jose-browser-runtime
Advanced tools
jose-browser-runtime - npm Package Compare versions
Comparing version 4.13.2 to 4.14.0
@@ -32,11 +32,22 @@ import { JWTClaimValidationFailed, JWTExpired, JWTInvalid } from '../util/errors.js'; | ||
| } | ||
| const { issuer } = options; | ||
| const { requiredClaims = [], issuer, subject, audience, maxTokenAge } = options; | ||
| if (maxTokenAge !== undefined) | ||
| requiredClaims.push('iat'); | ||
| if (audience !== undefined) | ||
| requiredClaims.push('aud'); | ||
| if (subject !== undefined) | ||
| requiredClaims.push('sub'); | ||
| if (issuer !== undefined) | ||
| requiredClaims.push('iss'); | ||
| for (const claim of new Set(requiredClaims.reverse())) { | ||
| if (!(claim in payload)) { | ||
| throw new JWTClaimValidationFailed(`missing required "${claim}" claim`, claim, 'missing'); | ||
| } | ||
| } | ||
| if (issuer && !(Array.isArray(issuer) ? issuer : [issuer]).includes(payload.iss)) { | ||
| throw new JWTClaimValidationFailed('unexpected "iss" claim value', 'iss', 'check_failed'); | ||
| } | ||
| const { subject } = options; | ||
| if (subject && payload.sub !== subject) { | ||
| throw new JWTClaimValidationFailed('unexpected "sub" claim value', 'sub', 'check_failed'); | ||
| } | ||
| const { audience } = options; | ||
| if (audience && | ||
@@ -62,3 +73,3 @@ !checkAudiencePresence(payload.aud, typeof audience === 'string' ? [audience] : audience)) { | ||
| const now = epoch(currentDate || new Date()); | ||
| if ((payload.iat !== undefined || options.maxTokenAge) && typeof payload.iat !== 'number') { | ||
| if ((payload.iat !== undefined || maxTokenAge) && typeof payload.iat !== 'number') { | ||
| throw new JWTClaimValidationFailed('"iat" claim must be a number', 'iat', 'invalid'); | ||
@@ -82,5 +93,5 @@ } | ||
| } | ||
| if (options.maxTokenAge) { | ||
| if (maxTokenAge) { | ||
| const age = now - payload.iat; | ||
| const max = typeof options.maxTokenAge === 'number' ? options.maxTokenAge : secs(options.maxTokenAge); | ||
| const max = typeof maxTokenAge === 'number' ? maxTokenAge : secs(maxTokenAge); | ||
| if (age - tolerance > max) { | ||
@@ -87,0 +98,0 @@ throw new JWTExpired('"iat" claim timestamp check failed (too far in the past)', 'iat', 'check_failed'); |
@@ -297,3 +297,9 @@ /** | ||
| /** JWE "zip" (Compression Algorithm) Header Parameter. */ | ||
| /** | ||
| * JWE "zip" (Compression Algorithm) Header Parameter. | ||
| * | ||
| * @deprecated Compression of data SHOULD NOT be done before encryption, because such compressed | ||
| * data often reveals information about the plaintext. | ||
| * @see {@link https://www.rfc-editor.org/rfc/rfc8725#name-avoid-compression-of-encryp Avoid Compression of Encryption Inputs} | ||
| */ | ||
| zip?: string | ||
@@ -399,2 +405,12 @@ | ||
| currentDate?: Date | ||
| /** | ||
| * Array of required Claim Names that must be present in the JWT Claims Set. Default is that: if | ||
| * the {@link JWTClaimVerificationOptions.issuer issuer option} is set, then "iss" must be present; | ||
| * if the {@link JWTClaimVerificationOptions.audience audience option} is set, then "aud" must be | ||
| * present; if the {@link JWTClaimVerificationOptions.subject subject option} is set, then "sub" | ||
| * must be present; if the {@link JWTClaimVerificationOptions.maxTokenAge maxTokenAge option} is | ||
| * set, then "iat" must be present. | ||
| */ | ||
| requiredClaims?: string[] | ||
| } | ||
@@ -473,2 +489,6 @@ | ||
| * {@link https://nodejs.org/api/zlib.html#zlibdeflaterawbuffer-options-callback zlib.deflateRaw}. | ||
| * | ||
| * @deprecated Compression of data SHOULD NOT be done before encryption, because such compressed | ||
| * data often reveals information about the plaintext. | ||
| * @see {@link https://www.rfc-editor.org/rfc/rfc8725#name-avoid-compression-of-encryp Avoid Compression of Encryption Inputs} | ||
| */ | ||
@@ -482,2 +502,6 @@ export interface DeflateFunction { | ||
| * {@link https://nodejs.org/api/zlib.html#zlibinflaterawbuffer-options-callback zlib.inflateRaw}. | ||
| * | ||
| * @deprecated Compression of data SHOULD NOT be done before encryption, because such compressed | ||
| * data often reveals information about the plaintext. | ||
| * @see {@link https://www.rfc-editor.org/rfc/rfc8725#name-avoid-compression-of-encryp Avoid Compression of Encryption Inputs} | ||
| */ | ||
@@ -484,0 +508,0 @@ export interface InflateFunction { |
| { | ||
| "name": "jose-browser-runtime", | ||
| "version": "4.13.2", | ||
| "version": "4.14.0", | ||
| "homepage": "https://github.com/panva/jose", | ||
@@ -5,0 +5,0 @@ "repository": "panva/jose", |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.9%
210087
- Lines of code
- increased by0.66%
5163