Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

get-jwks

Package Overview
Dependencies
Maintainers
34
Versions
32
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

get-jwks

Fetch utils for JWKS keys

  • 2.1.0
  • Source
  • npm
  • Socket score

Version published
Maintainers
34
Created
Source

get-jwks

Build

Fetch utils for JWKS keys

Installation

Just run:

npm install get-jwks

Usage

const buildGetJwks = require('get-jwks')

const getJwks = buildGetJwks()

const secret = await getJwks.getSecret({
  domain: 'https://exampe.com/',
  alg: 'token_alg',
  kid: 'token_kid'
})

// to clear the secret in cache
getJwks.clearCache()

getSecret

Calling the getSecret will fetch the JSON Web Key, Set and verify if any of the public keys matches the alg and kid values of your JWT token. And it will cache the secret so if called again it will not make another http request to return the secret. It is asynchronous.

  • domain: A string containing the domain (ie: https://www.example.com/) from which the library should fetch the JWKS. get-jwks will add the JWKS location (.well-known/jwks.json) to form the final url (ie: https://www.example.com/.well-known/jwks.json).
  • alg: The alg header parameter represents the cryptographic algorithm used to secure the token. You will find it in your decoded JWT.
  • kid: The kid is a hint that indicates which key was used to secure the JSON web signature of the token. You will find it in your decoded JWT.

clearCache

Clears the contents of the cache

Optional cache constuctor

When creating the cache constructor you pass some optional parameters based off the tiny-lru package.

  • max: Max items to hold in cache, the default setting is 100.
  • ttl: Milliseconds an item will remain in cache; lazy expiration upon next get() of an item, the default setting is 60000.
const buildGetJwks = require('get-jwks')

const getJwks = buildGetJwks({
  max: 500,
  ttl: 60 * 1000
})

Keywords

FAQs

Package last updated on 24 Feb 2021

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc