Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

did-jwt

Package Overview
Dependencies
Maintainers
1
Versions
142
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

did-jwt

Library for Signing and Verifying JWTs compatible uPort and DID standards

  • 0.0.8
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
53K
decreased by-12.73%
Maintainers
1
Weekly downloads
 
Created
Source

did-jwt

The did-JWT library allows you to sign and verify JSON Web Tokens (JWT). Public keys are resolved using the Decentralized ID (DID) of the iss claim of the JWT.

JWT Details

Algorithms supported

DID PublicKey Types

The PublicKey section of a DID document contains one or more Public Keys. We support the following types:

NameEncodingAlgorithm's
Secp256k1SignatureVerificationKey2018publicKeyHexES256K, ES256K-R
Secp256k1VerificationKey2018publicKeyHexES256K, ES256K-R
Secp256k1VerificationKey2018ethereumAddressES256K-R

Claims

NameDescriptionRequired
issThe DID of the signing identityyes
subThe DID of the subject of the JWTno
audThe DID or URL of the audience of the JWT. Our libraries or app will not accept any JWT that has someone else as the audienceno
iatThe time of issuanceyes
expExpiration time of JWTno

Installation

npm install did-jwt

or if you use yarn

yarn add did-jwt

API

Creating a JWT

Use the createJWT() function

import { createJWT, SimpleSigner } from 'did-jwt'

const signer = SimpleSigner('PRIVATEKEY')

createJWT(
    {aud: 'did:uport:2nQtiQG6Cgm1GYTBaaKAgr76uY7iSexUkqY', exp: 1485321133, name: 'Bob Smith'},
    {issuer: 'did:uport:2nQtiQG6Cgm1GYTBaaKAgr76uY7iSexUkqX', signer}).then(jwt => {
    console.log(jwt)
})
Parameters
createJWT(payload, settings)
NameDescriptionRequired
payloadan object containing any claims you want to encode in the JWT including optional standard claims such as sub, aud and expyes
settings.issuerThe DID of the audience of the JWTyes
settings.signerA signing function (see SimpleSigner)yes
settings.expiresInHow many seconds after signing should the JWT be valid (sets the exp claim)no
Promise Return Value

The createJWT() function returns a Promise.

A successfull call returns an object containing the following attributes:

NameDescription
jwtString containing a JSON Web Tokens (JWT)

If there are any errors found during the signing process the promise is rejected with a clear error message.

Verifying a JWT

Use the verifyJWT() function

import { verifyJWT } from 'did-jwt'

verifyJWT('eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NksifQ.eyJpc3MiOiJkaWQ6dXBvcn....', {audience: 'Your DID'}).then({payload, doc, did, signer, jwt} => {
    console.log(payload)
})
Parameters
verifyJWT(jwt, options)
NameDescriptionRequired
jwtString containing a JSON Web Tokens (JWT)yes
options.authRequire signer to be listed in the authentication section of the DID document (for Authentication of a user with DID-AUTH)
options.audienceThe DID of the audience of the JWTno
options.callbackUrlThe the URL receiving the JWTno
Promise Return Value

The verifyJWT() function returns a Promise.

A successfull call returns an object containing the following attributes:

NameDescription
payloadAn object containing the JSON parsed contents of the payload section of the JWT
issuerThe DID of the issuer of the JWT
signerAn object containing information about which key signed the JWT. This is useful if a DID document has multiple keys listed
docThe DID Document of the issuer of the JWT
jwtThe original JWT passed in to the function

If there are any errors found during the verification process the promise is rejected with a clear error message.

Signer Functions

We provide a simple signing abstraction that makes it easy to add support for your own Key Management infrastructure.

SimpleSigner

For most people you can use our SimpleSigner() function to creaate a signer function using a hex encoded private key.

import { SimpleSigner } from 'did-jwt'
const signer = SimpleSigner('278a5de700e29faae8e40e366ec5012b5ec63d36ec77e8a2417154cc1d25383f')
Parameters
SimpleSigner(privateKey)
NameDescriptionRequired
privateKeyhex encoded secp256k1 privatekeyyes

Note this is NOT a constructor, but a higher order function that returns a signing function.

Creating Custom Signers for integrating with HSM

You can easily create custom signers that integrates into your existing signing infrastructure. A signer function takes the raw data to be signed and returns a Promise containing the signature parameters.

function mySigner (data) {
    return new Promise((resolve, reject) => {
        const signature = /// sign it
        resolve(signature)
    })
}
Parameters
NameDescriptionRequired
dataString or Buffer containing data to be signedyes
Promise Return Value

Your function must returns a Promise.

A successfull call returns an object containing the following attributes:

NameDescriptionRequired
rHex encoded r value of secp256k1 signatureyes
sHex encoded s value of secp256k1 signatureyes
recoveryParamRecovery parameter of signature (can be used to calculate signing public key)only required for (ES256K-R)

FAQs

Package last updated on 18 Apr 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc