Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
did-jwt - npm Package Compare versions
Comparing version 3.0.0 to 4.0.0
@@ -1,2 +0,2 @@ | ||
| function r(r){return r&&"object"==typeof r&&"default"in r?r.default:r}var e=require("js-sha256"),n=require("js-sha3"),t=require("elliptic"),o=r(require("tweetnacl")),i=require("@stablelib/utf8"),a=require("buffer"),u=r(require("uport-base64url"));function c(r){return a.Buffer.from(e.sha256.arrayBuffer(r))}function f(r){return"0x"+(e=a.Buffer.from(r.slice(2),"hex"),a.Buffer.from(n.keccak_256.arrayBuffer(e))).slice(-20).toString("hex");var e}var s=new t.ec("secp256k1");function d(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function l(r){return new Uint8Array(Array.prototype.slice.call(Buffer.from(r,"base64"),0))}var h=new t.ec("secp256k1");function v(r,e){void 0===e&&(e=!1);var n=u.toBuffer(r);if(n.length!==(e?65:64))throw new Error("wrong signature length");var t={r:n.slice(0,32).toString("hex"),s:n.slice(32,64).toString("hex")};return e&&(t.recoveryParam=n[64]),t}var w={ES256K:function(r,e,n){var t=c(r),o=v(e),i=n.find(function(r){return h.keyFromPublic(r.publicKeyHex,"hex").verify(t,o)});if(!i)throw new Error("Signature invalid for JWT");return i},"ES256K-R":function(r,e,n){var t=v(e,!0),o=c(r),i=h.recoverPubKey(o,t,t.recoveryParam),a=i.encode("hex"),u=i.encode("hex",!0),s=f(a),d=n.find(function(r){var e=r.publicKeyHex;return e===a||e===u||r.ethereumAddress===s});if(!d)throw new Error("Signature invalid for JWT");return d},Ed25519:function(r,e,n){var t=i.encode(r),a=l(u.toBase64(e)),c=n.find(function(r){return o.sign.detached.verify(t,a,l(r.publicKeyBase64))});if(!c)throw new Error("Signature invalid for JWT");return c}};function p(r){var e=w[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function y(r){return"object"==typeof r&&"r"in r&&"s"in r}function g(r){return function(e,n){try{return Promise.resolve(n(e)).then(function(e){if(y(e))return function(n){var t=e.r,o=e.s,i=e.recoveryParam,c=a.Buffer.alloc(r?65:64);if(a.Buffer.from(t,"hex").copy(c,0),a.Buffer.from(o,"hex").copy(c,32),r){if(void 0===i)throw new Error("Signer did not return a recoveryParam");c[64]=i}return u.encode(c)}();throw new Error("expected a signer function that returns a signature object instead of string")})}catch(r){return Promise.reject(r)}}}p.toSignatureObject=v;var m={ES256K:g(),"ES256K-R":g(!0),Ed25519:function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(y(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}},b={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]};function E(r){return u.encode(JSON.stringify(r))}function S(r){return r.match(/^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/)}function x(r){if(r.match(/^did:/))return r;if(S(r))return"did:uport:"+r;throw new Error("Not a valid DID '"+r+"'")}function P(r){if(!r)throw new Error("no JWT passed into decodeJWT");var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(u.decode(e[1])),payload:JSON.parse(u.decode(e[2])),signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWT")}exports.SimpleSigner=function(r){var e=s.keyFromPrivate(r);return function(r){try{var n=e.sign(c(r)),t=n.s,o=n.recoveryParam;return Promise.resolve({r:d(n.r.toString("hex")),s:d(t.toString("hex")),recoveryParam:o})}catch(r){return Promise.reject(r)}}},exports.NaclSigner=function(r){var e=l(r);return function(r){try{var n=i.encode(r),t=o.sign.detached(n,e),c=u.encode(a.Buffer.from(t));return Promise.resolve(c)}catch(r){return Promise.reject(r)}}},exports.verifyJWT=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var n=e.audience?x(e.audience):void 0,t=P(r),o=t.payload,i=t.header,a=t.signature,u=t.data;return Promise.resolve(function(r,e,n,t){try{var o=b[e];if(!o||0===o.length)throw new Error("No supported signature types for algorithm "+e);var i=x(n);return Promise.resolve(r.resolve(i)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+i);var n=!t||(r.authentication||[]).map(function(r){return r.publicKey}),a=(r.publicKey||[]).filter(function(r){var e=r.type,i=r.id;return o.find(function(r){return r===e&&(!t||Array.isArray(n)&&n.indexOf(i)>=0)})});if(t&&(!a||0===a.length))throw new Error("DID document for "+i+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+i+" does not have public keys for "+e);return{authenticators:a,issuer:i,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,i.alg,o.iss,e.auth)).then(function(t){var c,f=t.doc,s=t.authenticators,d=t.issuer,l=p(i.alg)(u,a,s),h=Math.floor(Date.now()/1e3);if(l){var v=h+300;if(o.nbf){if(o.nbf>v)throw new Error("JWT not valid before nbf: "+o.nbf)}else if(o.iat&&o.iat>v)throw new Error("JWT not valid yet (issued in the future) iat: "+o.iat);if(o.exp&&o.exp<=h-300)throw new Error("JWT has expired: exp: "+o.exp+" < now: "+h);if(o.aud)if((c=o.aud)&&(c.match(/^did:/)||S(c))){if(!n)throw new Error("JWT audience is required but your app address has not been configured");if(n!==x(o.aud))throw new Error("JWT audience does not match your DID: aud: "+o.aud+" !== yours: "+n)}else{if(!e.callbackUrl)throw new Error("JWT audience matching your callback url is required but one wasn't passed in");if(o.aud!==e.callbackUrl)throw new Error("JWT audience does not match the callback url: aud: "+o.aud+" !== url: "+e.callbackUrl)}return{payload:o,doc:f,issuer:d,signer:l,jwt:r}}})}catch(r){return Promise.reject(r)}},exports.createJWT=function(r,e){var n=e.issuer,t=e.signer,o=e.alg,i=e.expiresIn;try{if(!t)throw new Error("No Signer functionality has been configured");if(!n)throw new Error("No issuing DID has been configured");var a={typ:"JWT",alg:o||"ES256K"},u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(i&&r.nbf){if("number"!=typeof i)throw new Error("JWT expiresIn is not a number");u.exp=r.nbf+Math.floor(i)}var c=[E(a),E(Object.assign({},u,r,{iss:n}))].join("."),f=function(r){var e=m[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(a.alg);return Promise.resolve(f(c,t)).then(function(r){return[c,r].join(".")})}catch(r){return Promise.reject(r)}},exports.decodeJWT=P,exports.toEthereumAddress=f; | ||
| function r(r){return r&&"object"==typeof r&&"default"in r?r.default:r}var e=require("js-sha256"),t=require("js-sha3"),n=require("elliptic"),o=r(require("tweetnacl")),i=require("@stablelib/utf8"),a=require("buffer"),u=r(require("uport-base64url"));function c(r){return a.Buffer.from(e.sha256.arrayBuffer(r))}function f(r){return"0x"+(e=a.Buffer.from(r.slice(2),"hex"),a.Buffer.from(t.keccak_256.arrayBuffer(e))).slice(-20).toString("hex");var e}var s=new n.ec("secp256k1");function d(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function l(r){return new Uint8Array(Array.prototype.slice.call(Buffer.from(r,"base64"),0))}var h=new n.ec("secp256k1");function v(r,e){void 0===e&&(e=!1);var t=u.toBuffer(r);if(t.length!==(e?65:64))throw new Error("wrong signature length");var n={r:t.slice(0,32).toString("hex"),s:t.slice(32,64).toString("hex")};return e&&(n.recoveryParam=t[64]),n}var w={ES256K:function(r,e,t){var n=c(r),o=v(e),i=t.find(function(r){return h.keyFromPublic(r.publicKeyHex,"hex").verify(n,o)});if(!i)throw new Error("Signature invalid for JWT");return i},"ES256K-R":function(r,e,t){var n=v(e,!0),o=c(r),i=h.recoverPubKey(o,n,n.recoveryParam),a=i.encode("hex"),u=i.encode("hex",!0),s=f(a),d=t.find(function(r){var e=r.publicKeyHex;return e===a||e===u||r.ethereumAddress===s});if(!d)throw new Error("Signature invalid for JWT");return d},Ed25519:function(r,e,t){var n=i.encode(r),a=l(u.toBase64(e)),c=t.find(function(r){return o.sign.detached.verify(n,a,l(r.publicKeyBase64))});if(!c)throw new Error("Signature invalid for JWT");return c}};function p(r){var e=w[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function y(r){return"object"==typeof r&&"r"in r&&"s"in r}function g(r){return function(e,t){try{return Promise.resolve(t(e)).then(function(e){if(y(e))return function(t){var n=e.r,o=e.s,i=e.recoveryParam,c=a.Buffer.alloc(r?65:64);if(a.Buffer.from(n,"hex").copy(c,0),a.Buffer.from(o,"hex").copy(c,32),r){if(void 0===i)throw new Error("Signer did not return a recoveryParam");c[64]=i}return u.encode(c)}();throw new Error("expected a signer function that returns a signature object instead of string")})}catch(r){return Promise.reject(r)}}}p.toSignatureObject=v;var m={ES256K:g(),"ES256K-R":g(!0),Ed25519:function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(y(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}},b={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]};function E(r){return u.encode(JSON.stringify(r))}function S(r){return r.match(/^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/)}function x(r){if(r.match(/^did:/))return r;if(S(r))return"did:uport:"+r;throw new Error("Not a valid DID '"+r+"'")}function P(r){if(!r)throw new Error("no JWT passed into decodeJWT");var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(u.decode(e[1])),payload:JSON.parse(u.decode(e[2])),signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWT")}exports.SimpleSigner=function(r){var e=s.keyFromPrivate(r);return function(r){try{var t=e.sign(c(r)),n=t.s,o=t.recoveryParam;return Promise.resolve({r:d(t.r.toString("hex")),s:d(n.toString("hex")),recoveryParam:o})}catch(r){return Promise.reject(r)}}},exports.NaclSigner=function(r){var e=l(r);return function(r){try{var t=i.encode(r),n=o.sign.detached(t,e),c=u.encode(a.Buffer.from(n));return Promise.resolve(c)}catch(r){return Promise.reject(r)}}},exports.verifyJWT=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var t=e.audience?x(e.audience):void 0,n=P(r),o=n.payload,i=n.header,a=n.signature,u=n.data;return Promise.resolve(function(r,e,t,n){try{var o=b[e];if(!o||0===o.length)throw new Error("No supported signature types for algorithm "+e);var i=x(t);return Promise.resolve(r.resolve(i)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+i);var t=!n||(r.authentication||[]).map(function(r){return r.publicKey}),a=(r.publicKey||[]).filter(function(r){var e=r.type,i=r.id;return o.find(function(r){return r===e&&(!n||Array.isArray(t)&&t.indexOf(i)>=0)})});if(n&&(!a||0===a.length))throw new Error("DID document for "+i+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+i+" does not have public keys for "+e);return{authenticators:a,issuer:i,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,i.alg,o.iss,e.auth)).then(function(n){var c,f=n.doc,s=n.authenticators,d=n.issuer,l=p(i.alg)(u,a,s),h=Math.floor(Date.now()/1e3);if(l){var v=h+300;if(o.nbf){if(o.nbf>v)throw new Error("JWT not valid before nbf: "+o.nbf)}else if(o.iat&&o.iat>v)throw new Error("JWT not valid yet (issued in the future) iat: "+o.iat);if(o.exp&&o.exp<=h-300)throw new Error("JWT has expired: exp: "+o.exp+" < now: "+h);if(o.aud)if((c=o.aud)&&(c.match(/^did:/)||S(c))){if(!t)throw new Error("JWT audience is required but your app address has not been configured");if(t!==x(o.aud))throw new Error("JWT audience does not match your DID: aud: "+o.aud+" !== yours: "+t)}else{if(!e.callbackUrl)throw new Error("JWT audience matching your callback url is required but one wasn't passed in");if(o.aud!==e.callbackUrl)throw new Error("JWT audience does not match the callback url: aud: "+o.aud+" !== url: "+e.callbackUrl)}return{payload:o,doc:f,issuer:d,signer:l,jwt:r}}})}catch(r){return Promise.reject(r)}},exports.createJWT=function(r,e){var t=e.issuer,n=e.signer,o=e.alg,i=e.expiresIn;try{if(!n)throw new Error("No Signer functionality has been configured");if(!t)throw new Error("No issuing DID has been configured");var a={typ:"JWT",alg:o||"ES256K"},u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(i){if("number"!=typeof i)throw new Error("JWT expiresIn is not a number");u.exp=(r.nbf||u.iat)+Math.floor(i)}var c=[E(a),E(Object.assign({},u,r,{iss:t}))].join("."),f=function(r){var e=m[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(a.alg);return Promise.resolve(f(c,n)).then(function(r){return[c,r].join(".")})}catch(r){return Promise.reject(r)}},exports.decodeJWT=P,exports.toEthereumAddress=f; | ||
| //# sourceMappingURL=index.js.map |
@@ -1,2 +0,2 @@ | ||
| !function(r,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("js-sha256"),require("js-sha3"),require("elliptic"),require("tweetnacl"),require("@stablelib/utf8"),require("buffer"),require("uport-base64url")):"function"==typeof define&&define.amd?define(["exports","js-sha256","js-sha3","elliptic","tweetnacl","@stablelib/utf8","buffer","uport-base64url"],e):e(r.didJwt={},r.jsSha256,r.jsSha3,r.elliptic,r.tweetnacl,r.utf8,r.buffer,r.base64url)}(this,function(r,e,t,n,o,i,a,u){function c(r){return a.Buffer.from(e.sha256.arrayBuffer(r))}function f(r){return"0x"+(e=a.Buffer.from(r.slice(2),"hex"),a.Buffer.from(t.keccak_256.arrayBuffer(e))).slice(-20).toString("hex");var e}o=o&&o.hasOwnProperty("default")?o.default:o,u=u&&u.hasOwnProperty("default")?u.default:u;var s=new n.ec("secp256k1");function d(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function l(r){return new Uint8Array(Array.prototype.slice.call(Buffer.from(r,"base64"),0))}var h=new n.ec("secp256k1");function w(r,e){void 0===e&&(e=!1);var t=u.toBuffer(r);if(t.length!==(e?65:64))throw new Error("wrong signature length");var n={r:t.slice(0,32).toString("hex"),s:t.slice(32,64).toString("hex")};return e&&(n.recoveryParam=t[64]),n}var p={ES256K:function(r,e,t){var n=c(r),o=w(e),i=t.find(function(r){return h.keyFromPublic(r.publicKeyHex,"hex").verify(n,o)});if(!i)throw new Error("Signature invalid for JWT");return i},"ES256K-R":function(r,e,t){var n=w(e,!0),o=c(r),i=h.recoverPubKey(o,n,n.recoveryParam),a=i.encode("hex"),u=i.encode("hex",!0),s=f(a),d=t.find(function(r){var e=r.publicKeyHex;return e===a||e===u||r.ethereumAddress===s});if(!d)throw new Error("Signature invalid for JWT");return d},Ed25519:function(r,e,t){var n=i.encode(r),a=l(u.toBase64(e)),c=t.find(function(r){return o.sign.detached.verify(n,a,l(r.publicKeyBase64))});if(!c)throw new Error("Signature invalid for JWT");return c}};function v(r){var e=p[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function y(r){return"object"==typeof r&&"r"in r&&"s"in r}function g(r){return function(e,t){try{return Promise.resolve(t(e)).then(function(e){if(y(e))return function(t){var n=e.r,o=e.s,i=e.recoveryParam,c=a.Buffer.alloc(r?65:64);if(a.Buffer.from(n,"hex").copy(c,0),a.Buffer.from(o,"hex").copy(c,32),r){if(void 0===i)throw new Error("Signer did not return a recoveryParam");c[64]=i}return u.encode(c)}();throw new Error("expected a signer function that returns a signature object instead of string")})}catch(r){return Promise.reject(r)}}}v.toSignatureObject=w;var b={ES256K:g(),"ES256K-R":g(!0),Ed25519:function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(y(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}},m={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]};function E(r){return u.encode(JSON.stringify(r))}function S(r){return r.match(/^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/)}function x(r){if(r.match(/^did:/))return r;if(S(r))return"did:uport:"+r;throw new Error("Not a valid DID '"+r+"'")}function P(r){if(!r)throw new Error("no JWT passed into decodeJWT");var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(u.decode(e[1])),payload:JSON.parse(u.decode(e[2])),signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWT")}r.SimpleSigner=function(r){var e=s.keyFromPrivate(r);return function(r){try{var t=e.sign(c(r)),n=t.s,o=t.recoveryParam;return Promise.resolve({r:d(t.r.toString("hex")),s:d(n.toString("hex")),recoveryParam:o})}catch(r){return Promise.reject(r)}}},r.NaclSigner=function(r){var e=l(r);return function(r){try{var t=i.encode(r),n=o.sign.detached(t,e),c=u.encode(a.Buffer.from(n));return Promise.resolve(c)}catch(r){return Promise.reject(r)}}},r.verifyJWT=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var t=e.audience?x(e.audience):void 0,n=P(r),o=n.payload,i=n.header,a=n.signature,u=n.data;return Promise.resolve(function(r,e,t,n){try{var o=m[e];if(!o||0===o.length)throw new Error("No supported signature types for algorithm "+e);var i=x(t);return Promise.resolve(r.resolve(i)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+i);var t=!n||(r.authentication||[]).map(function(r){return r.publicKey}),a=(r.publicKey||[]).filter(function(r){var e=r.type,i=r.id;return o.find(function(r){return r===e&&(!n||Array.isArray(t)&&t.indexOf(i)>=0)})});if(n&&(!a||0===a.length))throw new Error("DID document for "+i+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+i+" does not have public keys for "+e);return{authenticators:a,issuer:i,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,i.alg,o.iss,e.auth)).then(function(n){var c,f=n.doc,s=n.authenticators,d=n.issuer,l=v(i.alg)(u,a,s),h=Math.floor(Date.now()/1e3);if(l){var w=h+300;if(o.nbf){if(o.nbf>w)throw new Error("JWT not valid before nbf: "+o.nbf)}else if(o.iat&&o.iat>w)throw new Error("JWT not valid yet (issued in the future) iat: "+o.iat);if(o.exp&&o.exp<=h-300)throw new Error("JWT has expired: exp: "+o.exp+" < now: "+h);if(o.aud)if((c=o.aud)&&(c.match(/^did:/)||S(c))){if(!t)throw new Error("JWT audience is required but your app address has not been configured");if(t!==x(o.aud))throw new Error("JWT audience does not match your DID: aud: "+o.aud+" !== yours: "+t)}else{if(!e.callbackUrl)throw new Error("JWT audience matching your callback url is required but one wasn't passed in");if(o.aud!==e.callbackUrl)throw new Error("JWT audience does not match the callback url: aud: "+o.aud+" !== url: "+e.callbackUrl)}return{payload:o,doc:f,issuer:d,signer:l,jwt:r}}})}catch(r){return Promise.reject(r)}},r.createJWT=function(r,e){var t=e.issuer,n=e.signer,o=e.alg,i=e.expiresIn;try{if(!n)throw new Error("No Signer functionality has been configured");if(!t)throw new Error("No issuing DID has been configured");var a={typ:"JWT",alg:o||"ES256K"},u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(i&&r.nbf){if("number"!=typeof i)throw new Error("JWT expiresIn is not a number");u.exp=r.nbf+Math.floor(i)}var c=[E(a),E(Object.assign({},u,r,{iss:t}))].join("."),f=function(r){var e=b[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(a.alg);return Promise.resolve(f(c,n)).then(function(r){return[c,r].join(".")})}catch(r){return Promise.reject(r)}},r.decodeJWT=P,r.toEthereumAddress=f}); | ||
| !function(r,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("js-sha256"),require("js-sha3"),require("elliptic"),require("tweetnacl"),require("@stablelib/utf8"),require("buffer"),require("uport-base64url")):"function"==typeof define&&define.amd?define(["exports","js-sha256","js-sha3","elliptic","tweetnacl","@stablelib/utf8","buffer","uport-base64url"],e):e(r.didJwt={},r.jsSha256,r.jsSha3,r.elliptic,r.tweetnacl,r.utf8,r.buffer,r.base64url)}(this,function(r,e,t,n,o,i,a,u){function c(r){return a.Buffer.from(e.sha256.arrayBuffer(r))}function f(r){return"0x"+(e=a.Buffer.from(r.slice(2),"hex"),a.Buffer.from(t.keccak_256.arrayBuffer(e))).slice(-20).toString("hex");var e}o=o&&o.hasOwnProperty("default")?o.default:o,u=u&&u.hasOwnProperty("default")?u.default:u;var s=new n.ec("secp256k1");function d(r,e){return void 0===e&&(e=64),r.length===e?r:"0".repeat(e-r.length)+r}function l(r){return new Uint8Array(Array.prototype.slice.call(Buffer.from(r,"base64"),0))}var h=new n.ec("secp256k1");function w(r,e){void 0===e&&(e=!1);var t=u.toBuffer(r);if(t.length!==(e?65:64))throw new Error("wrong signature length");var n={r:t.slice(0,32).toString("hex"),s:t.slice(32,64).toString("hex")};return e&&(n.recoveryParam=t[64]),n}var p={ES256K:function(r,e,t){var n=c(r),o=w(e),i=t.find(function(r){return h.keyFromPublic(r.publicKeyHex,"hex").verify(n,o)});if(!i)throw new Error("Signature invalid for JWT");return i},"ES256K-R":function(r,e,t){var n=w(e,!0),o=c(r),i=h.recoverPubKey(o,n,n.recoveryParam),a=i.encode("hex"),u=i.encode("hex",!0),s=f(a),d=t.find(function(r){var e=r.publicKeyHex;return e===a||e===u||r.ethereumAddress===s});if(!d)throw new Error("Signature invalid for JWT");return d},Ed25519:function(r,e,t){var n=i.encode(r),a=l(u.toBase64(e)),c=t.find(function(r){return o.sign.detached.verify(n,a,l(r.publicKeyBase64))});if(!c)throw new Error("Signature invalid for JWT");return c}};function v(r){var e=p[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}function y(r){return"object"==typeof r&&"r"in r&&"s"in r}function g(r){return function(e,t){try{return Promise.resolve(t(e)).then(function(e){if(y(e))return function(t){var n=e.r,o=e.s,i=e.recoveryParam,c=a.Buffer.alloc(r?65:64);if(a.Buffer.from(n,"hex").copy(c,0),a.Buffer.from(o,"hex").copy(c,32),r){if(void 0===i)throw new Error("Signer did not return a recoveryParam");c[64]=i}return u.encode(c)}();throw new Error("expected a signer function that returns a signature object instead of string")})}catch(r){return Promise.reject(r)}}}v.toSignatureObject=w;var m={ES256K:g(),"ES256K-R":g(!0),Ed25519:function(r,e){try{return Promise.resolve(e(r)).then(function(r){if(y(r))throw new Error("expected a signer function that returns a string instead of signature object");return r})}catch(r){return Promise.reject(r)}}},b={ES256K:["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],"ES256K-R":["Secp256k1VerificationKey2018","Secp256k1SignatureVerificationKey2018","EcdsaPublicKeySecp256k1"],Ed25519:["ED25519SignatureVerification"]};function E(r){return u.encode(JSON.stringify(r))}function S(r){return r.match(/^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/)}function x(r){if(r.match(/^did:/))return r;if(S(r))return"did:uport:"+r;throw new Error("Not a valid DID '"+r+"'")}function P(r){if(!r)throw new Error("no JWT passed into decodeJWT");var e=r.match(/^([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)\.([a-zA-Z0-9_-]+)$/);if(e)return{header:JSON.parse(u.decode(e[1])),payload:JSON.parse(u.decode(e[2])),signature:e[3],data:e[1]+"."+e[2]};throw new Error("Incorrect format JWT")}r.SimpleSigner=function(r){var e=s.keyFromPrivate(r);return function(r){try{var t=e.sign(c(r)),n=t.s,o=t.recoveryParam;return Promise.resolve({r:d(t.r.toString("hex")),s:d(n.toString("hex")),recoveryParam:o})}catch(r){return Promise.reject(r)}}},r.NaclSigner=function(r){var e=l(r);return function(r){try{var t=i.encode(r),n=o.sign.detached(t,e),c=u.encode(a.Buffer.from(n));return Promise.resolve(c)}catch(r){return Promise.reject(r)}}},r.verifyJWT=function(r,e){void 0===e&&(e={resolver:null,auth:null,audience:null,callbackUrl:null});try{if(!e.resolver)throw new Error("No DID resolver has been configured");var t=e.audience?x(e.audience):void 0,n=P(r),o=n.payload,i=n.header,a=n.signature,u=n.data;return Promise.resolve(function(r,e,t,n){try{var o=b[e];if(!o||0===o.length)throw new Error("No supported signature types for algorithm "+e);var i=x(t);return Promise.resolve(r.resolve(i)).then(function(r){if(!r)throw new Error("Unable to resolve DID document for "+i);var t=!n||(r.authentication||[]).map(function(r){return r.publicKey}),a=(r.publicKey||[]).filter(function(r){var e=r.type,i=r.id;return o.find(function(r){return r===e&&(!n||Array.isArray(t)&&t.indexOf(i)>=0)})});if(n&&(!a||0===a.length))throw new Error("DID document for "+i+" does not have public keys suitable for authenticationg user");if(!a||0===a.length)throw new Error("DID document for "+i+" does not have public keys for "+e);return{authenticators:a,issuer:i,doc:r}})}catch(r){return Promise.reject(r)}}(e.resolver,i.alg,o.iss,e.auth)).then(function(n){var c,f=n.doc,s=n.authenticators,d=n.issuer,l=v(i.alg)(u,a,s),h=Math.floor(Date.now()/1e3);if(l){var w=h+300;if(o.nbf){if(o.nbf>w)throw new Error("JWT not valid before nbf: "+o.nbf)}else if(o.iat&&o.iat>w)throw new Error("JWT not valid yet (issued in the future) iat: "+o.iat);if(o.exp&&o.exp<=h-300)throw new Error("JWT has expired: exp: "+o.exp+" < now: "+h);if(o.aud)if((c=o.aud)&&(c.match(/^did:/)||S(c))){if(!t)throw new Error("JWT audience is required but your app address has not been configured");if(t!==x(o.aud))throw new Error("JWT audience does not match your DID: aud: "+o.aud+" !== yours: "+t)}else{if(!e.callbackUrl)throw new Error("JWT audience matching your callback url is required but one wasn't passed in");if(o.aud!==e.callbackUrl)throw new Error("JWT audience does not match the callback url: aud: "+o.aud+" !== url: "+e.callbackUrl)}return{payload:o,doc:f,issuer:d,signer:l,jwt:r}}})}catch(r){return Promise.reject(r)}},r.createJWT=function(r,e){var t=e.issuer,n=e.signer,o=e.alg,i=e.expiresIn;try{if(!n)throw new Error("No Signer functionality has been configured");if(!t)throw new Error("No issuing DID has been configured");var a={typ:"JWT",alg:o||"ES256K"},u={iat:Math.floor(Date.now()/1e3),exp:void 0};if(i){if("number"!=typeof i)throw new Error("JWT expiresIn is not a number");u.exp=(r.nbf||u.iat)+Math.floor(i)}var c=[E(a),E(Object.assign({},u,r,{iss:t}))].join("."),f=function(r){var e=m[r];if(!e)throw new Error("Unsupported algorithm "+r);return e}(a.alg);return Promise.resolve(f(c,n)).then(function(r){return[c,r].join(".")})}catch(r){return Promise.reject(r)}},r.decodeJWT=P,r.toEthereumAddress=f}); | ||
| //# sourceMappingURL=index.umd.js.map |
| { | ||
| "name": "did-jwt", | ||
| "version": "3.0.0", | ||
| "version": "4.0.0", | ||
| "description": "Library for Signing and Verifying JWTs compatible uPort and DID standards", | ||
@@ -5,0 +5,0 @@ "main": "lib/index.js", |
| # did-jwt | ||
| [](https://chat.uport.me/#/login) | ||
| [](https://www.npmjs.com/package/did-jwt) | ||
@@ -51,7 +50,7 @@ [](https://www.npmjs.com/package/did-jwt) | ||
| const didJWT = require('did-jwt') | ||
| const signer = didJWT.SimpleSigner('fa09a3ff0d486be2eb69545c393e2cf47cb53feb44a3550199346bdfa6f53245'); | ||
| const signer = didJWT.SimpleSigner('278a5de700e29faae8e40e366ec5012b5ec63d36ec77e8a2417154cc1d25383f'); | ||
| let jwt = ''; | ||
| didJWT.createJWT({aud: 'did:uport:2osnfJ4Wy7LBAm2nPBXire1WfQn75RrV6Ts', exp: 1957463421, name: 'uPort Developer'}, | ||
| {issuer: 'did:uport:2osnfJ4Wy7LBAm2nPBXire1WfQn75RrV6Ts', signer}).then( response => | ||
| didJWT.createJWT({aud: 'did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74', exp: 1957463421, name: 'uPort Developer'}, | ||
| {alg: 'ES256K-R', issuer: 'did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74', signer}).then( response => | ||
| { jwt = response }); | ||
@@ -68,4 +67,5 @@ | ||
| ```js | ||
| didJWT.decodeJWT('eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksifQ.eyJpYXQiOjE1MjU5Mjc1MTcsImF1ZCI6ImRpZDp1cG9> didJWT.decodeJWT('eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksifQ.eyJpYXQiOjE1MjU5Mjc1MTcsImF1ZCI6ImRpZDp1cG9y dDoyb3NuZko0V3k3TEJBbTJuUEJYaXJlMVdmUW43NVJyVjZUcyIsImV4cCI6MTU1NzQ2MzQyMSwibmFtZSI6InVQb3J0IERldmVsb3> didJWT.decodeJWT('eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksifQ.eyJpYXQiOjE1MjU5Mjc1MTcsImF1ZCI6ImRpZDp1cG9ydDoyb3NuZko0V3k3TEJBbTJuUEJYaXJlMVdmUW43NVJyVjZUcyIsImV4cCI6MTU1NzQ2MzQyMSwibmFtZSI6InVQb3J0IERldmVsb3B lciIsImlzcyI6ImRpZDp1cG9ydDoyb3NuZko0V3k3TEJBbTJuUEJYaXJlMVdmUW43NVJyVjZUcyJ9.R7owbvNZoL4ti5ec-Kpktb0d> didJWT.decodeJWT('eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksifQ.eyJpYXQiOjE1MjU5Mjc1MTcsImF1ZCI6ImRpZDp1cG9ydDoyb3NuZko0V3k3TEJBbTJuUEJYaXJlMVdmUW43NVJyVjZUcyIsImV4cCI6MTU1NzQ2MzQyMSwibmFtZSI6InVQb3J0IERldmVsb3BlciIsImlzcyI6ImRpZDp1cG9ydDoyb3NuZko0V3k3TEJBbTJuUEJYaXJlMVdmUW43NVJyVjZUcyJ9.R7owbvNZoL4ti5ec-Kpktb0da tw9Y-FshHsF5R7cXuKaiGlQz1dcOOXbXTOb-wg7-30CDfchFERR6Yc8F61ymw') | ||
| //pass the jwt from step 1 | ||
| let decoded = didJWT.decodeJWT(jwt) | ||
| console.log(decoded) | ||
| ``` | ||
@@ -76,11 +76,14 @@ | ||
| ```js | ||
| { header: { typ: 'JWT', alg: 'ES256K' }, | ||
| payload: | ||
| { iat: 1525927517, | ||
| aud: 'did:uport:2osnfJ4Wy7LBAm2nPBXire1WfQn75RrV6Ts', | ||
| exp: 1557463421, | ||
| name: 'uPort Developer', | ||
| iss: 'did:uport:2osnfJ4Wy7LBAm2nPBXire1WfQn75RrV6Ts' }, | ||
| signature: 'R7owbvNZoL4ti5ec-Kpktb0datw9Y-FshHsF5R7cXuKaiGlQz1dcOOXbXTOb-wg7-30CDfchFERR6Yc8F61ymw', | ||
| data: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksifQ.eyJpYXQiOjE1MjU5Mjc1MTcsImF1ZCI6ImRpZDp1cG9ydDoyb3NuZko0V3k3TEJBbTJuUEJYaXJlMVdmUW43NVJyVjZUcyIsImV4cCI6MTU1NzQ2MzQyMSwibmFtZSI6InVQb3J0IERldmVsb3BlciIsImlzcyI6ImRpZDp1cG9ydDoyb3NuZko0V3k3TEJBbTJuUEJYaXJlMVdmUW43NVJyVjZUcyJ9' } | ||
| { | ||
| header: { typ: 'JWT', alg: 'ES256K-R' }, | ||
| payload: { | ||
| iat: 1571692233, | ||
| exp: 1957463421, | ||
| aud: 'did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74', | ||
| name: 'uPort Developer', | ||
| iss: 'did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74' | ||
| }, | ||
| signature: 'kkSmdNE9Xbiql_KCg3IptuJotm08pSEeCOICBCN_4YcgyzFc4wIfBdDQcz76eE-z7xUR3IBb6-r-lRfSJcHMiAA', | ||
| data: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NkstUiJ9.eyJpYXQiOjE1NzE2OTIyMzMsImV4cCI6MTk1NzQ2MzQyMSwiYXVkIjoiZGlkOmV0aHI6MHhmM2JlYWMzMGM0OThkOWUyNjg2NWYzNGZjYWE1N2RiYjkzNWIwZDc0IiwibmFtZSI6InVQb3J0IERldmVsb3BlciIsImlzcyI6ImRpZDpldGhyOjB4ZjNiZWFjMzBjNDk4ZDllMjY4NjVmMzRmY2FhNTdkYmI5MzViMGQ3NCJ9' | ||
| } | ||
| ``` | ||
@@ -92,6 +95,17 @@ | ||
| You ned to provide a did-resolver for the verify function. For this example we will use ethr-did, but there are other methods available above. For more information on configuring the Resolver object please see [did-resolver](https://github.com/decentralized-identity/did-resolver#configure-resolver-object) | ||
| ``` bash | ||
| npm install ethr-did-resolver | ||
| ``` | ||
| ```js | ||
| const Resolver = require('did-resolver') | ||
| const ethrDid = require('ethr-did-resolver').getResolver() | ||
| let resolver = new Resolver.Resolver(ethrDid) | ||
| let verifiedRespone = {}; | ||
| // pass the JWT from step 1 & 2 | ||
| let verifiedRespone = {}; | ||
| didJWT.verifyJWT(jwt, {audience: 'did:uport:2osnfJ4Wy7LBAm2nPBXire1WfQn75RrV6Ts'}).then((response) => | ||
| didJWT.verifyJWT(jwt, {resolver: resolver, audience: 'did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74'}).then((response) => | ||
| { verifiedRespone = response }); | ||
@@ -105,25 +119,25 @@ | ||
| ```js | ||
| { payload: | ||
| { iat: 1525927517, | ||
| aud: 'did:uport:2osnfJ4Wy7LBAm2nPBXire1WfQn75RrV6Ts', | ||
| exp: 1557463421, | ||
| name: 'uPort Developer', | ||
| iss: 'did:uport:2osnfJ4Wy7LBAm2nPBXire1WfQn75RrV6Ts' }, | ||
| doc: | ||
| { '@context': 'https://w3id.org/did/v1', | ||
| id: 'did:uport:2osnfJ4Wy7LBAm2nPBXire1WfQn75RrV6Ts', | ||
| publicKey: [ [Object] ], | ||
| uportProfile: | ||
| { '@context': 'http://schema.org', | ||
| '@type': 'App', | ||
| name: 'Uport Developer Splash Demo', | ||
| description: 'This app demonstrates basic login functionality', | ||
| url: 'https://developer.uport.me' } }, | ||
| issuer: 'did:uport:2osnfJ4Wy7LBAm2nPBXire1WfQn75RrV6Ts', | ||
| signer: | ||
| { id: 'did:uport:2osnfJ4Wy7LBAm2nPBXire1WfQn75RrV6Ts#keys-1', | ||
| type: 'EcdsaPublicKeySecp256k1', | ||
| owner: 'did:uport:2osnfJ4Wy7LBAm2nPBXire1WfQn75RrV6Ts', | ||
| publicKeyHex: '04c74d8a9154bbf48ce4b259b703c420e10aba42d03fa592ccf9dea60c83cd9ca81d3e08b859d4dc5a6dee30da2600e50ace688201b6f5a1e0938d135ec4b442ad' }, | ||
| jwt: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksifQ.eyJpYXQiOjE1MjU5Mjc1MTcsImF1ZCI6ImRpZDp1cG9ydDoyb3NuZko0V3k3TEJBbTJuUEJYaXJlMVdmUW43NVJyVjZUcyIsImV4cCI6MTU1NzQ2MzQyMSwibmFtZSI6InVQb3J0IERldmVsb3BlciIsImlzcyI6ImRpZDp1cG9ydDoyb3NuZko0V3k3TEJBbTJuUEJYaXJlMVdmUW43NVJyVjZUcyJ9.R7owbvNZoL4ti5ec-Kpktb0datw9Y-FshHsF5R7cXuKaiGlQz1dcOOXbXTOb-wg7-30CDfchFERR6Yc8F61ymw' } | ||
| { | ||
| payload: { | ||
| iat: 1571692448, | ||
| exp: 1957463421, | ||
| aud: 'did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74', | ||
| name: 'uPort Developer', | ||
| iss: 'did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74' | ||
| }, | ||
| doc: { | ||
| '@context': 'https://w3id.org/did/v1', | ||
| id: 'did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74', | ||
| publicKey: [ [Object] ], | ||
| authentication: [ [Object] ] | ||
| }, | ||
| issuer: 'did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74', | ||
| signer: { | ||
| id: 'did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74#owner', | ||
| type: 'Secp256k1VerificationKey2018', | ||
| owner: 'did:ethr:0xf3beac30c498d9e26865f34fcaa57dbb935b0d74', | ||
| ethereumAddress: '0xf3beac30c498d9e26865f34fcaa57dbb935b0d74' | ||
| }, | ||
| jwt: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NkstUiJ9.eyJpYXQiOjE1NzE2OTI0NDgsImV4cCI6MTk1NzQ2MzQyMSwiYXVkIjoiZGlkOmV0aHI6MHhmM2JlYWMzMGM0OThkOWUyNjg2NWYzNGZjYWE1N2RiYjkzNWIwZDc0IiwibmFtZSI6InVQb3J0IERldmVsb3BlciIsImlzcyI6ImRpZDpldGhyOjB4ZjNiZWFjMzBjNDk4ZDllMjY4NjVmMzRmY2FhNTdkYmI5MzViMGQ3NCJ9.xd_CSWukS6rK8y7GVvyH_c5yRsDXojM6BuKaf1ZMg0fsgpSBioS7jBfyk4ZZvS0iuFu4u4_771_PNWvmsvaZQQE' | ||
| } | ||
| ``` |
@@ -96,3 +96,3 @@ import { | ||
| it('ignores expiresIn if nbf is not set', async () => { | ||
| it('Uses iat if nbf is not defined but expiresIn is included', async () => { | ||
| const { payload } = decodeJWT( | ||
@@ -104,3 +104,3 @@ await createJWT( | ||
| ) | ||
| return expect(payload.exp).toBeUndefined() | ||
| return expect(payload.exp).toEqual(payload.iat + 10000) | ||
| }) | ||
@@ -107,0 +107,0 @@ |
@@ -170,5 +170,5 @@ import VerifierAlgorithm from './VerifierAlgorithm' | ||
| } | ||
| if (expiresIn && payload.nbf) { | ||
| if (expiresIn) { | ||
| if (typeof expiresIn === 'number') { | ||
| timestamps.exp = payload.nbf + Math.floor(expiresIn) | ||
| timestamps.exp = (payload.nbf || timestamps.iat) + Math.floor(expiresIn) | ||
| } else { | ||
@@ -175,0 +175,0 @@ throw new Error('JWT expiresIn is not a number') |
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Number of lines in readme file
- increased by11.2%
139
Worsened metrics
- Total package byte prevSize
- decreased by-0.15%
405462
No dependency changes