Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

jose-browser-runtime

Package Overview
Dependencies
Maintainers
1
Versions
132
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

jose-browser-runtime - npm Package Compare versions

Comparing version 4.8.3 to 4.9.0

2

dist/browser/index.js

@@ -17,3 +17,3 @@ export { compactDecrypt } from './jwe/compact/decrypt.js';

export { EncryptJWT } from './jwt/encrypt.js';
export { calculateJwkThumbprint } from './jwk/thumbprint.js';
export { calculateJwkThumbprint, calculateJwkThumbprintUri } from './jwk/thumbprint.js';
export { EmbeddedJWK } from './jwk/embedded.js';

@@ -20,0 +20,0 @@ export { createLocalJWKSet } from './jwks/local.js';

@@ -46,4 +46,4 @@ import { decode as base64url } from '../../runtime/base64url.js';

if (jwe.protected) {
const protectedHeader = base64url(jwe.protected);
try {
const protectedHeader = base64url(jwe.protected);
parsedProt = JSON.parse(decoder.decode(protectedHeader));

@@ -50,0 +50,0 @@ }

@@ -11,6 +11,7 @@ import digest from '../runtime/digest.js';

};
export async function calculateJwkThumbprint(jwk, digestAlgorithm = 'sha256') {
export async function calculateJwkThumbprint(jwk, digestAlgorithm) {
if (!isObject(jwk)) {
throw new TypeError('JWK must be an object');
}
digestAlgorithm !== null && digestAlgorithm !== void 0 ? digestAlgorithm : (digestAlgorithm = 'sha256');
if (digestAlgorithm !== 'sha256' &&

@@ -49,1 +50,6 @@ digestAlgorithm !== 'sha384' &&

}
export async function calculateJwkThumbprintUri(jwk, digestAlgorithm) {
digestAlgorithm !== null && digestAlgorithm !== void 0 ? digestAlgorithm : (digestAlgorithm = 'sha256');
const thumbprint = await calculateJwkThumbprint(jwk, digestAlgorithm);
return `urn:ietf:params:oauth:jwk-thumbprint:sha-${digestAlgorithm.slice(-3)}:${thumbprint}`;
}

@@ -32,4 +32,4 @@ import { decode as base64url } from '../../runtime/base64url.js';

if (jws.protected) {
const protectedHeader = base64url(jws.protected);
try {
const protectedHeader = base64url(jws.protected);
parsedProt = JSON.parse(decoder.decode(protectedHeader));

@@ -36,0 +36,0 @@ }

@@ -28,3 +28,3 @@ export { compactDecrypt } from './jwe/compact/decrypt';

export { EncryptJWT } from './jwt/encrypt';
export { calculateJwkThumbprint } from './jwk/thumbprint';
export { calculateJwkThumbprint, calculateJwkThumbprintUri } from './jwk/thumbprint';
export { EmbeddedJWK } from './jwk/embedded';

@@ -31,0 +31,0 @@ export { createLocalJWKSet } from './jwks/local';

import type { KeyLike, DecryptOptions, CompactJWEHeaderParameters, GetKeyFunction, FlattenedJWE, CompactDecryptResult, ResolvedKey } from '../../types';
/**
* Interface for Compact JWE Decryption dynamic key resolution.
* No token components have been verified at the time of this function call.
* Interface for Compact JWE Decryption dynamic key resolution. No token components have been
* verified at the time of this function call.
*/

@@ -11,9 +11,7 @@ export interface CompactDecryptGetKey extends GetKeyFunction<CompactJWEHeaderParameters, FlattenedJWE> {

*
* @param jwe Compact JWE.
* @param key Private Key or Secret to decrypt the JWE with.
* @param options JWE Decryption options.
* @example Usage
*
* @example Usage
* ```js
* const jwe = 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIn0.nyQ19eq9ogh9wA7fFtnI2oouzy5_8b5DeLkoRMfi2yijgfTs2zEnayCEofz_qhnL-nwszabd9qUeHv0-IwvhhJJS7GUJOU3ikiIe42qcIAFme1A_Fo9CTxw4XTOy-I5qanl8So91u6hwfyN1VxAqVLsSE7_23EC-gfGEg_5znew9PyXXsOIE-K_HH7IQowRrlZ1X_bM_Liu53RzDpLDvRz59mp3S8L56YqpM8FexFGTGpEaoTcEIst375qncYt3-79IVR7gZN1RWsWgjPatfvVbnh74PglQcATSf3UUhaW0OAKn6q7r3PDx6DIKQ35bgHQg5QopuN00eIfLQL2trGw.W3grIVj5HVuAb76X.6PcuDe5D6ttWFYyv0oqqdDXfI2R8wBg1F2Q80UUA_Gv8eEimNWfxIWdLxrjzgQGSvIhxmFKuLM0.a93_Ug3uZHuczj70Zavx8Q'
* const jwe =
* 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIn0.nyQ19eq9ogh9wA7fFtnI2oouzy5_8b5DeLkoRMfi2yijgfTs2zEnayCEofz_qhnL-nwszabd9qUeHv0-IwvhhJJS7GUJOU3ikiIe42qcIAFme1A_Fo9CTxw4XTOy-I5qanl8So91u6hwfyN1VxAqVLsSE7_23EC-gfGEg_5znew9PyXXsOIE-K_HH7IQowRrlZ1X_bM_Liu53RzDpLDvRz59mp3S8L56YqpM8FexFGTGpEaoTcEIst375qncYt3-79IVR7gZN1RWsWgjPatfvVbnh74PglQcATSf3UUhaW0OAKn6q7r3PDx6DIKQ35bgHQg5QopuN00eIfLQL2trGw.W3grIVj5HVuAb76X.6PcuDe5D6ttWFYyv0oqqdDXfI2R8wBg1F2Q80UUA_Gv8eEimNWfxIWdLxrjzgQGSvIhxmFKuLM0.a93_Ug3uZHuczj70Zavx8Q'
*

@@ -25,2 +23,6 @@ * const { plaintext, protectedHeader } = await jose.compactDecrypt(jwe, privateKey)

* ```
*
* @param jwe Compact JWE.
* @param key Private Key or Secret to decrypt the JWE with.
* @param options JWE Decryption options.
*/

@@ -27,0 +29,0 @@ export declare function compactDecrypt(jwe: string | Uint8Array, key: KeyLike | Uint8Array, options?: DecryptOptions): Promise<CompactDecryptResult>;

@@ -6,7 +6,6 @@ import type { KeyLike, JWEKeyManagementHeaderParameters, CompactJWEHeaderParameters, EncryptOptions } from '../../types';

* @example Usage
*
* ```js
* const jwe = await new jose.CompactEncrypt(
* new TextEncoder().encode(
* 'It’s a dangerous business, Frodo, going out your door.'
* )
* new TextEncoder().encode('It’s a dangerous business, Frodo, going out your door.'),
* )

@@ -21,25 +20,20 @@ * .setProtectedHeader({ alg: 'RSA-OAEP-256', enc: 'A256GCM' })

private _flattened;
/**
* @param plaintext Binary representation of the plaintext to encrypt.
*/
/** @param plaintext Binary representation of the plaintext to encrypt. */
constructor(plaintext: Uint8Array);
/**
* Sets a content encryption key to use, by default a random suitable one
* is generated for the JWE enc" (Encryption Algorithm) Header Parameter.
* Sets a content encryption key to use, by default a random suitable one is generated for the JWE
* enc" (Encryption Algorithm) Header Parameter.
*
* @deprecated You should not use this method. It is only really intended for test and vector
* validation purposes.
* @param cek JWE Content Encryption Key.
*
* @deprecated You should not use this method. It is only really intended
* for test and vector validation purposes.
*/
setContentEncryptionKey(cek: Uint8Array): this;
/**
* Sets the JWE Initialization Vector to use for content encryption, by default
* a random suitable one is generated for the JWE enc" (Encryption Algorithm)
* Header Parameter.
* Sets the JWE Initialization Vector to use for content encryption, by default a random suitable
* one is generated for the JWE enc" (Encryption Algorithm) Header Parameter.
*
* @deprecated You should not use this method. It is only really intended for test and vector
* validation purposes.
* @param iv JWE Initialization Vector.
*
* @deprecated You should not use this method. It is only really intended
* for test and vector validation purposes.
*/

@@ -54,5 +48,5 @@ setInitializationVector(iv: Uint8Array): this;

/**
* Sets the JWE Key Management parameters to be used when encrypting the Content
* Encryption Key. You do not need to invoke this method, it is only really
* intended for test and vector validation purposes.
* Sets the JWE Key Management parameters to be used when encrypting the Content Encryption Key.
* You do not need to invoke this method, it is only really intended for test and vector
* validation purposes.
*

@@ -59,0 +53,0 @@ * @param parameters JWE Key Management parameters.

import type { FlattenedDecryptResult, KeyLike, FlattenedJWE, JWEHeaderParameters, DecryptOptions, GetKeyFunction, ResolvedKey } from '../../types';
/**
* Interface for Flattened JWE Decryption dynamic key resolution.
* No token components have been verified at the time of this function call.
* Interface for Flattened JWE Decryption dynamic key resolution. No token components have been
* verified at the time of this function call.
*/

@@ -11,7 +11,4 @@ export interface FlattenedDecryptGetKey extends GetKeyFunction<JWEHeaderParameters | undefined, FlattenedJWE> {

*
* @param jwe Flattened JWE.
* @param key Private Key or Secret to decrypt the JWE with.
* @param options JWE Decryption options.
* @example Usage
*
* @example Usage
* ```js

@@ -22,12 +19,10 @@ * const jwe = {

* tag: 'W76IYV6arGRuDSaSyWrQNg',
* encrypted_key: 'Z6eD4UK_yFb5ZoKvKkGAdqywEG_m0e4IYo0x8Vf30LAMJcsc-_zSgIeiF82teZyYi2YYduHKoqImk7MRnoPZOlEs0Q5BNK1OgBmSOhCE8DFyqh9Zh48TCTP6lmBQ52naqoUJFMtHzu-0LwZH26hxos0GP3Dt19O379MJB837TdKKa87skq0zHaVLAquRHOBF77GI54Bc7O49d8aOrSu1VEFGMThlW2caspPRiTSePDMDPq7_WGk50izRhB3Asl9wmP9wEeaTrkJKRnQj5ips1SAZ1hDBsqEQKKukxP1HtdcopHV5_qgwU8Hjm5EwSLMluMQuiE6hwlkXGOujZLVizA',
* encrypted_key:
* 'Z6eD4UK_yFb5ZoKvKkGAdqywEG_m0e4IYo0x8Vf30LAMJcsc-_zSgIeiF82teZyYi2YYduHKoqImk7MRnoPZOlEs0Q5BNK1OgBmSOhCE8DFyqh9Zh48TCTP6lmBQ52naqoUJFMtHzu-0LwZH26hxos0GP3Dt19O379MJB837TdKKa87skq0zHaVLAquRHOBF77GI54Bc7O49d8aOrSu1VEFGMThlW2caspPRiTSePDMDPq7_WGk50izRhB3Asl9wmP9wEeaTrkJKRnQj5ips1SAZ1hDBsqEQKKukxP1HtdcopHV5_qgwU8Hjm5EwSLMluMQuiE6hwlkXGOujZLVizA',
* aad: 'VGhlIEZlbGxvd3NoaXAgb2YgdGhlIFJpbmc',
* protected: 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIn0'
* protected: 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIn0',
* }
*
* const {
* plaintext,
* protectedHeader,
* additionalAuthenticatedData
* } = await jose.flattenedDecrypt(jwe, privateKey)
* const { plaintext, protectedHeader, additionalAuthenticatedData } =
* await jose.flattenedDecrypt(jwe, privateKey)
*

@@ -39,2 +34,6 @@ * console.log(protectedHeader)

* ```
*
* @param jwe Flattened JWE.
* @param key Private Key or Secret to decrypt the JWE with.
* @param options JWE Decryption options.
*/

@@ -41,0 +40,0 @@ export declare function flattenedDecrypt(jwe: FlattenedJWE, key: KeyLike | Uint8Array, options?: DecryptOptions): Promise<FlattenedDecryptResult>;

import type { KeyLike, FlattenedJWE, JWEHeaderParameters, JWEKeyManagementHeaderParameters, EncryptOptions } from '../../types';
/**
* @private
*/
/** @private */
export declare const unprotected: unique symbol;
/**
* The FlattenedEncrypt class is a utility for creating Flattened JWE
* objects.
* The FlattenedEncrypt class is a utility for creating Flattened JWE objects.
*
* @example Usage
*
* ```js
* const jwe = await new jose.FlattenedEncrypt(
* new TextEncoder().encode(
* 'It’s a dangerous business, Frodo, going out your door.'
* )
* new TextEncoder().encode('It’s a dangerous business, Frodo, going out your door.'),
* )

@@ -33,11 +29,9 @@ * .setProtectedHeader({ alg: 'RSA-OAEP-256', enc: 'A256GCM' })

private _keyManagementParameters;
/**
* @param plaintext Binary representation of the plaintext to encrypt.
*/
/** @param plaintext Binary representation of the plaintext to encrypt. */
constructor(plaintext: Uint8Array);
/**
* Sets the JWE Key Management parameters to be used when encrypting.
* Use of this is method is really only needed for ECDH based algorithms
* when utilizing the Agreement PartyUInfo or Agreement PartyVInfo parameters.
* Other parameters will always be randomly generated when needed and missing.
* Sets the JWE Key Management parameters to be used when encrypting. Use of this is method is
* really only needed for ECDH based algorithms when utilizing the Agreement PartyUInfo or
* Agreement PartyVInfo parameters. Other parameters will always be randomly generated when needed
* and missing.
*

@@ -72,20 +66,17 @@ * @param parameters JWE Key Management parameters.

/**
* Sets a content encryption key to use, by default a random suitable one
* is generated for the JWE enc" (Encryption Algorithm) Header Parameter.
* Sets a content encryption key to use, by default a random suitable one is generated for the JWE
* enc" (Encryption Algorithm) Header Parameter.
*
* @deprecated You should not use this method. It is only really intended for test and vector
* validation purposes.
* @param cek JWE Content Encryption Key.
*
* @deprecated You should not use this method. It is only really intended
* for test and vector validation purposes.
*/
setContentEncryptionKey(cek: Uint8Array): this;
/**
* Sets the JWE Initialization Vector to use for content encryption, by default
* a random suitable one is generated for the JWE enc" (Encryption Algorithm)
* Header Parameter.
* Sets the JWE Initialization Vector to use for content encryption, by default a random suitable
* one is generated for the JWE enc" (Encryption Algorithm) Header Parameter.
*
* @deprecated You should not use this method. It is only really intended for test and vector
* validation purposes.
* @param iv JWE Initialization Vector.
*
* @deprecated You should not use this method. It is only really intended
* for test and vector validation purposes.
*/

@@ -92,0 +83,0 @@ setInitializationVector(iv: Uint8Array): this;

import type { KeyLike, DecryptOptions, JWEHeaderParameters, GetKeyFunction, FlattenedJWE, GeneralJWE, GeneralDecryptResult, ResolvedKey } from '../../types';
/**
* Interface for General JWE Decryption dynamic key resolution.
* No token components have been verified at the time of this function call.
* Interface for General JWE Decryption dynamic key resolution. No token components have been
* verified at the time of this function call.
*/

@@ -11,7 +11,4 @@ export interface GeneralDecryptGetKey extends GetKeyFunction<JWEHeaderParameters, FlattenedJWE> {

*
* @param jwe General JWE.
* @param key Private Key or Secret to decrypt the JWE with.
* @param options JWE Decryption options.
* @example Usage
*
* @example Usage
* ```js

@@ -26,12 +23,10 @@ * const jwe = {

* {
* encrypted_key: 'Z6eD4UK_yFb5ZoKvKkGAdqywEG_m0e4IYo0x8Vf30LAMJcsc-_zSgIeiF82teZyYi2YYduHKoqImk7MRnoPZOlEs0Q5BNK1OgBmSOhCE8DFyqh9Zh48TCTP6lmBQ52naqoUJFMtHzu-0LwZH26hxos0GP3Dt19O379MJB837TdKKa87skq0zHaVLAquRHOBF77GI54Bc7O49d8aOrSu1VEFGMThlW2caspPRiTSePDMDPq7_WGk50izRhB3Asl9wmP9wEeaTrkJKRnQj5ips1SAZ1hDBsqEQKKukxP1HtdcopHV5_qgwU8Hjm5EwSLMluMQuiE6hwlkXGOujZLVizA'
* }
* ]
* encrypted_key:
* 'Z6eD4UK_yFb5ZoKvKkGAdqywEG_m0e4IYo0x8Vf30LAMJcsc-_zSgIeiF82teZyYi2YYduHKoqImk7MRnoPZOlEs0Q5BNK1OgBmSOhCE8DFyqh9Zh48TCTP6lmBQ52naqoUJFMtHzu-0LwZH26hxos0GP3Dt19O379MJB837TdKKa87skq0zHaVLAquRHOBF77GI54Bc7O49d8aOrSu1VEFGMThlW2caspPRiTSePDMDPq7_WGk50izRhB3Asl9wmP9wEeaTrkJKRnQj5ips1SAZ1hDBsqEQKKukxP1HtdcopHV5_qgwU8Hjm5EwSLMluMQuiE6hwlkXGOujZLVizA',
* },
* ],
* }
*
* const {
* plaintext,
* protectedHeader,
* additionalAuthenticatedData
* } = await jose.generalDecrypt(jwe, privateKey)
* const { plaintext, protectedHeader, additionalAuthenticatedData } =
* await jose.generalDecrypt(jwe, privateKey)
*

@@ -43,2 +38,6 @@ * console.log(protectedHeader)

* ```
*
* @param jwe General JWE.
* @param key Private Key or Secret to decrypt the JWE with.
* @param options JWE Decryption options.
*/

@@ -45,0 +44,0 @@ export declare function generalDecrypt(jwe: GeneralJWE, key: KeyLike | Uint8Array, options?: DecryptOptions): Promise<GeneralDecryptResult>;

@@ -9,13 +9,7 @@ import type { KeyLike, GeneralJWE, JWEHeaderParameters, CritOption, DeflateOption } from '../../types';

setUnprotectedHeader(unprotectedHeader: JWEHeaderParameters): Recipient;
/**
* A shorthand for calling addRecipient() on the enclosing GeneralEncrypt instance
*/
/** A shorthand for calling addRecipient() on the enclosing GeneralEncrypt instance */
addRecipient(...args: Parameters<GeneralEncrypt['addRecipient']>): Recipient;
/**
* A shorthand for calling encrypt() on the enclosing GeneralEncrypt instance
*/
/** A shorthand for calling encrypt() on the enclosing GeneralEncrypt instance */
encrypt(...args: Parameters<GeneralEncrypt['encrypt']>): Promise<GeneralJWE>;
/**
* Returns the enclosing GeneralEncrypt
*/
/** Returns the enclosing GeneralEncrypt */
done(): GeneralEncrypt;

@@ -27,7 +21,6 @@ }

* @example Usage
*
* ```js
* const jwe = await new jose.GeneralEncrypt(
* new TextEncoder().encode(
* 'It’s a dangerous business, Frodo, going out your door.'
* )
* new TextEncoder().encode('It’s a dangerous business, Frodo, going out your door.'),
* )

@@ -50,5 +43,3 @@ * .setProtectedHeader({ enc: 'A256GCM' })

private _aad;
/**
* @param plaintext Binary representation of the plaintext to encrypt.
*/
/** @param plaintext Binary representation of the plaintext to encrypt. */
constructor(plaintext: Uint8Array);

@@ -55,0 +46,0 @@ /**

import type { FlattenedJWSInput, JWSHeaderParameters } from '../types';
/**
* EmbeddedJWK is an implementation of a GetKeyFunction intended to be used with the
* JWS/JWT verify operations whenever you need to opt-in to verify signatures with
* a public key embedded in the token's "jwk" (JSON Web Key) Header Parameter.
* It is recommended to combine this with the verify algorithms option to whitelist
* JWS algorithms to accept.
* EmbeddedJWK is an implementation of a GetKeyFunction intended to be used with the JWS/JWT verify
* operations whenever you need to opt-in to verify signatures with a public key embedded in the
* token's "jwk" (JSON Web Key) Header Parameter. It is recommended to combine this with the verify
* algorithms option to whitelist JWS algorithms to accept.
*
* @example Usage
*
* ```js
* const jwt = 'eyJqd2siOnsiY3J2IjoiUC0yNTYiLCJ4IjoiVU05ZzVuS25aWFlvdldBbE03NmNMejl2VG96UmpfX0NIVV9kT2wtZ09vRSIsInkiOiJkczhhZVF3MWwyY0RDQTdiQ2tPTnZ3REtwWEFidFhqdnFDbGVZSDhXc19VIiwia3R5IjoiRUMifSwiYWxnIjoiRVMyNTYifQ.eyJpc3MiOiJ1cm46ZXhhbXBsZTppc3N1ZXIiLCJhdWQiOiJ1cm46ZXhhbXBsZTphdWRpZW5jZSIsImlhdCI6MTYwNDU4MDc5NH0.60boak3_dErnW47ZPty1C0nrjeVq86EN_eK0GOq6K8w2OA0thKoBxFK4j-NuU9yZ_A9UKGxPT_G87DladBaV9g'
* const jwt =
* 'eyJqd2siOnsiY3J2IjoiUC0yNTYiLCJ4IjoiVU05ZzVuS25aWFlvdldBbE03NmNMejl2VG96UmpfX0NIVV9kT2wtZ09vRSIsInkiOiJkczhhZVF3MWwyY0RDQTdiQ2tPTnZ3REtwWEFidFhqdnFDbGVZSDhXc19VIiwia3R5IjoiRUMifSwiYWxnIjoiRVMyNTYifQ.eyJpc3MiOiJ1cm46ZXhhbXBsZTppc3N1ZXIiLCJhdWQiOiJ1cm46ZXhhbXBsZTphdWRpZW5jZSIsImlhdCI6MTYwNDU4MDc5NH0.60boak3_dErnW47ZPty1C0nrjeVq86EN_eK0GOq6K8w2OA0thKoBxFK4j-NuU9yZ_A9UKGxPT_G87DladBaV9g'
*
* const { payload, protectedHeader } = await jose.jwtVerify(jwt, jose.EmbeddedJWK, {
* issuer: 'urn:example:issuer',
* audience: 'urn:example:audience'
* audience: 'urn:example:audience',
* })

@@ -17,0 +18,0 @@ *

@@ -6,17 +6,40 @@ import type { JWK } from '../types';

*
* @example Usage
*
* ```js
* const thumbprint = await jose.calculateJwkThumbprint({
* kty: 'EC',
* crv: 'P-256',
* x: 'jJ6Flys3zK9jUhnOHf6G49Dyp5hah6CNP84-gY-n9eo',
* y: 'nhI6iD5eFXgBTLt_1p3aip-5VbZeMhxeFSpjfEAf7Ww',
* })
*
* console.log(thumbprint)
* // 'w9eYdC6_s_tLQ8lH6PUpc0mddazaqtPgeC2IgWDiqY8'
* ```
*
* @param jwk JSON Web Key.
* @param digestAlgorithm Digest Algorithm to use for calculating the thumbprint.
* Default is sha256. Accepted is "sha256", "sha384", "sha512".
* @param digestAlgorithm Digest Algorithm to use for calculating the thumbprint. Default is "sha256".
*/
export declare function calculateJwkThumbprint(jwk: JWK, digestAlgorithm?: 'sha256' | 'sha384' | 'sha512'): Promise<string>;
/**
* Calculates a JSON Web Key (JWK) Thumbprint URI as per [RFC9278](https://www.rfc-editor.org/rfc/rfc9278).
*
* @example Usage
*
* ```js
* const thumbprint = await jose.calculateJwkThumbprint({
* kty: 'RSA',
* e: 'AQAB',
* n: '12oBZRhCiZFJLcPg59LkZZ9mdhSMTKAQZYq32k_ti5SBB6jerkh-WzOMAO664r_qyLkqHUSp3u5SbXtseZEpN3XPWGKSxjsy-1JyEFTdLSYe6f9gfrmxkUF_7DTpq0gn6rntP05g2-wFW50YO7mosfdslfrTJYWHFhJALabAeYirYD7-9kqq9ebfFMF4sRRELbv9oi36As6Q9B3Qb5_C1rAzqfao_PCsf9EPsTZsVVVkA5qoIAr47lo1ipfiBPxUCCNSdvkmDTYgvvRm6ZoMjFbvOtgyts55fXKdMWv7I9HMD5HwE9uW839PWA514qhbcIsXEYSFMPMV6fnlsiZvQQ'
* const thumbprintUri = await jose.calculateJwkThumbprintUri({
* kty: 'EC',
* crv: 'P-256',
* x: 'jJ6Flys3zK9jUhnOHf6G49Dyp5hah6CNP84-gY-n9eo',
* y: 'nhI6iD5eFXgBTLt_1p3aip-5VbZeMhxeFSpjfEAf7Ww',
* })
*
* console.log(thumbprint)
* // 'urn:ietf:params:oauth:jwk-thumbprint:sha-256:w9eYdC6_s_tLQ8lH6PUpc0mddazaqtPgeC2IgWDiqY8'
* ```
*
* @param jwk JSON Web Key.
* @param digestAlgorithm Digest Algorithm to use for calculating the thumbprint. Default is "sha256".
*/
export declare function calculateJwkThumbprint(jwk: JWK, digestAlgorithm?: 'sha256' | 'sha384' | 'sha512'): Promise<string>;
export declare function calculateJwkThumbprintUri(jwk: JWK, digestAlgorithm?: 'sha256' | 'sha384' | 'sha512'): Promise<string>;
import type { KeyLike, JWSHeaderParameters, JSONWebKeySet, FlattenedJWSInput, GetKeyFunction } from '../types';
/**
* @private
*/
/** @private */
export declare function isJWKSLike(jwks: unknown): jwks is JSONWebKeySet;
/**
* @private
*/
/** @private */
export declare class LocalJWKSet {

@@ -16,10 +12,9 @@ protected _jwks?: JSONWebKeySet;

/**
* Returns a function that resolves to a key object from a locally
* stored, or otherwise available, JSON Web Key Set.
* Returns a function that resolves to a key object from a locally stored, or otherwise available,
* JSON Web Key Set.
*
* Only a single public key must match the selection process.
*
* @param jwks JSON Web Key Set formatted object.
* @example Usage
*
* @example Usage
* ```js

@@ -32,3 +27,3 @@ * const JWKS = jose.createLocalJWKSet({

* n: '12oBZRhCiZFJLcPg59LkZZ9mdhSMTKAQZYq32k_ti5SBB6jerkh-WzOMAO664r_qyLkqHUSp3u5SbXtseZEpN3XPWGKSxjsy-1JyEFTdLSYe6f9gfrmxkUF_7DTpq0gn6rntP05g2-wFW50YO7mosfdslfrTJYWHFhJALabAeYirYD7-9kqq9ebfFMF4sRRELbv9oi36As6Q9B3Qb5_C1rAzqfao_PCsf9EPsTZsVVVkA5qoIAr47lo1ipfiBPxUCCNSdvkmDTYgvvRm6ZoMjFbvOtgyts55fXKdMWv7I9HMD5HwE9uW839PWA514qhbcIsXEYSFMPMV6fnlsiZvQQ',
* alg: 'PS256'
* alg: 'PS256',
* },

@@ -40,5 +35,5 @@ * {

* y: '_LeQBw07cf5t57Iavn4j-BqJsAD1dpoz8gokd3sBsOo',
* alg: 'ES256'
* }
* ]
* alg: 'ES256',
* },
* ],
* })

@@ -48,3 +43,3 @@ *

* issuer: 'urn:example:issuer',
* audience: 'urn:example:audience'
* audience: 'urn:example:audience',
* })

@@ -54,3 +49,5 @@ * console.log(protectedHeader)

* ```
*
* @param jwks JSON Web Key Set formatted object.
*/
export declare function createLocalJWKSet(jwks: JSONWebKeySet): GetKeyFunction<JWSHeaderParameters, FlattenedJWSInput>;
import type { JWSHeaderParameters, FlattenedJWSInput, GetKeyFunction } from '../types';
/**
* Options for the remote JSON Web Key Set.
*/
/** Options for the remote JSON Web Key Set. */
export interface RemoteJWKSetOptions {
/**
* Timeout (in milliseconds) for the HTTP request. When reached the request
* will be aborted and the verification will fail. Default is 5000 (5
* seconds).
* Timeout (in milliseconds) for the HTTP request. When reached the request will be aborted and
* the verification will fail. Default is 5000 (5 seconds).
*/
timeoutDuration?: number;
/**
* Duration (in milliseconds) for which no more HTTP requests will be
* triggered after a previous successful fetch. Default is 30000 (30 seconds).
* Duration (in milliseconds) for which no more HTTP requests will be triggered after a previous
* successful fetch. Default is 30000 (30 seconds).
*/
cooldownDuration?: number;
/**
* Maximum time (in milliseconds) between successful HTTP requests. Default is
* 600000 (10 minutes).
*/
/** Maximum time (in milliseconds) between successful HTTP requests. Default is 600000 (10 minutes). */
cacheMaxAge?: number | typeof Infinity;
/**
* An instance of
* [http.Agent](https://nodejs.org/api/http.html#http_class_http_agent) or
* [https.Agent](https://nodejs.org/api/https.html#https_class_https_agent) to
* pass to the
* [http.get](https://nodejs.org/api/http.html#http_http_get_options_callback)
* or
* [https.get](https://nodejs.org/api/https.html#https_https_get_options_callback)
* method's options. Use when behind an http(s) proxy. This is a Node.js
* runtime specific option, it is ignored when used outside of Node.js
* runtime.
* An instance of [http.Agent](https://nodejs.org/api/http.html#class-httpagent) or
* [https.Agent](https://nodejs.org/api/https.html#class-httpsagent) to pass to the
* [http.get](https://nodejs.org/api/http.html#httpgetoptions-callback) or
* [https.get](https://nodejs.org/api/https.html#httpsgetoptions-callback) method's options. Use
* when behind an http(s) proxy. This is a Node.js runtime specific option, it is ignored when
* used outside of Node.js runtime.
*/
agent?: any;
/**
* Optional headers to be sent with the HTTP request.
*/
/** Optional headers to be sent with the HTTP request. */
headers?: Record<string, string>;

@@ -44,14 +32,9 @@ }

/**
* Returns a function that resolves to a key object downloaded from a
* remote endpoint returning a JSON Web Key Set, that is, for example,
* an OAuth 2.0 or OIDC jwks_uri. Only a single public key must match
* the selection process.
* The JSON Web Key Set is fetched when no key matches the selection
* process but only as frequently as the `cooldownDuration` option allows,
* to prevent abuse.
* Returns a function that resolves to a key object downloaded from a remote endpoint returning a
* JSON Web Key Set, that is, for example, an OAuth 2.0 or OIDC jwks_uri. Only a single public key
* must match the selection process. The JSON Web Key Set is fetched when no key matches the
* selection process but only as frequently as the `cooldownDuration` option allows, to prevent abuse.
*
* @param url URL to fetch the JSON Web Key Set from.
* @param options Options for the remote JSON Web Key Set.
* @example Usage
*
* @example Usage
* ```js

@@ -62,3 +45,3 @@ * const JWKS = jose.createRemoteJWKSet(new URL('https://www.googleapis.com/oauth2/v3/certs'))

* issuer: 'urn:example:issuer',
* audience: 'urn:example:audience'
* audience: 'urn:example:audience',
* })

@@ -68,4 +51,7 @@ * console.log(protectedHeader)

* ```
*
* @param url URL to fetch the JSON Web Key Set from.
* @param options Options for the remote JSON Web Key Set.
*/
export declare function createRemoteJWKSet(url: URL, options?: RemoteJWKSetOptions): GetKeyFunction<JWSHeaderParameters, FlattenedJWSInput>;
export {};

@@ -6,7 +6,6 @@ import type { CompactJWSHeaderParameters, KeyLike, SignOptions } from '../../types';

* @example Usage
*
* ```js
* const jws = await new jose.CompactSign(
* new TextEncoder().encode(
* 'It’s a dangerous business, Frodo, going out your door.'
* )
* new TextEncoder().encode('It’s a dangerous business, Frodo, going out your door.'),
* )

@@ -21,5 +20,3 @@ * .setProtectedHeader({ alg: 'ES256' })

private _flattened;
/**
* @param payload Binary representation of the payload to sign.
*/
/** @param payload Binary representation of the payload to sign. */
constructor(payload: Uint8Array);

@@ -26,0 +23,0 @@ /**

import type { CompactVerifyResult, FlattenedJWSInput, GetKeyFunction, CompactJWSHeaderParameters, KeyLike, VerifyOptions, ResolvedKey } from '../../types';
/**
* Interface for Compact JWS Verification dynamic key resolution.
* No token components have been verified at the time of this function call.
* Interface for Compact JWS Verification dynamic key resolution. No token components have been
* verified at the time of this function call.
*
* See [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset)
* See
* [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset)
* to verify using a remote JSON Web Key Set.

@@ -14,9 +15,7 @@ */

*
* @param jws Compact JWS.
* @param key Key to verify the JWS with.
* @param options JWS Verify options.
* @example Usage
*
* @example Usage
* ```js
* const jws = 'eyJhbGciOiJFUzI1NiJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4.kkAs_gPPxWMI3rHuVlxHaTPfDWDoqdI8jSvuSmqV-8IHIWXg9mcAeC9ggV-45ZHRbiRJ3obUIFo1rHphPA5URg'
* const jws =
* 'eyJhbGciOiJFUzI1NiJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4.kkAs_gPPxWMI3rHuVlxHaTPfDWDoqdI8jSvuSmqV-8IHIWXg9mcAeC9ggV-45ZHRbiRJ3obUIFo1rHphPA5URg'
*

@@ -28,2 +27,6 @@ * const { payload, protectedHeader } = await jose.compactVerify(jws, publicKey)

* ```
*
* @param jws Compact JWS.
* @param key Key to verify the JWS with.
* @param options JWS Verify options.
*/

@@ -30,0 +33,0 @@ export declare function compactVerify(jws: string | Uint8Array, key: KeyLike | Uint8Array, options?: VerifyOptions): Promise<CompactVerifyResult>;

@@ -6,7 +6,6 @@ import type { KeyLike, FlattenedJWS, JWSHeaderParameters, SignOptions } from '../../types';

* @example Usage
*
* ```js
* const jws = await new jose.FlattenedSign(
* new TextEncoder().encode(
* 'It’s a dangerous business, Frodo, going out your door.'
* )
* new TextEncoder().encode('It’s a dangerous business, Frodo, going out your door.'),
* )

@@ -23,5 +22,3 @@ * .setProtectedHeader({ alg: 'ES256' })

private _unprotectedHeader;
/**
* @param payload Binary representation of the payload to sign.
*/
/** @param payload Binary representation of the payload to sign. */
constructor(payload: Uint8Array);

@@ -28,0 +25,0 @@ /**

import type { FlattenedVerifyResult, KeyLike, FlattenedJWSInput, JWSHeaderParameters, VerifyOptions, GetKeyFunction, ResolvedKey } from '../../types';
/**
* Interface for Flattened JWS Verification dynamic key resolution.
* No token components have been verified at the time of this function call.
* Interface for Flattened JWS Verification dynamic key resolution. No token components have been
* verified at the time of this function call.
*
* See [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset)
* See
* [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset)
* to verify using a remote JSON Web Key Set.

@@ -14,13 +15,11 @@ */

*
* @param jws Flattened JWS.
* @param key Key to verify the JWS with.
* @param options JWS Verify options.
* @example Usage
*
* @example Usage
* ```js
* const decoder = new TextDecoder()
* const jws = {
* signature: 'FVVOXwj6kD3DqdfD9yYqfT2W9jv-Nop4kOehp_DeDGNB5dQNSPRvntBY6xH3uxlCxE8na9d_kyhYOcanpDJ0EA',
* signature:
* 'FVVOXwj6kD3DqdfD9yYqfT2W9jv-Nop4kOehp_DeDGNB5dQNSPRvntBY6xH3uxlCxE8na9d_kyhYOcanpDJ0EA',
* payload: 'SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4',
* protected: 'eyJhbGciOiJFUzI1NiJ9'
* protected: 'eyJhbGciOiJFUzI1NiJ9',
* }

@@ -33,2 +32,6 @@ *

* ```
*
* @param jws Flattened JWS.
* @param key Key to verify the JWS with.
* @param options JWS Verify options.
*/

@@ -35,0 +38,0 @@ export declare function flattenedVerify(jws: FlattenedJWSInput, key: KeyLike | Uint8Array, options?: VerifyOptions): Promise<FlattenedVerifyResult>;

@@ -15,13 +15,7 @@ import type { KeyLike, GeneralJWS, JWSHeaderParameters, SignOptions } from '../../types';

setUnprotectedHeader(unprotectedHeader: JWSHeaderParameters): Signature;
/**
* A shorthand for calling addSignature() on the enclosing GeneralSign instance
*/
/** A shorthand for calling addSignature() on the enclosing GeneralSign instance */
addSignature(...args: Parameters<GeneralSign['addSignature']>): Signature;
/**
* A shorthand for calling encrypt() on the enclosing GeneralSign instance
*/
/** A shorthand for calling encrypt() on the enclosing GeneralSign instance */
sign(...args: Parameters<GeneralSign['sign']>): Promise<GeneralJWS>;
/**
* Returns the enclosing GeneralSign
*/
/** Returns the enclosing GeneralSign */
done(): GeneralSign;

@@ -33,7 +27,6 @@ }

* @example Usage
*
* ```js
* const jws = await new jose.GeneralSign(
* new TextEncoder().encode(
* 'It’s a dangerous business, Frodo, going out your door.'
* )
* new TextEncoder().encode('It’s a dangerous business, Frodo, going out your door.'),
* )

@@ -52,5 +45,3 @@ * .addSignature(ecPrivateKey)

private _signatures;
/**
* @param payload Binary representation of the payload to sign.
*/
/** @param payload Binary representation of the payload to sign. */
constructor(payload: Uint8Array);

@@ -64,6 +55,4 @@ /**

addSignature(key: KeyLike | Uint8Array, options?: SignOptions): Signature;
/**
* Signs and resolves the value of the General JWS object.
*/
/** Signs and resolves the value of the General JWS object. */
sign(): Promise<GeneralJWS>;
}
import type { GeneralJWSInput, GeneralVerifyResult, FlattenedJWSInput, GetKeyFunction, JWSHeaderParameters, KeyLike, VerifyOptions, ResolvedKey } from '../../types';
/**
* Interface for General JWS Verification dynamic key resolution.
* No token components have been verified at the time of this function call.
* Interface for General JWS Verification dynamic key resolution. No token components have been
* verified at the time of this function call.
*
* See [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset)
* See
* [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset)
* to verify using a remote JSON Web Key Set.

@@ -14,7 +15,4 @@ */

*
* @param jws General JWS.
* @param key Key to verify the JWS with.
* @param options JWS Verify options.
* @example Usage
*
* @example Usage
* ```js

@@ -25,6 +23,7 @@ * const jws = {

* {
* signature: 'FVVOXwj6kD3DqdfD9yYqfT2W9jv-Nop4kOehp_DeDGNB5dQNSPRvntBY6xH3uxlCxE8na9d_kyhYOcanpDJ0EA',
* protected: 'eyJhbGciOiJFUzI1NiJ9'
* }
* ]
* signature:
* 'FVVOXwj6kD3DqdfD9yYqfT2W9jv-Nop4kOehp_DeDGNB5dQNSPRvntBY6xH3uxlCxE8na9d_kyhYOcanpDJ0EA',
* protected: 'eyJhbGciOiJFUzI1NiJ9',
* },
* ],
* }

@@ -37,2 +36,6 @@ *

* ```
*
* @param jws General JWS.
* @param key Key to verify the JWS with.
* @param options JWS Verify options.
*/

@@ -39,0 +42,0 @@ export declare function generalVerify(jws: GeneralJWSInput, key: KeyLike | Uint8Array, options?: VerifyOptions): Promise<GeneralVerifyResult>;

import type { KeyLike, DecryptOptions, JWTClaimVerificationOptions, GetKeyFunction, CompactJWEHeaderParameters, FlattenedJWE, JWTDecryptResult, ResolvedKey } from '../types';
/**
* Combination of JWE Decryption options and JWT Claims Set verification options.
*/
/** Combination of JWE Decryption options and JWT Claims Set verification options. */
export interface JWTDecryptOptions extends DecryptOptions, JWTClaimVerificationOptions {
}
/**
* Interface for JWT Decryption dynamic key resolution.
* No token components have been verified at the time of this function call.
* Interface for JWT Decryption dynamic key resolution. No token components have been verified at
* the time of this function call.
*/

@@ -14,15 +12,14 @@ export interface JWTDecryptGetKey extends GetKeyFunction<CompactJWEHeaderParameters, FlattenedJWE> {

/**
* Verifies the JWT format (to be a JWE Compact format), decrypts the ciphertext, validates the JWT Claims Set.
* Verifies the JWT format (to be a JWE Compact format), decrypts the ciphertext, validates the JWT
* Claims Set.
*
* @param jwt JSON Web Token value (encoded as JWE).
* @param key Private Key or Secret to decrypt and verify the JWT with.
* @param options JWT Decryption and JWT Claims Set validation options.
* @example Usage
*
* @example Usage
* ```js
* const jwt = 'eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0..KVcNLqK-3-8ZkYIC.xSwF4VxO0kUMUD2W-cifsNUxnr-swyBq-nADBptyt6y9n79-iNc5b0AALJpRwc0wwDkJw8hNOMjApNUTMsK9b-asToZ3DXFMvwfJ6n1aWefvd7RsoZ2LInWFfVAuttJDzoGB.uuexQoWHwrLMEYRElT8pBQ'
* const jwt =
* 'eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0..KVcNLqK-3-8ZkYIC.xSwF4VxO0kUMUD2W-cifsNUxnr-swyBq-nADBptyt6y9n79-iNc5b0AALJpRwc0wwDkJw8hNOMjApNUTMsK9b-asToZ3DXFMvwfJ6n1aWefvd7RsoZ2LInWFfVAuttJDzoGB.uuexQoWHwrLMEYRElT8pBQ'
*
* const { payload, protectedHeader } = await jose.jwtDecrypt(jwt, secretKey, {
* issuer: 'urn:example:issuer',
* audience: 'urn:example:audience'
* audience: 'urn:example:audience',
* })

@@ -33,2 +30,6 @@ *

* ```
*
* @param jwt JSON Web Token value (encoded as JWE).
* @param key Private Key or Secret to decrypt and verify the JWT with.
* @param options JWT Decryption and JWT Claims Set validation options.
*/

@@ -35,0 +36,0 @@ export declare function jwtDecrypt(jwt: string | Uint8Array, key: KeyLike | Uint8Array, options?: JWTDecryptOptions): Promise<JWTDecryptResult>;

@@ -7,2 +7,3 @@ import type { EncryptOptions, CompactJWEHeaderParameters, JWEKeyManagementHeaderParameters, KeyLike } from '../types';

* @example Usage
*
* ```js

@@ -31,12 +32,11 @@ * const jwt = await new jose.EncryptJWT({ 'urn:example:claim': true })

*
* @param protectedHeader JWE Protected Header.
* Must contain an "alg" (JWE Algorithm) and "enc" (JWE
* Encryption Algorithm) properties.
* @param protectedHeader JWE Protected Header. Must contain an "alg" (JWE Algorithm) and "enc"
* (JWE Encryption Algorithm) properties.
*/
setProtectedHeader(protectedHeader: CompactJWEHeaderParameters): this;
/**
* Sets the JWE Key Management parameters to be used when encrypting.
* Use of this is method is really only needed for ECDH based algorithms
* when utilizing the Agreement PartyUInfo or Agreement PartyVInfo parameters.
* Other parameters will always be randomly generated when needed and missing.
* Sets the JWE Key Management parameters to be used when encrypting. Use of this is method is
* really only needed for ECDH based algorithms when utilizing the Agreement PartyUInfo or
* Agreement PartyVInfo parameters. Other parameters will always be randomly generated when needed
* and missing.
*

@@ -47,20 +47,17 @@ * @param parameters JWE Key Management parameters.

/**
* Sets a content encryption key to use, by default a random suitable one
* is generated for the JWE enc" (Encryption Algorithm) Header Parameter.
* Sets a content encryption key to use, by default a random suitable one is generated for the JWE
* enc" (Encryption Algorithm) Header Parameter.
*
* @deprecated You should not use this method. It is only really intended for test and vector
* validation purposes.
* @param cek JWE Content Encryption Key.
*
* @deprecated You should not use this method. It is only really intended
* for test and vector validation purposes.
*/
setContentEncryptionKey(cek: Uint8Array): this;
/**
* Sets the JWE Initialization Vector to use for content encryption, by default
* a random suitable one is generated for the JWE enc" (Encryption Algorithm)
* Header Parameter.
* Sets the JWE Initialization Vector to use for content encryption, by default a random suitable
* one is generated for the JWE enc" (Encryption Algorithm) Header Parameter.
*
* @deprecated You should not use this method. It is only really intended for test and vector
* validation purposes.
* @param iv JWE Initialization Vector.
*
* @deprecated You should not use this method. It is only really intended
* for test and vector validation purposes.
*/

@@ -67,0 +64,0 @@ setInitializationVector(iv: Uint8Array): this;

import type { JWTPayload } from '../types';
/**
* Generic class for JWT producing.
*/
/** Generic class for JWT producing. */
export declare class ProduceJWT {
protected _payload: JWTPayload;
/**
* @param payload The JWT Claims Set object.
*/
/** @param payload The JWT Claims Set object. */
constructor(payload: JWTPayload);

@@ -38,5 +34,5 @@ /**

*
* @param input "nbf" (Not Before) Claim value to set on the JWT Claims Set.
* When number is passed that is used as a value, when string is passed
* it is resolved to a time span and added to the current timestamp.
* @param input "nbf" (Not Before) Claim value to set on the JWT Claims Set. When number is passed
* that is used as a value, when string is passed it is resolved to a time span and added to the
* current timestamp.
*/

@@ -47,5 +43,5 @@ setNotBefore(input: number | string): this;

*
* @param input "exp" (Expiration Time) Claim value to set on the JWT Claims Set.
* When number is passed that is used as a value, when string is passed
* it is resolved to a time span and added to the current timestamp.
* @param input "exp" (Expiration Time) Claim value to set on the JWT Claims Set. When number is
* passed that is used as a value, when string is passed it is resolved to a time span and added
* to the current timestamp.
*/

@@ -56,6 +52,5 @@ setExpirationTime(input: number | string): this;

*
* @param input "iat" (Issued At) Claim value to set on the JWT Claims Set.
* Default is current timestamp.
* @param input "iat" (Issued At) Claim value to set on the JWT Claims Set. Default is current timestamp.
*/
setIssuedAt(input?: number): this;
}

@@ -7,2 +7,3 @@ import type { JWTHeaderParameters, KeyLike, SignOptions } from '../types';

* @example Usage
*
* ```js

@@ -25,4 +26,3 @@ * const jwt = await new jose.SignJWT({ 'urn:example:claim': true })

*
* @param protectedHeader JWS Protected Header.
* Must contain an "alg" (JWS Algorithm) property.
* @param protectedHeader JWS Protected Header. Must contain an "alg" (JWS Algorithm) property.
*/

@@ -29,0 +29,0 @@ setProtectedHeader(protectedHeader: JWTHeaderParameters): this;

@@ -11,2 +11,3 @@ import type { JWSHeaderParameters, JWTClaimVerificationOptions, JWTPayload } from '../types';

* @example Encoding
*
* ```js

@@ -24,6 +25,7 @@ * const unsecuredJwt = new jose.UnsecuredJWT({ 'urn:example:claim': true })

* @example Decoding
*
* ```js
* const payload = jose.UnsecuredJWT.decode(jwt, {
* issuer: 'urn:example:issuer',
* audience: 'urn:example:audience'
* audience: 'urn:example:audience',
* })

@@ -35,5 +37,3 @@ *

export declare class UnsecuredJWT extends ProduceJWT {
/**
* Encodes the Unsecured JWT.
*/
/** Encodes the Unsecured JWT. */
encode(): string;

@@ -40,0 +40,0 @@ /**

import type { KeyLike, VerifyOptions, JWTClaimVerificationOptions, JWTHeaderParameters, GetKeyFunction, FlattenedJWSInput, JWTVerifyResult, ResolvedKey } from '../types';
/**
* Combination of JWS Verification options and JWT Claims Set verification options.
*/
/** Combination of JWS Verification options and JWT Claims Set verification options. */
export interface JWTVerifyOptions extends VerifyOptions, JWTClaimVerificationOptions {
}
/**
* Interface for JWT Verification dynamic key resolution.
* No token components have been verified at the time of this function call.
* Interface for JWT Verification dynamic key resolution. No token components have been verified at
* the time of this function call.
*
* See [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset)
* See
* [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset)
* to verify using a remote JSON Web Key Set.

@@ -17,15 +16,14 @@ */

/**
* Verifies the JWT format (to be a JWS Compact format), verifies the JWS signature, validates the JWT Claims Set.
* Verifies the JWT format (to be a JWS Compact format), verifies the JWS signature, validates the
* JWT Claims Set.
*
* @param jwt JSON Web Token value (encoded as JWS).
* @param key Key to verify the JWT with.
* @param options JWT Decryption and JWT Claims Set validation options.
* @example Usage
*
* @example Usage
* ```js
* const jwt = 'eyJhbGciOiJFUzI1NiJ9.eyJ1cm46ZXhhbXBsZTpjbGFpbSI6dHJ1ZSwiaWF0IjoxNjA0MzE1MDc0LCJpc3MiOiJ1cm46ZXhhbXBsZTppc3N1ZXIiLCJhdWQiOiJ1cm46ZXhhbXBsZTphdWRpZW5jZSJ9.hx1nOfAT5LlXuzu8O-bhjXBGpklWDt2EsHw7-MDn49NrnwvVsstNhEnkW2ddauB7eSikFtUNeumLpFI9CWDBsg'
* const jwt =
* 'eyJhbGciOiJFUzI1NiJ9.eyJ1cm46ZXhhbXBsZTpjbGFpbSI6dHJ1ZSwiaWF0IjoxNjA0MzE1MDc0LCJpc3MiOiJ1cm46ZXhhbXBsZTppc3N1ZXIiLCJhdWQiOiJ1cm46ZXhhbXBsZTphdWRpZW5jZSJ9.hx1nOfAT5LlXuzu8O-bhjXBGpklWDt2EsHw7-MDn49NrnwvVsstNhEnkW2ddauB7eSikFtUNeumLpFI9CWDBsg'
*
* const { payload, protectedHeader } = await jose.jwtVerify(jwt, publicKey, {
* issuer: 'urn:example:issuer',
* audience: 'urn:example:audience'
* audience: 'urn:example:audience',
* })

@@ -36,2 +34,6 @@ *

* ```
*
* @param jwt JSON Web Token value (encoded as JWS).
* @param key Key to verify the JWT with.
* @param options JWT Decryption and JWT Claims Set validation options.
*/

@@ -38,0 +40,0 @@ export declare function jwtVerify(jwt: string | Uint8Array, key: KeyLike | Uint8Array, options?: JWTVerifyOptions): Promise<JWTVerifyResult>;

import type { JWK, KeyLike } from '../types';
/**
* Exports a runtime-specific public key representation (KeyObject or CryptoKey) to a PEM-encoded SPKI string format.
* Exports a runtime-specific public key representation (KeyObject or CryptoKey) to a PEM-encoded
* SPKI string format.
*
* @param key Key representation to transform to a PEM-encoded SPKI string format.
* @example Usage
*
* @example Usage
* ```js

@@ -13,10 +13,12 @@ * const spkiPem = await jose.exportSPKI(publicKey)

* ```
*
* @param key Key representation to transform to a PEM-encoded SPKI string format.
*/
export declare function exportSPKI(key: KeyLike): Promise<string>;
/**
* Exports a runtime-specific private key representation (KeyObject or CryptoKey) to a PEM-encoded PKCS8 string format.
* Exports a runtime-specific private key representation (KeyObject or CryptoKey) to a PEM-encoded
* PKCS8 string format.
*
* @param key Key representation to transform to a PEM-encoded PKCS8 string format.
* @example Usage
*
* @example Usage
* ```js

@@ -27,2 +29,4 @@ * const pkcs8Pem = await jose.exportPKCS8(privateKey)

* ```
*
* @param key Key representation to transform to a PEM-encoded PKCS8 string format.
*/

@@ -33,5 +37,4 @@ export declare function exportPKCS8(key: KeyLike): Promise<string>;

*
* @param key Key representation to export as JWK.
* @example Usage
*
* @example Usage
* ```js

@@ -44,3 +47,5 @@ * const privateJwk = await jose.exportJWK(privateKey)

* ```
*
* @param key Key representation to export as JWK.
*/
export declare function exportJWK(key: KeyLike | Uint8Array): Promise<JWK>;
import type { KeyLike } from '../types';
export interface GenerateKeyPairResult {
/**
* The generated Private Key.
*/
/** The generated Private Key. */
privateKey: KeyLike;
/**
* Public Key corresponding to the generated Private Key.
*/
/** Public Key corresponding to the generated Private Key. */
publicKey: KeyLike;

@@ -14,10 +10,9 @@ }

/**
* The EC "crv" (Curve) or OKP "crv" (Subtype of Key Pair) value to generate.
* The curve must be both supported on the runtime as well as applicable for
* the given JWA algorithm identifier.
* The EC "crv" (Curve) or OKP "crv" (Subtype of Key Pair) value to generate. The curve must be
* both supported on the runtime as well as applicable for the given JWA algorithm identifier.
*/
crv?: string;
/**
* A hint for RSA algorithms to generate an RSA key of a given `modulusLength`
* (Key size in bits). JOSE requires 2048 bits or larger. Default is 2048.
* A hint for RSA algorithms to generate an RSA key of a given `modulusLength` (Key size in bits).
* JOSE requires 2048 bits or larger. Default is 2048.
*/

@@ -33,13 +28,10 @@ modulusLength?: number;

/**
* Generates a private and a public key for a given JWA algorithm identifier.
* This can only generate asymmetric key pairs. For symmetric secrets use the
* `generateSecret` function.
* Generates a private and a public key for a given JWA algorithm identifier. This can only generate
* asymmetric key pairs. For symmetric secrets use the `generateSecret` function.
*
* Note: Under Web Cryptography API runtime the `privateKey` is generated with
* `extractable` set to `false` by default.
* Note: Under Web Cryptography API runtime the `privateKey` is generated with `extractable` set to
* `false` by default.
*
* @param alg JWA Algorithm Identifier to be used with the generated key pair.
* @param options Additional options passed down to the key pair generation.
* @example Usage
*
* @example Usage
* ```js

@@ -50,3 +42,6 @@ * const { publicKey, privateKey } = await jose.generateKeyPair('PS256')

* ```
*
* @param alg JWA Algorithm Identifier to be used with the generated key pair.
* @param options Additional options passed down to the key pair generation.
*/
export declare function generateKeyPair(alg: string, options?: GenerateKeyPairOptions): Promise<GenerateKeyPairResult>;

@@ -13,6 +13,7 @@ import type { KeyLike } from '../types';

*
* Note: Under Web Cryptography API runtime the secret key is generated with
* `extractable` set to `false` by default.
* Note: Under Web Cryptography API runtime the secret key is generated with `extractable` set to
* `false` by default.
*
* @example Usage
*
* ```js

@@ -19,0 +20,0 @@ * const secret = await jose.generateSecret('HS256')

@@ -11,10 +11,8 @@ import type { JWK, KeyLike } from '../types';

/**
* Imports a PEM-encoded SPKI string as a runtime-specific public key representation (KeyObject or CryptoKey).
* See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210) to learn about key to algorithm
* requirements and mapping.
* Imports a PEM-encoded SPKI string as a runtime-specific public key representation (KeyObject or
* CryptoKey). See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210) to learn
* about key to algorithm requirements and mapping.
*
* @param pem PEM-encoded SPKI string
* @param alg JSON Web Algorithm identifier to be used with the imported key.
* @example Usage
*
* @example Usage
* ```js

@@ -28,13 +26,15 @@ * const algorithm = 'ES256'

* ```
*
* @param pem PEM-encoded SPKI string
* @param alg JSON Web Algorithm identifier to be used with the imported key.
*/
export declare function importSPKI(spki: string, alg: string, options?: PEMImportOptions): Promise<KeyLike>;
/**
* Imports the SPKI from an X.509 string certificate as a runtime-specific public key representation (KeyObject or CryptoKey).
* See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210) to learn about key to algorithm
* Imports the SPKI from an X.509 string certificate as a runtime-specific public key representation
* (KeyObject or CryptoKey). See [Algorithm Key
* Requirements](https://github.com/panva/jose/issues/210) to learn about key to algorithm
* requirements and mapping.
*
* @param pem X.509 certificate string
* @param alg JSON Web Algorithm identifier to be used with the imported key.
* @example Usage
*
* @example Usage
* ```js

@@ -54,13 +54,14 @@ * const algorithm = 'ES256'

* ```
*
* @param pem X.509 certificate string
* @param alg JSON Web Algorithm identifier to be used with the imported key.
*/
export declare function importX509(x509: string, alg: string, options?: PEMImportOptions): Promise<KeyLike>;
/**
* Imports a PEM-encoded PKCS8 string as a runtime-specific private key representation (KeyObject or CryptoKey).
* See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210) to learn about key to algorithm
* requirements and mapping. Encrypted keys are not supported.
* Imports a PEM-encoded PKCS8 string as a runtime-specific private key representation (KeyObject or
* CryptoKey). See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210) to learn
* about key to algorithm requirements and mapping. Encrypted keys are not supported.
*
* @param pem PEM-encoded PKCS8 string
* @param alg JSON Web Algorithm identifier to be used with the imported key.
* @example Usage
*
* @example Usage
* ```js

@@ -75,34 +76,44 @@ * const algorithm = 'ES256'

* ```
*
* @param pem PEM-encoded PKCS8 string
* @param alg JSON Web Algorithm identifier to be used with the imported key.
*/
export declare function importPKCS8(pkcs8: string, alg: string, options?: PEMImportOptions): Promise<KeyLike>;
/**
* Imports a JWK to a runtime-specific key representation (KeyLike). Either
* JWK "alg" (Algorithm) Parameter must be present or the optional "alg" argument. When
* running on a runtime using [Web Cryptography API](https://www.w3.org/TR/WebCryptoAPI/)
* the jwk parameters "use", "key_ops", and "ext" are also used in the resulting `CryptoKey`.
* See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210) to learn about key to algorithm
* Imports a JWK to a runtime-specific key representation (KeyLike). Either JWK "alg" (Algorithm)
* Parameter must be present or the optional "alg" argument. When running on a runtime using [Web
* Cryptography API](https://www.w3.org/TR/WebCryptoAPI/) the jwk parameters "use", "key_ops", and
* "ext" are also used in the resulting `CryptoKey`. See [Algorithm Key
* Requirements](https://github.com/panva/jose/issues/210) to learn about key to algorithm
* requirements and mapping.
*
* @param jwk JSON Web Key.
* @param alg JSON Web Algorithm identifier to be used with the imported key.
* Default is the "alg" property on the JWK.
* @param octAsKeyObject Forces a symmetric key to be imported to a KeyObject or
* CryptoKey. Default is true unless JWK "ext" (Extractable) is true.
* @example Usage
*
* @example Usage
* ```js
* const ecPublicKey = await jose.importJWK({
* crv: 'P-256',
* kty: 'EC',
* x: 'ySK38C1jBdLwDsNWKzzBHqKYEE5Cgv-qjWvorUXk9fw',
* y: '_LeQBw07cf5t57Iavn4j-BqJsAD1dpoz8gokd3sBsOo'
* }, 'ES256')
* const ecPublicKey = await jose.importJWK(
* {
* crv: 'P-256',
* kty: 'EC',
* x: 'ySK38C1jBdLwDsNWKzzBHqKYEE5Cgv-qjWvorUXk9fw',
* y: '_LeQBw07cf5t57Iavn4j-BqJsAD1dpoz8gokd3sBsOo',
* },
* 'ES256',
* )
*
* const rsaPublicKey = await jose.importJWK({
* kty: 'RSA',
* e: 'AQAB',
* n: '12oBZRhCiZFJLcPg59LkZZ9mdhSMTKAQZYq32k_ti5SBB6jerkh-WzOMAO664r_qyLkqHUSp3u5SbXtseZEpN3XPWGKSxjsy-1JyEFTdLSYe6f9gfrmxkUF_7DTpq0gn6rntP05g2-wFW50YO7mosfdslfrTJYWHFhJALabAeYirYD7-9kqq9ebfFMF4sRRELbv9oi36As6Q9B3Qb5_C1rAzqfao_PCsf9EPsTZsVVVkA5qoIAr47lo1ipfiBPxUCCNSdvkmDTYgvvRm6ZoMjFbvOtgyts55fXKdMWv7I9HMD5HwE9uW839PWA514qhbcIsXEYSFMPMV6fnlsiZvQQ'
* }, 'PS256')
* const rsaPublicKey = await jose.importJWK(
* {
* kty: 'RSA',
* e: 'AQAB',
* n: '12oBZRhCiZFJLcPg59LkZZ9mdhSMTKAQZYq32k_ti5SBB6jerkh-WzOMAO664r_qyLkqHUSp3u5SbXtseZEpN3XPWGKSxjsy-1JyEFTdLSYe6f9gfrmxkUF_7DTpq0gn6rntP05g2-wFW50YO7mosfdslfrTJYWHFhJALabAeYirYD7-9kqq9ebfFMF4sRRELbv9oi36As6Q9B3Qb5_C1rAzqfao_PCsf9EPsTZsVVVkA5qoIAr47lo1ipfiBPxUCCNSdvkmDTYgvvRm6ZoMjFbvOtgyts55fXKdMWv7I9HMD5HwE9uW839PWA514qhbcIsXEYSFMPMV6fnlsiZvQQ',
* },
* 'PS256',
* )
* ```
*
* @param jwk JSON Web Key.
* @param alg JSON Web Algorithm identifier to be used with the imported key. Default is the "alg"
* property on the JWK.
* @param octAsKeyObject Forces a symmetric key to be imported to a KeyObject or CryptoKey. Default
* is true unless JWK "ext" (Extractable) is true.
*/
export declare function importJWK(jwk: JWK, alg?: string, octAsKeyObject?: boolean): Promise<KeyLike | Uint8Array>;
/**
* KeyLike are runtime-specific classes representing asymmetric keys or symmetric secrets.
* These are instances of
* [CryptoKey](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey) and additionally
* [KeyObject](https://nodejs.org/api/crypto.html#crypto_class_keyobject)
* in Node.js runtime.
* KeyLike are runtime-specific classes representing asymmetric keys or symmetric secrets. These are
* instances of [CryptoKey](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey) and
* additionally [KeyObject](https://nodejs.org/api/crypto.html#class-keyobject) in Node.js runtime.
* [Uint8Array](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array)
* instances are also accepted as symmetric secret representation only.
*
* [Key Import Functions](../modules/key_import.md#readme) can be used to import PEM,
* or JWK formatted asymmetric keys and certificates to these runtime-specific representations.
* [Key Import Functions](../modules/key_import.md#readme) can be used to import PEM, or JWK
* formatted asymmetric keys and certificates to these runtime-specific representations.
*
* In Node.js the
* [Buffer](https://nodejs.org/api/buffer.html#buffer_buffer) class is a subclass of Uint8Array
* and so Buffer can be provided for symmetric secrets as well.
* In Node.js the [Buffer](https://nodejs.org/api/buffer.html#buffer) class is a subclass of
* Uint8Array and so Buffer can be provided for symmetric secrets as well.
*
* ---
* [KeyObject](https://nodejs.org/api/crypto.html#class-keyobject) is a representation of a
* key/secret available in the Node.js runtime. In addition to the import functions of this library
* you may use the runtime APIs
* [crypto.createPublicKey](https://nodejs.org/api/crypto.html#cryptocreatepublickeykey),
* [crypto.createPrivateKey](https://nodejs.org/api/crypto.html#cryptocreateprivatekeykey), and
* [crypto.createSecretKey](https://nodejs.org/api/crypto.html#cryptocreatesecretkeykey-encoding) to
* obtain a KeyObject from your existing key material.
*
* [KeyObject](https://nodejs.org/api/crypto.html#crypto_class_keyobject) is a representation of a
* key/secret available in the Node.js runtime.
* In addition to the import functions of this library you may use the
* runtime APIs
* [crypto.createPublicKey](https://nodejs.org/api/crypto.html#crypto_crypto_createpublickey_key),
* [crypto.createPrivateKey](https://nodejs.org/api/crypto.html#crypto_crypto_createprivatekey_key), and
* [crypto.createSecretKey](https://nodejs.org/api/crypto.html#crypto_crypto_createsecretkey_key_encoding)
* to obtain a KeyObject from your existing key material.
*
* [CryptoKey](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey) is a representation of a
* key/secret available in the Browser and Deno runtimes.
* In addition to the import functions of this library you may use the
* [SubtleCrypto.importKey](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey) API
* to obtain a CryptoKey from your existing key material.
* key/secret available in the Browser and Deno runtimes. In addition to the import functions of
* this library you may use the
* [SubtleCrypto.importKey](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey)
* API to obtain a CryptoKey from your existing key material.
*
* ---
* @example Import a PEM-encoded SPKI Public Key
*
* @example Import a PEM-encoded SPKI Public Key
* ```js

@@ -47,2 +40,3 @@ * const algorithm = 'ES256'

* @example Import a X.509 Certificate
*
* ```js

@@ -64,2 +58,3 @@ * const algorithm = 'ES256'

* @example Import a PEM-encoded PKCS8 Private Key
*
* ```js

@@ -76,15 +71,22 @@ * const algorithm = 'ES256'

* @example Import a JSON Web Key (JWK)
*
* ```js
* const ecPublicKey = await jose.importJWK({
* crv: 'P-256',
* kty: 'EC',
* x: 'ySK38C1jBdLwDsNWKzzBHqKYEE5Cgv-qjWvorUXk9fw',
* y: '_LeQBw07cf5t57Iavn4j-BqJsAD1dpoz8gokd3sBsOo'
* }, 'ES256')
* const ecPublicKey = await jose.importJWK(
* {
* crv: 'P-256',
* kty: 'EC',
* x: 'ySK38C1jBdLwDsNWKzzBHqKYEE5Cgv-qjWvorUXk9fw',
* y: '_LeQBw07cf5t57Iavn4j-BqJsAD1dpoz8gokd3sBsOo',
* },
* 'ES256',
* )
*
* const rsaPublicKey = await jose.importJWK({
* kty: 'RSA',
* e: 'AQAB',
* n: '12oBZRhCiZFJLcPg59LkZZ9mdhSMTKAQZYq32k_ti5SBB6jerkh-WzOMAO664r_qyLkqHUSp3u5SbXtseZEpN3XPWGKSxjsy-1JyEFTdLSYe6f9gfrmxkUF_7DTpq0gn6rntP05g2-wFW50YO7mosfdslfrTJYWHFhJALabAeYirYD7-9kqq9ebfFMF4sRRELbv9oi36As6Q9B3Qb5_C1rAzqfao_PCsf9EPsTZsVVVkA5qoIAr47lo1ipfiBPxUCCNSdvkmDTYgvvRm6ZoMjFbvOtgyts55fXKdMWv7I9HMD5HwE9uW839PWA514qhbcIsXEYSFMPMV6fnlsiZvQQ'
* }, 'PS256')
* const rsaPublicKey = await jose.importJWK(
* {
* kty: 'RSA',
* e: 'AQAB',
* n: '12oBZRhCiZFJLcPg59LkZZ9mdhSMTKAQZYq32k_ti5SBB6jerkh-WzOMAO664r_qyLkqHUSp3u5SbXtseZEpN3XPWGKSxjsy-1JyEFTdLSYe6f9gfrmxkUF_7DTpq0gn6rntP05g2-wFW50YO7mosfdslfrTJYWHFhJALabAeYirYD7-9kqq9ebfFMF4sRRELbv9oi36As6Q9B3Qb5_C1rAzqfao_PCsf9EPsTZsVVVkA5qoIAr47lo1ipfiBPxUCCNSdvkmDTYgvvRm6ZoMjFbvOtgyts55fXKdMWv7I9HMD5HwE9uW839PWA514qhbcIsXEYSFMPMV6fnlsiZvQQ',
* },
* 'PS256',
* )
* ```

@@ -95,9 +97,7 @@ */

/**
* JSON Web Key ([JWK](https://www.rfc-editor.org/rfc/rfc7517)).
* "RSA", "EC", "OKP", and "oct" key types are supported.
* JSON Web Key ([JWK](https://www.rfc-editor.org/rfc/rfc7517)). "RSA", "EC", "OKP", and "oct" key
* types are supported.
*/
export interface JWK {
/**
* JWK "alg" (Algorithm) Parameter.
*/
/** JWK "alg" (Algorithm) Parameter. */
alg?: string

@@ -109,18 +109,10 @@ crv?: string

e?: string
/**
* JWK "ext" (Extractable) Parameter.
*/
/** JWK "ext" (Extractable) Parameter. */
ext?: boolean
k?: string
/**
* JWK "key_ops" (Key Operations) Parameter.
*/
/** JWK "key_ops" (Key Operations) Parameter. */
key_ops?: string[]
/**
* JWK "kid" (Key ID) Parameter.
*/
/** JWK "kid" (Key ID) Parameter. */
kid?: string
/**
* JWK "kty" (Key Type) Parameter.
*/
/** JWK "kty" (Key Type) Parameter. */
kty?: string

@@ -136,23 +128,13 @@ n?: string

qi?: string
/**
* JWK "use" (Public Key Use) Parameter.
*/
/** JWK "use" (Public Key Use) Parameter. */
use?: string
x?: string
y?: string
/**
* JWK "x5c" (X.509 Certificate Chain) Parameter.
*/
/** JWK "x5c" (X.509 Certificate Chain) Parameter. */
x5c?: string[]
/**
* JWK "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter.
*/
/** JWK "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter. */
x5t?: string
/**
* "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter.
*/
/** "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter. */
'x5t#S256'?: string
/**
* JWK "x5u" (X.509 URL) Parameter.
*/
/** JWK "x5u" (X.509 URL) Parameter. */
x5u?: string

@@ -164,4 +146,4 @@

/**
* Generic Interface for consuming operations dynamic key resolution.
* No token components have been verified at the time of this function call.
* Generic Interface for consuming operations dynamic key resolution. No token components have been
* verified at the time of this function call.
*

@@ -178,12 +160,11 @@ * If you cannot match a key suitable for the token, throw an error instead.

/**
* Flattened JWS definition for verify function inputs, allows payload as
* Uint8Array for detached signature validation.
* Flattened JWS definition for verify function inputs, allows payload as Uint8Array for detached
* signature validation.
*/
export interface FlattenedJWSInput {
/**
* The "header" member MUST be present and contain the value JWS
* Unprotected Header when the JWS Unprotected Header value is non-
* empty; otherwise, it MUST be absent. This value is represented as
* an unencoded JSON object, rather than as a string. These Header
* Parameter values are not integrity protected.
* The "header" member MUST be present and contain the value JWS Unprotected Header when the JWS
* Unprotected Header value is non- empty; otherwise, it MUST be absent. This value is represented
* as an unencoded JSON object, rather than as a string. These Header Parameter values are not
* integrity protected.
*/

@@ -193,5 +174,4 @@ header?: JWSHeaderParameters

/**
* The "payload" member MUST be present and contain the value
* BASE64URL(JWS Payload). When RFC7797 "b64": false is used
* the value passed may also be a Uint8Array.
* The "payload" member MUST be present and contain the value BASE64URL(JWS Payload). When RFC7797
* "b64": false is used the value passed may also be a Uint8Array.
*/

@@ -201,5 +181,4 @@ payload: string | Uint8Array

/**
* The "protected" member MUST be present and contain the value
* BASE64URL(UTF8(JWS Protected Header)) when the JWS Protected
* Header value is non-empty; otherwise, it MUST be absent. These
* The "protected" member MUST be present and contain the value BASE64URL(UTF8(JWS Protected
* Header)) when the JWS Protected Header value is non-empty; otherwise, it MUST be absent. These
* Header Parameter values are integrity protected.

@@ -209,6 +188,3 @@ */

/**
* The "signature" member MUST be present and contain the value
* BASE64URL(JWS Signature).
*/
/** The "signature" member MUST be present and contain the value BASE64URL(JWS Signature). */
signature: string

@@ -218,10 +194,9 @@ }

/**
* General JWS definition for verify function inputs, allows payload as
* Uint8Array for detached signature validation.
* General JWS definition for verify function inputs, allows payload as Uint8Array for detached
* signature validation.
*/
export interface GeneralJWSInput {
/**
* The "payload" member MUST be present and contain the value
* BASE64URL(JWS Payload). When RFC7797 "b64": false is used
* the value passed may also be a Uint8Array.
* The "payload" member MUST be present and contain the value BASE64URL(JWS Payload). When RFC7797
* "b64": false is used the value passed may also be a Uint8Array.
*/

@@ -231,5 +206,4 @@ payload: string | Uint8Array

/**
* The "signatures" member value MUST be an array of JSON objects.
* Each object represents a signature or MAC over the JWS Payload and
* the JWS Protected Header.
* The "signatures" member value MUST be an array of JSON objects. Each object represents a
* signature or MAC over the JWS Payload and the JWS Protected Header.
*/

@@ -240,5 +214,4 @@ signatures: Omit<FlattenedJWSInput, 'payload'>[]

/**
* Flattened JWS definition. Payload is returned as an empty
* string when JWS Unencoded Payload Option
* [RFC7797](https://www.rfc-editor.org/rfc/rfc7797) is used.
* Flattened JWS definition. Payload is returned as an empty string when JWS Unencoded Payload
* Option [RFC7797](https://www.rfc-editor.org/rfc/rfc7797) is used.
*/

@@ -251,4 +224,3 @@ export interface FlattenedJWS extends Partial<FlattenedJWSInput> {

/**
* General JWS definition. Payload is returned as an empty
* string when JWS Unencoded Payload Option
* General JWS definition. Payload is returned as an empty string when JWS Unencoded Payload Option
* [RFC7797](https://www.rfc-editor.org/rfc/rfc7797) is used.

@@ -262,74 +234,46 @@ */

export interface JoseHeaderParameters {
/**
* "kid" (Key ID) Header Parameter.
*/
/** "kid" (Key ID) Header Parameter. */
kid?: string
/**
* "x5t" (X.509 Certificate SHA-1 Thumbprint) Header Parameter.
*/
/** "x5t" (X.509 Certificate SHA-1 Thumbprint) Header Parameter. */
x5t?: string
/**
* "x5c" (X.509 Certificate Chain) Header Parameter.
*/
/** "x5c" (X.509 Certificate Chain) Header Parameter. */
x5c?: string[]
/**
* "x5u" (X.509 URL) Header Parameter.
*/
/** "x5u" (X.509 URL) Header Parameter. */
x5u?: string
/**
* "jku" (JWK Set URL) Header Parameter.
*/
/** "jku" (JWK Set URL) Header Parameter. */
jku?: string
/**
* "jwk" (JSON Web Key) Header Parameter.
*/
/** "jwk" (JSON Web Key) Header Parameter. */
jwk?: Pick<JWK, 'kty' | 'crv' | 'x' | 'y' | 'e' | 'n'>
/**
* "typ" (Type) Header Parameter.
*/
/** "typ" (Type) Header Parameter. */
typ?: string
/**
* "cty" (Content Type) Header Parameter.
*/
/** "cty" (Content Type) Header Parameter. */
cty?: string
}
/**
* Recognized JWS Header Parameters, any other Header Members
* may also be present.
*/
/** Recognized JWS Header Parameters, any other Header Members may also be present. */
export interface JWSHeaderParameters extends JoseHeaderParameters {
/**
* JWS "alg" (Algorithm) Header Parameter.
*/
/** JWS "alg" (Algorithm) Header Parameter. */
alg?: string
/**
* This JWS Extension Header Parameter modifies the JWS Payload
* representation and the JWS Signing Input computation as per
* [RFC7797](https://www.rfc-editor.org/rfc/rfc7797).
* This JWS Extension Header Parameter modifies the JWS Payload representation and the JWS Signing
* Input computation as per [RFC7797](https://www.rfc-editor.org/rfc/rfc7797).
*/
b64?: boolean
/**
* JWS "crit" (Critical) Header Parameter.
*/
/** JWS "crit" (Critical) Header Parameter. */
crit?: string[]
/**
* Any other JWS Header member.
*/
/** Any other JWS Header member. */
[propName: string]: unknown
}
/**
* Recognized JWE Key Management-related Header Parameters.
*/
/** Recognized JWE Key Management-related Header Parameters. */
export interface JWEKeyManagementHeaderParameters {

@@ -339,19 +283,19 @@ apu?: Uint8Array

/**
* @deprecated You should not use this parameter. It is only really intended
* for test and vector validation purposes.
* @deprecated You should not use this parameter. It is only really intended for test and vector
* validation purposes.
*/
p2c?: number
/**
* @deprecated You should not use this parameter. It is only really intended
* for test and vector validation purposes.
* @deprecated You should not use this parameter. It is only really intended for test and vector
* validation purposes.
*/
p2s?: Uint8Array
/**
* @deprecated You should not use this parameter. It is only really intended
* for test and vector validation purposes.
* @deprecated You should not use this parameter. It is only really intended for test and vector
* validation purposes.
*/
iv?: Uint8Array
/**
* @deprecated You should not use this parameter. It is only really intended
* for test and vector validation purposes.
* @deprecated You should not use this parameter. It is only really intended for test and vector
* validation purposes.
*/

@@ -361,25 +305,17 @@ epk?: KeyLike

/**
* Flattened JWE definition.
*/
/** Flattened JWE definition. */
export interface FlattenedJWE {
/**
* The "aad" member MUST be present and contain the value
* BASE64URL(JWE AAD)) when the JWE AAD value is non-empty;
* otherwise, it MUST be absent. A JWE AAD value can be included to
* supply a base64url-encoded value to be integrity protected but not
* encrypted.
* The "aad" member MUST be present and contain the value BASE64URL(JWE AAD)) when the JWE AAD
* value is non-empty; otherwise, it MUST be absent. A JWE AAD value can be included to supply a
* base64url-encoded value to be integrity protected but not encrypted.
*/
aad?: string
/**
* The "ciphertext" member MUST be present and contain the value
* BASE64URL(JWE Ciphertext).
*/
/** The "ciphertext" member MUST be present and contain the value BASE64URL(JWE Ciphertext). */
ciphertext: string
/**
* The "encrypted_key" member MUST be present and contain the value
* BASE64URL(JWE Encrypted Key) when the JWE Encrypted Key value is
* non-empty; otherwise, it MUST be absent.
* The "encrypted_key" member MUST be present and contain the value BASE64URL(JWE Encrypted Key)
* when the JWE Encrypted Key value is non-empty; otherwise, it MUST be absent.
*/

@@ -389,8 +325,6 @@ encrypted_key?: string

/**
* The "header" member MUST be present and contain the value JWE Per-
* Recipient Unprotected Header when the JWE Per-Recipient
* Unprotected Header value is non-empty; otherwise, it MUST be
* absent. This value is represented as an unencoded JSON object,
* rather than as a string. These Header Parameter values are not
* integrity protected.
* The "header" member MUST be present and contain the value JWE Per- Recipient Unprotected Header
* when the JWE Per-Recipient Unprotected Header value is non-empty; otherwise, it MUST be absent.
* This value is represented as an unencoded JSON object, rather than as a string. These Header
* Parameter values are not integrity protected.
*/

@@ -400,5 +334,4 @@ header?: JWEHeaderParameters

/**
* The "iv" member MUST be present and contain the value
* BASE64URL(JWE Initialization Vector) when the JWE Initialization
* Vector value is non-empty; otherwise, it MUST be absent.
* The "iv" member MUST be present and contain the value BASE64URL(JWE Initialization Vector) when
* the JWE Initialization Vector value is non-empty; otherwise, it MUST be absent.
*/

@@ -408,5 +341,4 @@ iv: string

/**
* The "protected" member MUST be present and contain the value
* BASE64URL(UTF8(JWE Protected Header)) when the JWE Protected
* Header value is non-empty; otherwise, it MUST be absent. These
* The "protected" member MUST be present and contain the value BASE64URL(UTF8(JWE Protected
* Header)) when the JWE Protected Header value is non-empty; otherwise, it MUST be absent. These
* Header Parameter values are integrity protected.

@@ -417,5 +349,4 @@ */

/**
* The "tag" member MUST be present and contain the value
* BASE64URL(JWE Authentication Tag) when the JWE Authentication Tag
* value is non-empty; otherwise, it MUST be absent.
* The "tag" member MUST be present and contain the value BASE64URL(JWE Authentication Tag) when
* the JWE Authentication Tag value is non-empty; otherwise, it MUST be absent.
*/

@@ -425,7 +356,6 @@ tag: string

/**
* The "unprotected" member MUST be present and contain the value JWE
* Shared Unprotected Header when the JWE Shared Unprotected Header
* value is non-empty; otherwise, it MUST be absent. This value is
* represented as an unencoded JSON object, rather than as a string.
* These Header Parameter values are not integrity protected.
* The "unprotected" member MUST be present and contain the value JWE Shared Unprotected Header
* when the JWE Shared Unprotected Header value is non-empty; otherwise, it MUST be absent. This
* value is represented as an unencoded JSON object, rather than as a string. These Header
* Parameter values are not integrity protected.
*/

@@ -439,57 +369,38 @@ unprotected?: JWEHeaderParameters

/**
* Recognized JWE Header Parameters, any other Header members
* may also be present.
*/
/** Recognized JWE Header Parameters, any other Header members may also be present. */
export interface JWEHeaderParameters extends JoseHeaderParameters {
/**
* JWE "alg" (Algorithm) Header Parameter.
*/
/** JWE "alg" (Algorithm) Header Parameter. */
alg?: string
/**
* JWE "enc" (Encryption Algorithm) Header Parameter.
*/
/** JWE "enc" (Encryption Algorithm) Header Parameter. */
enc?: string
/**
* JWE "crit" (Critical) Header Parameter.
*/
/** JWE "crit" (Critical) Header Parameter. */
crit?: string[]
/**
* JWE "zip" (Compression Algorithm) Header Parameter.
*/
/** JWE "zip" (Compression Algorithm) Header Parameter. */
zip?: string
/**
* Any other JWE Header member.
*/
/** Any other JWE Header member. */
[propName: string]: unknown
}
/**
* Shared Interface with a "crit" property for all sign, verify, encrypt and decrypt
* operations.
*/
/** Shared Interface with a "crit" property for all sign, verify, encrypt and decrypt operations. */
export interface CritOption {
/**
* An object with keys representing recognized "crit" (Critical) Header Parameter
* names. The value for those is either `true` or `false`. `true` when the
* Header Parameter MUST be integrity protected, `false` when it's irrelevant.
* An object with keys representing recognized "crit" (Critical) Header Parameter names. The value
* for those is either `true` or `false`. `true` when the Header Parameter MUST be integrity
* protected, `false` when it's irrelevant.
*
* This makes the "Extension Header Parameter "${parameter}" is not recognized"
* error go away.
* This makes the "Extension Header Parameter "${parameter}" is not recognized" error go away.
*
* Use this when a given JWS/JWT/JWE profile requires the use of proprietary
* non-registered "crit" (Critical) Header Parameters. This will only make sure
* the Header Parameter is syntactically correct when provided and that it is
* optionally integrity protected. It will not process the Header Parameter in
* any way or reject the operation if it is missing. You MUST still
* verify the Header Parameter was present and process it according to the
* profile's validation steps after the operation succeeds.
* Use this when a given JWS/JWT/JWE profile requires the use of proprietary non-registered "crit"
* (Critical) Header Parameters. This will only make sure the Header Parameter is syntactically
* correct when provided and that it is optionally integrity protected. It will not process the
* Header Parameter in any way or reject the operation if it is missing. You MUST still verify the
* Header Parameter was present and process it according to the profile's validation steps after
* the operation succeeds.
*
* The JWS extension Header Parameter `b64` is always recognized and processed
* properly. No other registered Header Parameters that need this kind of
* default built-in treatment are currently available.
* The JWS extension Header Parameter `b64` is always recognized and processed properly. No other
* registered Header Parameters that need this kind of default built-in treatment are currently available.
*/

@@ -501,15 +412,10 @@ crit?: {

/**
* JWE Decryption options.
*/
/** JWE Decryption options. */
export interface DecryptOptions extends CritOption {
/**
* A list of accepted JWE "alg" (Algorithm) Header Parameter values.
*/
/** A list of accepted JWE "alg" (Algorithm) Header Parameter values. */
keyManagementAlgorithms?: string[]
/**
* A list of accepted JWE "enc" (Encryption Algorithm) Header Parameter values.
* By default all "enc" (Encryption Algorithm) values applicable for the used
* key/secret are allowed.
* A list of accepted JWE "enc" (Encryption Algorithm) Header Parameter values. By default all
* "enc" (Encryption Algorithm) values applicable for the used key/secret are allowed.
*/

@@ -519,4 +425,4 @@ contentEncryptionAlgorithms?: string[]

/**
* In a browser runtime you have to provide an implementation for Inflate Raw
* when you expect JWEs with compressed plaintext.
* In a browser runtime you have to provide an implementation for Inflate Raw when you expect JWEs
* with compressed plaintext.
*/

@@ -526,9 +432,7 @@ inflateRaw?: InflateFunction

/**
* JWE Deflate option.
*/
/** JWE Deflate option. */
export interface DeflateOption {
/**
* In a browser runtime you have to provide an implementation for Deflate Raw
* when you will be producing JWEs with compressed plaintext.
* In a browser runtime you have to provide an implementation for Deflate Raw when you will be
* producing JWEs with compressed plaintext.
*/

@@ -538,14 +442,8 @@ deflateRaw?: DeflateFunction

/**
* JWE Encryption options.
*/
/** JWE Encryption options. */
export interface EncryptOptions extends CritOption, DeflateOption {}
/**
* JWT Claims Set verification options.
*/
/** JWT Claims Set verification options. */
export interface JWTClaimVerificationOptions {
/**
* Expected JWT "aud" (Audience) Claim value(s).
*/
/** Expected JWT "aud" (Audience) Claim value(s). */
audience?: string | string[]

@@ -555,10 +453,9 @@

* Expected clock tolerance
* - in seconds when number (e.g. 5)
* - parsed as seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours").
*
* - In seconds when number (e.g. 5)
* - Parsed as seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours").
*/
clockTolerance?: string | number
/**
* Expected JWT "iss" (Issuer) Claim value(s).
*/
/** Expected JWT "iss" (Issuer) Claim value(s). */
issuer?: string | string[]

@@ -568,31 +465,23 @@

* Maximum time elapsed (in seconds) from the JWT "iat" (Issued At) Claim value.
* - in seconds when number (e.g. 5)
* - parsed as seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours").
*
* - In seconds when number (e.g. 5)
* - Parsed as seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours").
*/
maxTokenAge?: string | number
/**
* Expected JWT "sub" (Subject) Claim value.
*/
/** Expected JWT "sub" (Subject) Claim value. */
subject?: string
/**
* Expected JWT "typ" (Type) Header Parameter value.
*/
/** Expected JWT "typ" (Type) Header Parameter value. */
typ?: string
/**
* Date to use when comparing NumericDate claims, defaults to `new Date()`.
*/
/** Date to use when comparing NumericDate claims, defaults to `new Date()`. */
currentDate?: Date
}
/**
* JWS Verification options.
*/
/** JWS Verification options. */
export interface VerifyOptions extends CritOption {
/**
* A list of accepted JWS "alg" (Algorithm) Header Parameter values.
* By default all "alg" (Algorithm) values applicable for the used
* key/secret are allowed. Note: "none" is never accepted.
* A list of accepted JWS "alg" (Algorithm) Header Parameter values. By default all "alg"
* (Algorithm) values applicable for the used key/secret are allowed. Note: "none" is never accepted.
*/

@@ -602,50 +491,29 @@ algorithms?: string[]

/**
* JWS Signing options.
*/
/** JWS Signing options. */
export interface SignOptions extends CritOption {}
/**
* Recognized JWT Claims Set members, any other members
* may also be present.
*/
/** Recognized JWT Claims Set members, any other members may also be present. */
export interface JWTPayload {
/**
* JWT Issuer - [RFC7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1).
*/
/** JWT Issuer - [RFC7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1). */
iss?: string
/**
* JWT Subject - [RFC7519#section-4.1.2](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.2).
*/
/** JWT Subject - [RFC7519#section-4.1.2](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.2). */
sub?: string
/**
* JWT Audience [RFC7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3).
*/
/** JWT Audience [RFC7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3). */
aud?: string | string[]
/**
* JWT ID - [RFC7519#section-4.1.7](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.7).
*/
/** JWT ID - [RFC7519#section-4.1.7](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.7). */
jti?: string
/**
* JWT Not Before - [RFC7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5).
*/
/** JWT Not Before - [RFC7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5). */
nbf?: number
/**
* JWT Expiration Time - [RFC7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4).
*/
/** JWT Expiration Time - [RFC7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4). */
exp?: number
/**
* JWT Issued At - [RFC7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6).
*/
/** JWT Issued At - [RFC7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6). */
iat?: number
/**
* Any other JWT Claim Set member.
*/
/** Any other JWT Claim Set member. */
[propName: string]: unknown

@@ -655,3 +523,4 @@ }

/**
* Deflate Raw implementation, e.g. promisified [zlib.deflateRaw](https://nodejs.org/api/zlib.html#zlib_zlib_deflateraw_buffer_options_callback).
* Deflate Raw implementation, e.g. promisified
* [zlib.deflateRaw](https://nodejs.org/api/zlib.html#zlibdeflaterawbuffer-options-callback).
*/

@@ -663,3 +532,4 @@ export interface DeflateFunction {

/**
* Inflate Raw implementation, e.g. promisified [zlib.inflateRaw](https://nodejs.org/api/zlib.html#zlib_zlib_inflateraw_buffer_options_callback).
* Inflate Raw implementation, e.g. promisified
* [zlib.inflateRaw](https://nodejs.org/api/zlib.html#zlibinflaterawbuffer-options-callback).
*/

@@ -671,25 +541,15 @@ export interface InflateFunction {

export interface FlattenedDecryptResult {
/**
* JWE AAD.
*/
/** JWE AAD. */
additionalAuthenticatedData?: Uint8Array
/**
* Plaintext.
*/
/** Plaintext. */
plaintext: Uint8Array
/**
* JWE Protected Header.
*/
/** JWE Protected Header. */
protectedHeader?: JWEHeaderParameters
/**
* JWE Shared Unprotected Header.
*/
/** JWE Shared Unprotected Header. */
sharedUnprotectedHeader?: JWEHeaderParameters
/**
* JWE Per-Recipient Unprotected Header.
*/
/** JWE Per-Recipient Unprotected Header. */
unprotectedHeader?: JWEHeaderParameters

@@ -701,10 +561,6 @@ }

export interface CompactDecryptResult {
/**
* Plaintext.
*/
/** Plaintext. */
plaintext: Uint8Array
/**
* JWE Protected Header.
*/
/** JWE Protected Header. */
protectedHeader: CompactJWEHeaderParameters

@@ -714,15 +570,9 @@ }

export interface FlattenedVerifyResult {
/**
* JWS Payload.
*/
/** JWS Payload. */
payload: Uint8Array
/**
* JWS Protected Header.
*/
/** JWS Protected Header. */
protectedHeader?: JWSHeaderParameters
/**
* JWS Unprotected Header.
*/
/** JWS Unprotected Header. */
unprotectedHeader?: JWSHeaderParameters

@@ -734,10 +584,6 @@ }

export interface CompactVerifyResult {
/**
* JWS Payload.
*/
/** JWS Payload. */
payload: Uint8Array
/**
* JWS Protected Header.
*/
/** JWS Protected Header. */
protectedHeader: CompactJWSHeaderParameters

@@ -747,10 +593,6 @@ }

export interface JWTVerifyResult {
/**
* JWT Claims Set.
*/
/** JWT Claims Set. */
payload: JWTPayload
/**
* JWS Protected Header.
*/
/** JWS Protected Header. */
protectedHeader: JWTHeaderParameters

@@ -760,10 +602,6 @@ }

export interface JWTDecryptResult {
/**
* JWT Claims Set.
*/
/** JWT Claims Set. */
payload: JWTPayload
/**
* JWE Protected Header.
*/
/** JWE Protected Header. */
protectedHeader: CompactJWEHeaderParameters

@@ -773,12 +611,7 @@ }

export interface ResolvedKey {
/**
* Key resolved from the key resolver function.
*/
/** Key resolved from the key resolver function. */
key: KeyLike | Uint8Array
}
/**
* Recognized Compact JWS Header Parameters, any other Header Members
* may also be present.
*/
/** Recognized Compact JWS Header Parameters, any other Header Members may also be present. */
export interface CompactJWSHeaderParameters extends JWSHeaderParameters {

@@ -788,6 +621,3 @@ alg: string

/**
* Recognized Signed JWT Header Parameters, any other Header Members
* may also be present.
*/
/** Recognized Signed JWT Header Parameters, any other Header Members may also be present. */
export interface JWTHeaderParameters extends CompactJWSHeaderParameters {

@@ -797,6 +627,3 @@ b64?: true

/**
* Recognized Compact JWE Header Parameters, any other Header Members
* may also be present.
*/
/** Recognized Compact JWE Header Parameters, any other Header Members may also be present. */
export interface CompactJWEHeaderParameters extends JWEHeaderParameters {

@@ -807,7 +634,5 @@ alg: string

/**
* JSON Web Key Set
*/
/** JSON Web Key Set */
export interface JSONWebKeySet {
keys: JWK[]
}
import type { JWTPayload } from '../types';
/**
* Decodes a signed JSON Web Token payload. This does not validate the JWT Claims Set
* types or values. This does not validate the JWS Signature. For a proper
* Signed JWT Claims Set validation and JWS signature verification use `jose.jwtVerify()`.
* For an encrypted JWT Claims Set validation and JWE decryption use `jose.jwtDecrypt()`.
* Decodes a signed JSON Web Token payload. This does not validate the JWT Claims Set types or
* values. This does not validate the JWS Signature. For a proper Signed JWT Claims Set validation
* and JWS signature verification use `jose.jwtVerify()`. For an encrypted JWT Claims Set validation
* and JWE decryption use `jose.jwtDecrypt()`.
*
* @param jwt JWT token in compact JWS serialization.
* @example Usage
*
* @example Usage
* ```js

@@ -15,3 +14,5 @@ * const claims = jose.decodeJwt(token)

* ```
*
* @param jwt JWT token in compact JWS serialization.
*/
export declare function decodeJwt(jwt: string): JWTPayload;

@@ -6,5 +6,4 @@ import type { JWSHeaderParameters, JWEHeaderParameters } from '../types';

*
* @param token JWE/JWS/JWT token in any JOSE serialization.
* @example Usage
*
* @example Usage
* ```js

@@ -14,3 +13,5 @@ * const protectedHeader = jose.decodeProtectedHeader(token)

* ```
*
* @param token JWE/JWS/JWT token in any JOSE serialization.
*/
export declare function decodeProtectedHeader(token: string | object): ProtectedHeaderParameters;

@@ -1,51 +0,30 @@

/**
* A generic Error subclass that all other specific
* JOSE Error subclasses inherit from.
*/
/** A generic Error subclass that all other specific JOSE Error subclasses inherit from. */
export declare class JOSEError extends Error {
/**
* A unique error code for the particular error subclass.
*/
/** A unique error code for the particular error subclass. */
static get code(): string;
/**
* A unique error code for the particular error subclass.
*/
/** A unique error code for the particular error subclass. */
code: string;
constructor(message?: string);
}
/**
* An error subclass thrown when a JWT Claim Set member validation fails.
*/
/** An error subclass thrown when a JWT Claim Set member validation fails. */
export declare class JWTClaimValidationFailed extends JOSEError {
static get code(): 'ERR_JWT_CLAIM_VALIDATION_FAILED';
code: string;
/**
* The Claim for which the validation failed.
*/
/** The Claim for which the validation failed. */
claim: string;
/**
* Reason code for the validation failure.
*/
/** Reason code for the validation failure. */
reason: string;
constructor(message: string, claim?: string, reason?: string);
}
/**
* An error subclass thrown when a JWT is expired.
*/
/** An error subclass thrown when a JWT is expired. */
export declare class JWTExpired extends JOSEError implements JWTClaimValidationFailed {
static get code(): 'ERR_JWT_EXPIRED';
code: string;
/**
* The Claim for which the validation failed.
*/
/** The Claim for which the validation failed. */
claim: string;
/**
* Reason code for the validation failure.
*/
/** Reason code for the validation failure. */
reason: string;
constructor(message: string, claim?: string, reason?: string);
}
/**
* An error subclass thrown when a JOSE Algorithm is not allowed per developer preference.
*/
/** An error subclass thrown when a JOSE Algorithm is not allowed per developer preference. */
export declare class JOSEAlgNotAllowed extends JOSEError {

@@ -63,5 +42,3 @@ static get code(): 'ERR_JOSE_ALG_NOT_ALLOWED';

}
/**
* An error subclass thrown when a JWE ciphertext decryption fails.
*/
/** An error subclass thrown when a JWE ciphertext decryption fails. */
export declare class JWEDecryptionFailed extends JOSEError {

@@ -72,5 +49,3 @@ static get code(): 'ERR_JWE_DECRYPTION_FAILED';

}
/**
* An error subclass thrown when a JWE is invalid.
*/
/** An error subclass thrown when a JWE is invalid. */
export declare class JWEInvalid extends JOSEError {

@@ -80,5 +55,3 @@ static get code(): 'ERR_JWE_INVALID';

}
/**
* An error subclass thrown when a JWS is invalid.
*/
/** An error subclass thrown when a JWS is invalid. */
export declare class JWSInvalid extends JOSEError {

@@ -88,5 +61,3 @@ static get code(): 'ERR_JWS_INVALID';

}
/**
* An error subclass thrown when a JWT is invalid.
*/
/** An error subclass thrown when a JWT is invalid. */
export declare class JWTInvalid extends JOSEError {

@@ -96,5 +67,3 @@ static get code(): 'ERR_JWT_INVALID';

}
/**
* An error subclass thrown when a JWK is invalid.
*/
/** An error subclass thrown when a JWK is invalid. */
export declare class JWKInvalid extends JOSEError {

@@ -104,5 +73,3 @@ static get code(): 'ERR_JWK_INVALID';

}
/**
* An error subclass thrown when a JWKS is invalid.
*/
/** An error subclass thrown when a JWKS is invalid. */
export declare class JWKSInvalid extends JOSEError {

@@ -112,5 +79,3 @@ static get code(): 'ERR_JWKS_INVALID';

}
/**
* An error subclass thrown when no keys match from a JWKS.
*/
/** An error subclass thrown when no keys match from a JWKS. */
export declare class JWKSNoMatchingKey extends JOSEError {

@@ -121,5 +86,3 @@ static get code(): 'ERR_JWKS_NO_MATCHING_KEY';

}
/**
* An error subclass thrown when multiple keys match from a JWKS.
*/
/** An error subclass thrown when multiple keys match from a JWKS. */
export declare class JWKSMultipleMatchingKeys extends JOSEError {

@@ -130,5 +93,3 @@ static get code(): 'ERR_JWKS_MULTIPLE_MATCHING_KEYS';

}
/**
* Timeout was reached when retrieving the JWKS response.
*/
/** Timeout was reached when retrieving the JWKS response. */
export declare class JWKSTimeout extends JOSEError {

@@ -139,5 +100,3 @@ static get code(): 'ERR_JWKS_TIMEOUT';

}
/**
* An error subclass thrown when JWS signature verification fails.
*/
/** An error subclass thrown when JWS signature verification fails. */
export declare class JWSSignatureVerificationFailed extends JOSEError {

@@ -144,0 +103,0 @@ static get code(): 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED';

{
"name": "jose-browser-runtime",
"version": "4.8.3",
"version": "4.9.0",
"homepage": "https://github.com/panva/jose",

@@ -5,0 +5,0 @@ "repository": "panva/jose",

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc