)(u,a,s),h=Math.floor(Date.now()/1e3);if(l){if(o.nbf&&o.nbf>h+300)throw new Error("JWT not valid yet (issued in the future): nbf: "+o.nbf+" > now: "+h);if(o.exp&&o.exp<=h-300)throw new Error("JWT has expired: exp: "+o.exp+" < now: "+h);if(o.aud)if((c=o.aud)&&(c.match(/^did:/)||x(c))){if(!t)throw new Error("JWT audience is required but your app address has not been configured");if(t!==P(o.aud))throw new Error("JWT audience does not match your DID: aud: "+o.aud+" !== yours: "+t)}else{if(!e.callbackUrl)throw new Error("JWT audience matching your callback url is required but one wasn't passed in");if(o.aud!==e.callbackUrl)throw new Error("JWT audience does not match the callback url: aud: "+o.aud+" !== url: "+e.callbackUrl)}return{payload:o,doc:f,issuer:d,signer:l,jwt:r}}})}catch(r){return Promise.reject(r)}},r.createJWT=function(r,e){var t=e.issuer,n=e.signer,o=e.alg,i=e.expiresIn;try{if(!n)throw new Error("No Signer functionality has been configured");var a={typ:"JWT",alg:o||"ES256K"},u={nbf:Math.floor(Date.now()/1e3),exp:void 0};if(i){if("number"!=typeof i)throw new Error("JWT expiresIn is not a number");u.exp=u.nbf+Math.floor(i)}var c=[S(a),S(Object.assign({},u,r,{iss:t}))].join("."),f=function(r){var e=b[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(a.alg);return Promise.resolve(f(c,n)).then(function(r){return[c,r].join(".")})}catch(r){return Promise.reject(r)}},r.createUnsignedJWT=function(r){return[S({type:"JWT",alg:"none,"}),S(r),""].join(".")},r.decodeJWT=j,r.toEthereumAddress=s});
//# sourceMappingURL=index.umd.js.map

5

lib/JWT.d.ts

@@ -33,3 +33,3 @@ import { DIDDocument, PublicKey } from 'did-resolver';

aud?: string;
iat?: number;
nbf?: number;
type?: string;

@@ -52,3 +52,3 @@ exp?: number;

}
export declare const IAT_SKEW: number;
export declare const NBF_SKEW: number;
export declare function normalizeDID(mnidOrDid: string): string;

@@ -82,2 +82,3 @@ /**

export declare function createJWT(payload: object, { issuer, signer, alg, expiresIn }: JWTOptions): Promise<string>;
export declare function createUnsignedJWT(payload: object): string;
/**

@@ -84,0 +85,0 @@ * Verifies given JWT. If the JWT is valid, the promise returns an object including the JWT, the payload of the JWT,

5

package.json
{
"name": "did-jwt",
"version": "0.2.1-alpha.5",
"version": "1.0.0-dev.0",
"description": "Library for Signing and Verifying JWTs compatible uPort and DID standards",

@@ -45,3 +45,4 @@ "main": "lib/index.js",

"!src/**/*.d.ts",
"!**/node_modules/**"
"!**/node_modules/**",
"!src/**/index.ts"
],

@@ -48,0 +49,0 @@ "testEnvironment": "node",

20

src/__tests__/JWT-test.ts

@@ -6,3 +6,3 @@ import {

resolveAuthenticator,
IAT_SKEW
NBF_SKEW
} from '../JWT'

@@ -115,3 +115,3 @@ import { TokenVerifier } from 'jsontokens'

const { payload } = decodeJWT(jwt)
return expect(payload.exp).toEqual(payload.iat + 10000)
return expect(payload.exp).toEqual(payload.nbf + 10000)
})

@@ -161,3 +161,3 @@ })

const { payload } = decodeJWT(jwt)
return expect(payload.exp).toEqual(payload.iat + 10000)
return expect(payload.exp).toEqual(payload.nbf + 10000)
})

@@ -269,4 +269,4 @@ })

it('accepts a valid iat', () => {
return createJWT({ iat: NOW + IAT_SKEW }, { issuer: did, signer }).then(
it('accepts a valid nbf', () => {
return createJWT({ nbf: NOW + NBF_SKEW }, { issuer: did, signer }).then(
jwt =>

@@ -304,4 +304,4 @@ verifyJWT(jwt).then(

it('rejects an iat in the future', () => {
return createJWT({ iat: NOW + IAT_SKEW + 1 }, { issuer: did, signer }).then(
it('rejects an nbf in the future', () => {
return createJWT({ nbf: NOW + NBF_SKEW + 1 }, { issuer: did, signer }).then(
jwt =>

@@ -311,3 +311,3 @@ verifyJWT(jwt)

expect(error.message).toEqual(
'JWT not valid yet (issued in the future): iat: 1485321434 > now: 1485321133'
'JWT not valid yet (issued in the future): nbf: 1485321434 > now: 1485321133'
)

@@ -321,3 +321,3 @@ )

return createJWT(
{ exp: NOW - IAT_SKEW + 1 },
{ exp: NOW - NBF_SKEW + 1 },
{ issuer: did, signer, expiresIn: 1 }

@@ -330,3 +330,3 @@ ).then(jwt =>

it('rejects an expired JWT', () => {
return createJWT({ exp: NOW - IAT_SKEW - 1 }, { issuer: did, signer }).then(
return createJWT({ exp: NOW - NBF_SKEW - 1 }, { issuer: did, signer }).then(
jwt =>

@@ -333,0 +333,0 @@ verifyJWT(jwt)

5

src/index.ts
import SimpleSigner from './SimpleSigner'
import NaclSigner from './NaclSigner'
import { verifyJWT, createJWT, decodeJWT, Signer } from './JWT'
import { verifyJWT, createJWT, decodeJWT, Signer, createUnsignedJWT } from './JWT'
import { toEthereumAddress } from './Digest'
export {
export {
SimpleSigner,

@@ -11,2 +11,3 @@ NaclSigner,

createJWT,
createUnsignedJWT,
decodeJWT,

@@ -13,0 +14,0 @@ toEthereumAddress,

28

src/JWT.ts

@@ -46,3 +46,3 @@ import VerifierAlgorithm from './VerifierAlgorithm'

aud?: string
iat?: number
nbf?: number
type?: string

@@ -92,3 +92,3 @@ exp?: number

export const IAT_SKEW: number = 300
export const NBF_SKEW: number = 300

@@ -161,6 +161,5 @@ /** @module did-jwt/JWT */

if (!signer) throw new Error('No Signer functionality has been configured')
if (!issuer) throw new Error('No issuing DID has been configured')
const header: JWTHeader = { typ: 'JWT', alg: alg || defaultAlg }
const timestamps: Partial<JWTPayload> = {
iat: Math.floor(Date.now() / 1000),
nbf: Math.floor(Date.now() / 1000),
exp: undefined

@@ -170,3 +169,3 @@ }

if (typeof expiresIn === 'number') {
timestamps.exp = timestamps.iat + Math.floor(expiresIn)
timestamps.exp = timestamps.nbf + Math.floor(expiresIn)
} else {

@@ -186,2 +185,13 @@ throw new Error('JWT expiresIn is not a number')

export function createUnsignedJWT(payload: object): string {
return [
encodeSection({
type: 'JWT',
alg: 'none,'
}),
encodeSection(payload),
''
].join('.')
}
/**

@@ -232,10 +242,10 @@ * Verifies given JWT. If the JWT is valid, the promise returns an object including the JWT, the payload of the JWT,

if (signer) {
if (payload.iat && payload.iat > now + IAT_SKEW) {
if (payload.nbf && payload.nbf > now + NBF_SKEW) {
throw new Error(
`JWT not valid yet (issued in the future): iat: ${
payload.iat
`JWT not valid yet (issued in the future): nbf: ${
payload.nbf
} > now: ${now}`
)
}
if (payload.exp && payload.exp <= now - IAT_SKEW) {
if (payload.exp && payload.exp <= now - NBF_SKEW) {
throw new Error(`JWT has expired: exp: ${payload.exp} < now: ${now}`)

@@ -242,0 +252,0 @@ }

dist/did-jwt.js

Sorry, the diff of this file is too big to display

lib/index.d.ts.map

Sorry, the diff of this file is not supported yet

lib/index.js.map

Sorry, the diff of this file is not supported yet

lib/index.mjs

Sorry, the diff of this file is not supported yet

lib/index.mjs.map

Sorry, the diff of this file is not supported yet

lib/index.umd.js.map

Sorry, the diff of this file is not supported yet

lib/JWT.d.ts.map

Sorry, the diff of this file is not supported yet

src/__tests__/__snapshots__/JWT-test.ts.snap

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc