		@@ -49,6 +49,6 @@ # get-jwks

		Calling the asynchronous function `getJwk` will fetch the [JSON Web Key](https://tools.ietf.org/html/rfc7517), and verify if any of the public keys matches the provided `alg` and `kid` values. It will cache the matching key so if called again it will not make another request to retrieve a JWKS. It will also use a cache to store stale values which is used in case of errors as a fallback mechanism.
		Calling the asynchronous function `getJwk` will fetch the [JSON Web Key](https://tools.ietf.org/html/rfc7517), and verify if any of the public keys matches the provided `alg` (if any) and `kid` values. It will cache the matching key so if called again it will not make another request to retrieve a JWKS. It will also use a cache to store stale values which is used in case of errors as a fallback mechanism.

		- `domain`: A string containing the domain (e.g. `https://www.example.com/`, with or without trailing slash) from which the library should fetch the JWKS. If providerDiscovery flag is set to false `get-jwks` will add the JWKS location (`.well-known/jwks.json`) to form the final url (ie: `https://www.example.com/.well-known/jwks.json`) otherwise the domain will be treated as tthe openid issuer and the retrival will be done via the Provider Discovery Endpoint.
		- `alg`: The alg header parameter represents the cryptographic algorithm used to secure the token. You will find it in your decoded JWT.
		- `alg`: The alg header parameter is an optional parameter that represents the cryptographic algorithm used to secure the token. You will find it in your decoded JWT.
		- `kid`: The kid is a hint that indicates which key was used to secure the JSON web signature of the token. You will find it in your decoded JWT.
		@@ -55,0 +55,0 @@

src/get-jwks.js

		@@ -112,3 +112,3 @@ 'use strict'

		const jwk = body.keys.find(key => key.alg === alg && key.kid === kid)
		const jwk = body.keys.find(key => (key.alg === undefined \|\| key.alg === alg) && key.kid === kid)

		@@ -115,0 +115,0 @@ if (!jwk) {

test/constants.js

		@@ -29,2 +29,10 @@ 'use strict'
		},
		{
		kid: 'KEY_2',
		e: 'AQAB',
		kty: 'RSA',
		n:
		'7KRDtHuJ9-R1cYzB9-E4TUVazzv93MMmMo_38nOwEKNxlWs7OVg397d0SCsdmBbcbr4KTMeblY4a-VOzLVZ5ycYgi7ZbMvv7RzunKuPsjm7m863dLnPUFOptsFVANDOHgDYopKBFYoIMoxjXU7bOzLL-Ez0oO5keT1hGZkJT_7GRvKyYigugN4lLia4Tb3AmUN60wiloyQCJ2xYATWHB0e4sTwIDq6MFXhVFHXV6ZBU7sDh0HqmP08gJtMnsFOE7zUcbpqTvpz5nAR6EyUs7R0g61WmGUfQTrE6byVCZ8w0NN4Xer6IQBjnDZWbmf69jsAFFAYDCe-omWXY526qLQw',
		use: 'sig'
		}
		],
		@@ -31,0 +39,0 @@ }

test/getJwk.spec.js

		@@ -52,2 +52,13 @@ 'use strict'

		t.test('returns a jwk if no alg is provided and kid match', async t => {
		nock(domain).get('/.well-known/jwks.json').reply(200, jwks)
		const getJwks = buildGetJwks()
		const key = jwks.keys[2]

		const jwk = await getJwks.getJwk({ domain, kid: key.kid })

		t.ok(jwk)
		t.deepEqual(jwk, key)
		})

		t.test('caches a successful response', async t => {
		@@ -54,0 +65,0 @@ nock(domain).get('/.well-known/jwks.json').once().reply(200, jwks)

test/getJwkDiscovery.spec.js

		@@ -57,2 +57,14 @@ 'use strict'

		t.test('returns a jwk if no alg is provided and kid match for discovery', async t => {
		nock(domain).get('/.well-known/openid-configuration').reply(200, oidcConfig)
		nock(domain).get('/.well-known/certs').reply(200, jwks)
		const getJwks = buildGetJwks({ providerDiscovery: true })
		const key = jwks.keys[2]

		const jwk = await getJwks.getJwk({ domain, kid: key.kid })

		t.ok(jwk)
		t.deepEqual(jwk, key)
		})

		t.test('caches a successful response for discovery', async t => {
		@@ -59,0 +71,0 @@ nock(domain).get('/.well-known/openid-configuration').reply(200, oidcConfig)

get-jwks - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics