jose-browser-runtime
Advanced tools
Comparing version 4.8.3 to 4.9.0
@@ -17,3 +17,3 @@ export { compactDecrypt } from './jwe/compact/decrypt.js'; | ||
export { EncryptJWT } from './jwt/encrypt.js'; | ||
export { calculateJwkThumbprint } from './jwk/thumbprint.js'; | ||
export { calculateJwkThumbprint, calculateJwkThumbprintUri } from './jwk/thumbprint.js'; | ||
export { EmbeddedJWK } from './jwk/embedded.js'; | ||
@@ -20,0 +20,0 @@ export { createLocalJWKSet } from './jwks/local.js'; |
@@ -46,4 +46,4 @@ import { decode as base64url } from '../../runtime/base64url.js'; | ||
if (jwe.protected) { | ||
const protectedHeader = base64url(jwe.protected); | ||
try { | ||
const protectedHeader = base64url(jwe.protected); | ||
parsedProt = JSON.parse(decoder.decode(protectedHeader)); | ||
@@ -50,0 +50,0 @@ } |
@@ -11,6 +11,7 @@ import digest from '../runtime/digest.js'; | ||
}; | ||
export async function calculateJwkThumbprint(jwk, digestAlgorithm = 'sha256') { | ||
export async function calculateJwkThumbprint(jwk, digestAlgorithm) { | ||
if (!isObject(jwk)) { | ||
throw new TypeError('JWK must be an object'); | ||
} | ||
digestAlgorithm !== null && digestAlgorithm !== void 0 ? digestAlgorithm : (digestAlgorithm = 'sha256'); | ||
if (digestAlgorithm !== 'sha256' && | ||
@@ -49,1 +50,6 @@ digestAlgorithm !== 'sha384' && | ||
} | ||
export async function calculateJwkThumbprintUri(jwk, digestAlgorithm) { | ||
digestAlgorithm !== null && digestAlgorithm !== void 0 ? digestAlgorithm : (digestAlgorithm = 'sha256'); | ||
const thumbprint = await calculateJwkThumbprint(jwk, digestAlgorithm); | ||
return `urn:ietf:params:oauth:jwk-thumbprint:sha-${digestAlgorithm.slice(-3)}:${thumbprint}`; | ||
} |
@@ -32,4 +32,4 @@ import { decode as base64url } from '../../runtime/base64url.js'; | ||
if (jws.protected) { | ||
const protectedHeader = base64url(jws.protected); | ||
try { | ||
const protectedHeader = base64url(jws.protected); | ||
parsedProt = JSON.parse(decoder.decode(protectedHeader)); | ||
@@ -36,0 +36,0 @@ } |
@@ -28,3 +28,3 @@ export { compactDecrypt } from './jwe/compact/decrypt'; | ||
export { EncryptJWT } from './jwt/encrypt'; | ||
export { calculateJwkThumbprint } from './jwk/thumbprint'; | ||
export { calculateJwkThumbprint, calculateJwkThumbprintUri } from './jwk/thumbprint'; | ||
export { EmbeddedJWK } from './jwk/embedded'; | ||
@@ -31,0 +31,0 @@ export { createLocalJWKSet } from './jwks/local'; |
import type { KeyLike, DecryptOptions, CompactJWEHeaderParameters, GetKeyFunction, FlattenedJWE, CompactDecryptResult, ResolvedKey } from '../../types'; | ||
/** | ||
* Interface for Compact JWE Decryption dynamic key resolution. | ||
* No token components have been verified at the time of this function call. | ||
* Interface for Compact JWE Decryption dynamic key resolution. No token components have been | ||
* verified at the time of this function call. | ||
*/ | ||
@@ -11,9 +11,7 @@ export interface CompactDecryptGetKey extends GetKeyFunction<CompactJWEHeaderParameters, FlattenedJWE> { | ||
* | ||
* @param jwe Compact JWE. | ||
* @param key Private Key or Secret to decrypt the JWE with. | ||
* @param options JWE Decryption options. | ||
* @example Usage | ||
* | ||
* @example Usage | ||
* ```js | ||
* const jwe = 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIn0.nyQ19eq9ogh9wA7fFtnI2oouzy5_8b5DeLkoRMfi2yijgfTs2zEnayCEofz_qhnL-nwszabd9qUeHv0-IwvhhJJS7GUJOU3ikiIe42qcIAFme1A_Fo9CTxw4XTOy-I5qanl8So91u6hwfyN1VxAqVLsSE7_23EC-gfGEg_5znew9PyXXsOIE-K_HH7IQowRrlZ1X_bM_Liu53RzDpLDvRz59mp3S8L56YqpM8FexFGTGpEaoTcEIst375qncYt3-79IVR7gZN1RWsWgjPatfvVbnh74PglQcATSf3UUhaW0OAKn6q7r3PDx6DIKQ35bgHQg5QopuN00eIfLQL2trGw.W3grIVj5HVuAb76X.6PcuDe5D6ttWFYyv0oqqdDXfI2R8wBg1F2Q80UUA_Gv8eEimNWfxIWdLxrjzgQGSvIhxmFKuLM0.a93_Ug3uZHuczj70Zavx8Q' | ||
* const jwe = | ||
* 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIn0.nyQ19eq9ogh9wA7fFtnI2oouzy5_8b5DeLkoRMfi2yijgfTs2zEnayCEofz_qhnL-nwszabd9qUeHv0-IwvhhJJS7GUJOU3ikiIe42qcIAFme1A_Fo9CTxw4XTOy-I5qanl8So91u6hwfyN1VxAqVLsSE7_23EC-gfGEg_5znew9PyXXsOIE-K_HH7IQowRrlZ1X_bM_Liu53RzDpLDvRz59mp3S8L56YqpM8FexFGTGpEaoTcEIst375qncYt3-79IVR7gZN1RWsWgjPatfvVbnh74PglQcATSf3UUhaW0OAKn6q7r3PDx6DIKQ35bgHQg5QopuN00eIfLQL2trGw.W3grIVj5HVuAb76X.6PcuDe5D6ttWFYyv0oqqdDXfI2R8wBg1F2Q80UUA_Gv8eEimNWfxIWdLxrjzgQGSvIhxmFKuLM0.a93_Ug3uZHuczj70Zavx8Q' | ||
* | ||
@@ -25,2 +23,6 @@ * const { plaintext, protectedHeader } = await jose.compactDecrypt(jwe, privateKey) | ||
* ``` | ||
* | ||
* @param jwe Compact JWE. | ||
* @param key Private Key or Secret to decrypt the JWE with. | ||
* @param options JWE Decryption options. | ||
*/ | ||
@@ -27,0 +29,0 @@ export declare function compactDecrypt(jwe: string | Uint8Array, key: KeyLike | Uint8Array, options?: DecryptOptions): Promise<CompactDecryptResult>; |
@@ -6,7 +6,6 @@ import type { KeyLike, JWEKeyManagementHeaderParameters, CompactJWEHeaderParameters, EncryptOptions } from '../../types'; | ||
* @example Usage | ||
* | ||
* ```js | ||
* const jwe = await new jose.CompactEncrypt( | ||
* new TextEncoder().encode( | ||
* 'It’s a dangerous business, Frodo, going out your door.' | ||
* ) | ||
* new TextEncoder().encode('It’s a dangerous business, Frodo, going out your door.'), | ||
* ) | ||
@@ -21,25 +20,20 @@ * .setProtectedHeader({ alg: 'RSA-OAEP-256', enc: 'A256GCM' }) | ||
private _flattened; | ||
/** | ||
* @param plaintext Binary representation of the plaintext to encrypt. | ||
*/ | ||
/** @param plaintext Binary representation of the plaintext to encrypt. */ | ||
constructor(plaintext: Uint8Array); | ||
/** | ||
* Sets a content encryption key to use, by default a random suitable one | ||
* is generated for the JWE enc" (Encryption Algorithm) Header Parameter. | ||
* Sets a content encryption key to use, by default a random suitable one is generated for the JWE | ||
* enc" (Encryption Algorithm) Header Parameter. | ||
* | ||
* @deprecated You should not use this method. It is only really intended for test and vector | ||
* validation purposes. | ||
* @param cek JWE Content Encryption Key. | ||
* | ||
* @deprecated You should not use this method. It is only really intended | ||
* for test and vector validation purposes. | ||
*/ | ||
setContentEncryptionKey(cek: Uint8Array): this; | ||
/** | ||
* Sets the JWE Initialization Vector to use for content encryption, by default | ||
* a random suitable one is generated for the JWE enc" (Encryption Algorithm) | ||
* Header Parameter. | ||
* Sets the JWE Initialization Vector to use for content encryption, by default a random suitable | ||
* one is generated for the JWE enc" (Encryption Algorithm) Header Parameter. | ||
* | ||
* @deprecated You should not use this method. It is only really intended for test and vector | ||
* validation purposes. | ||
* @param iv JWE Initialization Vector. | ||
* | ||
* @deprecated You should not use this method. It is only really intended | ||
* for test and vector validation purposes. | ||
*/ | ||
@@ -54,5 +48,5 @@ setInitializationVector(iv: Uint8Array): this; | ||
/** | ||
* Sets the JWE Key Management parameters to be used when encrypting the Content | ||
* Encryption Key. You do not need to invoke this method, it is only really | ||
* intended for test and vector validation purposes. | ||
* Sets the JWE Key Management parameters to be used when encrypting the Content Encryption Key. | ||
* You do not need to invoke this method, it is only really intended for test and vector | ||
* validation purposes. | ||
* | ||
@@ -59,0 +53,0 @@ * @param parameters JWE Key Management parameters. |
import type { FlattenedDecryptResult, KeyLike, FlattenedJWE, JWEHeaderParameters, DecryptOptions, GetKeyFunction, ResolvedKey } from '../../types'; | ||
/** | ||
* Interface for Flattened JWE Decryption dynamic key resolution. | ||
* No token components have been verified at the time of this function call. | ||
* Interface for Flattened JWE Decryption dynamic key resolution. No token components have been | ||
* verified at the time of this function call. | ||
*/ | ||
@@ -11,7 +11,4 @@ export interface FlattenedDecryptGetKey extends GetKeyFunction<JWEHeaderParameters | undefined, FlattenedJWE> { | ||
* | ||
* @param jwe Flattened JWE. | ||
* @param key Private Key or Secret to decrypt the JWE with. | ||
* @param options JWE Decryption options. | ||
* @example Usage | ||
* | ||
* @example Usage | ||
* ```js | ||
@@ -22,12 +19,10 @@ * const jwe = { | ||
* tag: 'W76IYV6arGRuDSaSyWrQNg', | ||
* encrypted_key: 'Z6eD4UK_yFb5ZoKvKkGAdqywEG_m0e4IYo0x8Vf30LAMJcsc-_zSgIeiF82teZyYi2YYduHKoqImk7MRnoPZOlEs0Q5BNK1OgBmSOhCE8DFyqh9Zh48TCTP6lmBQ52naqoUJFMtHzu-0LwZH26hxos0GP3Dt19O379MJB837TdKKa87skq0zHaVLAquRHOBF77GI54Bc7O49d8aOrSu1VEFGMThlW2caspPRiTSePDMDPq7_WGk50izRhB3Asl9wmP9wEeaTrkJKRnQj5ips1SAZ1hDBsqEQKKukxP1HtdcopHV5_qgwU8Hjm5EwSLMluMQuiE6hwlkXGOujZLVizA', | ||
* encrypted_key: | ||
* 'Z6eD4UK_yFb5ZoKvKkGAdqywEG_m0e4IYo0x8Vf30LAMJcsc-_zSgIeiF82teZyYi2YYduHKoqImk7MRnoPZOlEs0Q5BNK1OgBmSOhCE8DFyqh9Zh48TCTP6lmBQ52naqoUJFMtHzu-0LwZH26hxos0GP3Dt19O379MJB837TdKKa87skq0zHaVLAquRHOBF77GI54Bc7O49d8aOrSu1VEFGMThlW2caspPRiTSePDMDPq7_WGk50izRhB3Asl9wmP9wEeaTrkJKRnQj5ips1SAZ1hDBsqEQKKukxP1HtdcopHV5_qgwU8Hjm5EwSLMluMQuiE6hwlkXGOujZLVizA', | ||
* aad: 'VGhlIEZlbGxvd3NoaXAgb2YgdGhlIFJpbmc', | ||
* protected: 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIn0' | ||
* protected: 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIn0', | ||
* } | ||
* | ||
* const { | ||
* plaintext, | ||
* protectedHeader, | ||
* additionalAuthenticatedData | ||
* } = await jose.flattenedDecrypt(jwe, privateKey) | ||
* const { plaintext, protectedHeader, additionalAuthenticatedData } = | ||
* await jose.flattenedDecrypt(jwe, privateKey) | ||
* | ||
@@ -39,2 +34,6 @@ * console.log(protectedHeader) | ||
* ``` | ||
* | ||
* @param jwe Flattened JWE. | ||
* @param key Private Key or Secret to decrypt the JWE with. | ||
* @param options JWE Decryption options. | ||
*/ | ||
@@ -41,0 +40,0 @@ export declare function flattenedDecrypt(jwe: FlattenedJWE, key: KeyLike | Uint8Array, options?: DecryptOptions): Promise<FlattenedDecryptResult>; |
import type { KeyLike, FlattenedJWE, JWEHeaderParameters, JWEKeyManagementHeaderParameters, EncryptOptions } from '../../types'; | ||
/** | ||
* @private | ||
*/ | ||
/** @private */ | ||
export declare const unprotected: unique symbol; | ||
/** | ||
* The FlattenedEncrypt class is a utility for creating Flattened JWE | ||
* objects. | ||
* The FlattenedEncrypt class is a utility for creating Flattened JWE objects. | ||
* | ||
* @example Usage | ||
* | ||
* ```js | ||
* const jwe = await new jose.FlattenedEncrypt( | ||
* new TextEncoder().encode( | ||
* 'It’s a dangerous business, Frodo, going out your door.' | ||
* ) | ||
* new TextEncoder().encode('It’s a dangerous business, Frodo, going out your door.'), | ||
* ) | ||
@@ -33,11 +29,9 @@ * .setProtectedHeader({ alg: 'RSA-OAEP-256', enc: 'A256GCM' }) | ||
private _keyManagementParameters; | ||
/** | ||
* @param plaintext Binary representation of the plaintext to encrypt. | ||
*/ | ||
/** @param plaintext Binary representation of the plaintext to encrypt. */ | ||
constructor(plaintext: Uint8Array); | ||
/** | ||
* Sets the JWE Key Management parameters to be used when encrypting. | ||
* Use of this is method is really only needed for ECDH based algorithms | ||
* when utilizing the Agreement PartyUInfo or Agreement PartyVInfo parameters. | ||
* Other parameters will always be randomly generated when needed and missing. | ||
* Sets the JWE Key Management parameters to be used when encrypting. Use of this is method is | ||
* really only needed for ECDH based algorithms when utilizing the Agreement PartyUInfo or | ||
* Agreement PartyVInfo parameters. Other parameters will always be randomly generated when needed | ||
* and missing. | ||
* | ||
@@ -72,20 +66,17 @@ * @param parameters JWE Key Management parameters. | ||
/** | ||
* Sets a content encryption key to use, by default a random suitable one | ||
* is generated for the JWE enc" (Encryption Algorithm) Header Parameter. | ||
* Sets a content encryption key to use, by default a random suitable one is generated for the JWE | ||
* enc" (Encryption Algorithm) Header Parameter. | ||
* | ||
* @deprecated You should not use this method. It is only really intended for test and vector | ||
* validation purposes. | ||
* @param cek JWE Content Encryption Key. | ||
* | ||
* @deprecated You should not use this method. It is only really intended | ||
* for test and vector validation purposes. | ||
*/ | ||
setContentEncryptionKey(cek: Uint8Array): this; | ||
/** | ||
* Sets the JWE Initialization Vector to use for content encryption, by default | ||
* a random suitable one is generated for the JWE enc" (Encryption Algorithm) | ||
* Header Parameter. | ||
* Sets the JWE Initialization Vector to use for content encryption, by default a random suitable | ||
* one is generated for the JWE enc" (Encryption Algorithm) Header Parameter. | ||
* | ||
* @deprecated You should not use this method. It is only really intended for test and vector | ||
* validation purposes. | ||
* @param iv JWE Initialization Vector. | ||
* | ||
* @deprecated You should not use this method. It is only really intended | ||
* for test and vector validation purposes. | ||
*/ | ||
@@ -92,0 +83,0 @@ setInitializationVector(iv: Uint8Array): this; |
import type { KeyLike, DecryptOptions, JWEHeaderParameters, GetKeyFunction, FlattenedJWE, GeneralJWE, GeneralDecryptResult, ResolvedKey } from '../../types'; | ||
/** | ||
* Interface for General JWE Decryption dynamic key resolution. | ||
* No token components have been verified at the time of this function call. | ||
* Interface for General JWE Decryption dynamic key resolution. No token components have been | ||
* verified at the time of this function call. | ||
*/ | ||
@@ -11,7 +11,4 @@ export interface GeneralDecryptGetKey extends GetKeyFunction<JWEHeaderParameters, FlattenedJWE> { | ||
* | ||
* @param jwe General JWE. | ||
* @param key Private Key or Secret to decrypt the JWE with. | ||
* @param options JWE Decryption options. | ||
* @example Usage | ||
* | ||
* @example Usage | ||
* ```js | ||
@@ -26,12 +23,10 @@ * const jwe = { | ||
* { | ||
* encrypted_key: 'Z6eD4UK_yFb5ZoKvKkGAdqywEG_m0e4IYo0x8Vf30LAMJcsc-_zSgIeiF82teZyYi2YYduHKoqImk7MRnoPZOlEs0Q5BNK1OgBmSOhCE8DFyqh9Zh48TCTP6lmBQ52naqoUJFMtHzu-0LwZH26hxos0GP3Dt19O379MJB837TdKKa87skq0zHaVLAquRHOBF77GI54Bc7O49d8aOrSu1VEFGMThlW2caspPRiTSePDMDPq7_WGk50izRhB3Asl9wmP9wEeaTrkJKRnQj5ips1SAZ1hDBsqEQKKukxP1HtdcopHV5_qgwU8Hjm5EwSLMluMQuiE6hwlkXGOujZLVizA' | ||
* } | ||
* ] | ||
* encrypted_key: | ||
* 'Z6eD4UK_yFb5ZoKvKkGAdqywEG_m0e4IYo0x8Vf30LAMJcsc-_zSgIeiF82teZyYi2YYduHKoqImk7MRnoPZOlEs0Q5BNK1OgBmSOhCE8DFyqh9Zh48TCTP6lmBQ52naqoUJFMtHzu-0LwZH26hxos0GP3Dt19O379MJB837TdKKa87skq0zHaVLAquRHOBF77GI54Bc7O49d8aOrSu1VEFGMThlW2caspPRiTSePDMDPq7_WGk50izRhB3Asl9wmP9wEeaTrkJKRnQj5ips1SAZ1hDBsqEQKKukxP1HtdcopHV5_qgwU8Hjm5EwSLMluMQuiE6hwlkXGOujZLVizA', | ||
* }, | ||
* ], | ||
* } | ||
* | ||
* const { | ||
* plaintext, | ||
* protectedHeader, | ||
* additionalAuthenticatedData | ||
* } = await jose.generalDecrypt(jwe, privateKey) | ||
* const { plaintext, protectedHeader, additionalAuthenticatedData } = | ||
* await jose.generalDecrypt(jwe, privateKey) | ||
* | ||
@@ -43,2 +38,6 @@ * console.log(protectedHeader) | ||
* ``` | ||
* | ||
* @param jwe General JWE. | ||
* @param key Private Key or Secret to decrypt the JWE with. | ||
* @param options JWE Decryption options. | ||
*/ | ||
@@ -45,0 +44,0 @@ export declare function generalDecrypt(jwe: GeneralJWE, key: KeyLike | Uint8Array, options?: DecryptOptions): Promise<GeneralDecryptResult>; |
@@ -9,13 +9,7 @@ import type { KeyLike, GeneralJWE, JWEHeaderParameters, CritOption, DeflateOption } from '../../types'; | ||
setUnprotectedHeader(unprotectedHeader: JWEHeaderParameters): Recipient; | ||
/** | ||
* A shorthand for calling addRecipient() on the enclosing GeneralEncrypt instance | ||
*/ | ||
/** A shorthand for calling addRecipient() on the enclosing GeneralEncrypt instance */ | ||
addRecipient(...args: Parameters<GeneralEncrypt['addRecipient']>): Recipient; | ||
/** | ||
* A shorthand for calling encrypt() on the enclosing GeneralEncrypt instance | ||
*/ | ||
/** A shorthand for calling encrypt() on the enclosing GeneralEncrypt instance */ | ||
encrypt(...args: Parameters<GeneralEncrypt['encrypt']>): Promise<GeneralJWE>; | ||
/** | ||
* Returns the enclosing GeneralEncrypt | ||
*/ | ||
/** Returns the enclosing GeneralEncrypt */ | ||
done(): GeneralEncrypt; | ||
@@ -27,7 +21,6 @@ } | ||
* @example Usage | ||
* | ||
* ```js | ||
* const jwe = await new jose.GeneralEncrypt( | ||
* new TextEncoder().encode( | ||
* 'It’s a dangerous business, Frodo, going out your door.' | ||
* ) | ||
* new TextEncoder().encode('It’s a dangerous business, Frodo, going out your door.'), | ||
* ) | ||
@@ -50,5 +43,3 @@ * .setProtectedHeader({ enc: 'A256GCM' }) | ||
private _aad; | ||
/** | ||
* @param plaintext Binary representation of the plaintext to encrypt. | ||
*/ | ||
/** @param plaintext Binary representation of the plaintext to encrypt. */ | ||
constructor(plaintext: Uint8Array); | ||
@@ -55,0 +46,0 @@ /** |
import type { FlattenedJWSInput, JWSHeaderParameters } from '../types'; | ||
/** | ||
* EmbeddedJWK is an implementation of a GetKeyFunction intended to be used with the | ||
* JWS/JWT verify operations whenever you need to opt-in to verify signatures with | ||
* a public key embedded in the token's "jwk" (JSON Web Key) Header Parameter. | ||
* It is recommended to combine this with the verify algorithms option to whitelist | ||
* JWS algorithms to accept. | ||
* EmbeddedJWK is an implementation of a GetKeyFunction intended to be used with the JWS/JWT verify | ||
* operations whenever you need to opt-in to verify signatures with a public key embedded in the | ||
* token's "jwk" (JSON Web Key) Header Parameter. It is recommended to combine this with the verify | ||
* algorithms option to whitelist JWS algorithms to accept. | ||
* | ||
* @example Usage | ||
* | ||
* ```js | ||
* const jwt = 'eyJqd2siOnsiY3J2IjoiUC0yNTYiLCJ4IjoiVU05ZzVuS25aWFlvdldBbE03NmNMejl2VG96UmpfX0NIVV9kT2wtZ09vRSIsInkiOiJkczhhZVF3MWwyY0RDQTdiQ2tPTnZ3REtwWEFidFhqdnFDbGVZSDhXc19VIiwia3R5IjoiRUMifSwiYWxnIjoiRVMyNTYifQ.eyJpc3MiOiJ1cm46ZXhhbXBsZTppc3N1ZXIiLCJhdWQiOiJ1cm46ZXhhbXBsZTphdWRpZW5jZSIsImlhdCI6MTYwNDU4MDc5NH0.60boak3_dErnW47ZPty1C0nrjeVq86EN_eK0GOq6K8w2OA0thKoBxFK4j-NuU9yZ_A9UKGxPT_G87DladBaV9g' | ||
* const jwt = | ||
* 'eyJqd2siOnsiY3J2IjoiUC0yNTYiLCJ4IjoiVU05ZzVuS25aWFlvdldBbE03NmNMejl2VG96UmpfX0NIVV9kT2wtZ09vRSIsInkiOiJkczhhZVF3MWwyY0RDQTdiQ2tPTnZ3REtwWEFidFhqdnFDbGVZSDhXc19VIiwia3R5IjoiRUMifSwiYWxnIjoiRVMyNTYifQ.eyJpc3MiOiJ1cm46ZXhhbXBsZTppc3N1ZXIiLCJhdWQiOiJ1cm46ZXhhbXBsZTphdWRpZW5jZSIsImlhdCI6MTYwNDU4MDc5NH0.60boak3_dErnW47ZPty1C0nrjeVq86EN_eK0GOq6K8w2OA0thKoBxFK4j-NuU9yZ_A9UKGxPT_G87DladBaV9g' | ||
* | ||
* const { payload, protectedHeader } = await jose.jwtVerify(jwt, jose.EmbeddedJWK, { | ||
* issuer: 'urn:example:issuer', | ||
* audience: 'urn:example:audience' | ||
* audience: 'urn:example:audience', | ||
* }) | ||
@@ -17,0 +18,0 @@ * |
@@ -6,17 +6,40 @@ import type { JWK } from '../types'; | ||
* | ||
* @example Usage | ||
* | ||
* ```js | ||
* const thumbprint = await jose.calculateJwkThumbprint({ | ||
* kty: 'EC', | ||
* crv: 'P-256', | ||
* x: 'jJ6Flys3zK9jUhnOHf6G49Dyp5hah6CNP84-gY-n9eo', | ||
* y: 'nhI6iD5eFXgBTLt_1p3aip-5VbZeMhxeFSpjfEAf7Ww', | ||
* }) | ||
* | ||
* console.log(thumbprint) | ||
* // 'w9eYdC6_s_tLQ8lH6PUpc0mddazaqtPgeC2IgWDiqY8' | ||
* ``` | ||
* | ||
* @param jwk JSON Web Key. | ||
* @param digestAlgorithm Digest Algorithm to use for calculating the thumbprint. | ||
* Default is sha256. Accepted is "sha256", "sha384", "sha512". | ||
* @param digestAlgorithm Digest Algorithm to use for calculating the thumbprint. Default is "sha256". | ||
*/ | ||
export declare function calculateJwkThumbprint(jwk: JWK, digestAlgorithm?: 'sha256' | 'sha384' | 'sha512'): Promise<string>; | ||
/** | ||
* Calculates a JSON Web Key (JWK) Thumbprint URI as per [RFC9278](https://www.rfc-editor.org/rfc/rfc9278). | ||
* | ||
* @example Usage | ||
* | ||
* ```js | ||
* const thumbprint = await jose.calculateJwkThumbprint({ | ||
* kty: 'RSA', | ||
* e: 'AQAB', | ||
* n: '12oBZRhCiZFJLcPg59LkZZ9mdhSMTKAQZYq32k_ti5SBB6jerkh-WzOMAO664r_qyLkqHUSp3u5SbXtseZEpN3XPWGKSxjsy-1JyEFTdLSYe6f9gfrmxkUF_7DTpq0gn6rntP05g2-wFW50YO7mosfdslfrTJYWHFhJALabAeYirYD7-9kqq9ebfFMF4sRRELbv9oi36As6Q9B3Qb5_C1rAzqfao_PCsf9EPsTZsVVVkA5qoIAr47lo1ipfiBPxUCCNSdvkmDTYgvvRm6ZoMjFbvOtgyts55fXKdMWv7I9HMD5HwE9uW839PWA514qhbcIsXEYSFMPMV6fnlsiZvQQ' | ||
* const thumbprintUri = await jose.calculateJwkThumbprintUri({ | ||
* kty: 'EC', | ||
* crv: 'P-256', | ||
* x: 'jJ6Flys3zK9jUhnOHf6G49Dyp5hah6CNP84-gY-n9eo', | ||
* y: 'nhI6iD5eFXgBTLt_1p3aip-5VbZeMhxeFSpjfEAf7Ww', | ||
* }) | ||
* | ||
* console.log(thumbprint) | ||
* // 'urn:ietf:params:oauth:jwk-thumbprint:sha-256:w9eYdC6_s_tLQ8lH6PUpc0mddazaqtPgeC2IgWDiqY8' | ||
* ``` | ||
* | ||
* @param jwk JSON Web Key. | ||
* @param digestAlgorithm Digest Algorithm to use for calculating the thumbprint. Default is "sha256". | ||
*/ | ||
export declare function calculateJwkThumbprint(jwk: JWK, digestAlgorithm?: 'sha256' | 'sha384' | 'sha512'): Promise<string>; | ||
export declare function calculateJwkThumbprintUri(jwk: JWK, digestAlgorithm?: 'sha256' | 'sha384' | 'sha512'): Promise<string>; |
import type { KeyLike, JWSHeaderParameters, JSONWebKeySet, FlattenedJWSInput, GetKeyFunction } from '../types'; | ||
/** | ||
* @private | ||
*/ | ||
/** @private */ | ||
export declare function isJWKSLike(jwks: unknown): jwks is JSONWebKeySet; | ||
/** | ||
* @private | ||
*/ | ||
/** @private */ | ||
export declare class LocalJWKSet { | ||
@@ -16,10 +12,9 @@ protected _jwks?: JSONWebKeySet; | ||
/** | ||
* Returns a function that resolves to a key object from a locally | ||
* stored, or otherwise available, JSON Web Key Set. | ||
* Returns a function that resolves to a key object from a locally stored, or otherwise available, | ||
* JSON Web Key Set. | ||
* | ||
* Only a single public key must match the selection process. | ||
* | ||
* @param jwks JSON Web Key Set formatted object. | ||
* @example Usage | ||
* | ||
* @example Usage | ||
* ```js | ||
@@ -32,3 +27,3 @@ * const JWKS = jose.createLocalJWKSet({ | ||
* n: '12oBZRhCiZFJLcPg59LkZZ9mdhSMTKAQZYq32k_ti5SBB6jerkh-WzOMAO664r_qyLkqHUSp3u5SbXtseZEpN3XPWGKSxjsy-1JyEFTdLSYe6f9gfrmxkUF_7DTpq0gn6rntP05g2-wFW50YO7mosfdslfrTJYWHFhJALabAeYirYD7-9kqq9ebfFMF4sRRELbv9oi36As6Q9B3Qb5_C1rAzqfao_PCsf9EPsTZsVVVkA5qoIAr47lo1ipfiBPxUCCNSdvkmDTYgvvRm6ZoMjFbvOtgyts55fXKdMWv7I9HMD5HwE9uW839PWA514qhbcIsXEYSFMPMV6fnlsiZvQQ', | ||
* alg: 'PS256' | ||
* alg: 'PS256', | ||
* }, | ||
@@ -40,5 +35,5 @@ * { | ||
* y: '_LeQBw07cf5t57Iavn4j-BqJsAD1dpoz8gokd3sBsOo', | ||
* alg: 'ES256' | ||
* } | ||
* ] | ||
* alg: 'ES256', | ||
* }, | ||
* ], | ||
* }) | ||
@@ -48,3 +43,3 @@ * | ||
* issuer: 'urn:example:issuer', | ||
* audience: 'urn:example:audience' | ||
* audience: 'urn:example:audience', | ||
* }) | ||
@@ -54,3 +49,5 @@ * console.log(protectedHeader) | ||
* ``` | ||
* | ||
* @param jwks JSON Web Key Set formatted object. | ||
*/ | ||
export declare function createLocalJWKSet(jwks: JSONWebKeySet): GetKeyFunction<JWSHeaderParameters, FlattenedJWSInput>; |
import type { JWSHeaderParameters, FlattenedJWSInput, GetKeyFunction } from '../types'; | ||
/** | ||
* Options for the remote JSON Web Key Set. | ||
*/ | ||
/** Options for the remote JSON Web Key Set. */ | ||
export interface RemoteJWKSetOptions { | ||
/** | ||
* Timeout (in milliseconds) for the HTTP request. When reached the request | ||
* will be aborted and the verification will fail. Default is 5000 (5 | ||
* seconds). | ||
* Timeout (in milliseconds) for the HTTP request. When reached the request will be aborted and | ||
* the verification will fail. Default is 5000 (5 seconds). | ||
*/ | ||
timeoutDuration?: number; | ||
/** | ||
* Duration (in milliseconds) for which no more HTTP requests will be | ||
* triggered after a previous successful fetch. Default is 30000 (30 seconds). | ||
* Duration (in milliseconds) for which no more HTTP requests will be triggered after a previous | ||
* successful fetch. Default is 30000 (30 seconds). | ||
*/ | ||
cooldownDuration?: number; | ||
/** | ||
* Maximum time (in milliseconds) between successful HTTP requests. Default is | ||
* 600000 (10 minutes). | ||
*/ | ||
/** Maximum time (in milliseconds) between successful HTTP requests. Default is 600000 (10 minutes). */ | ||
cacheMaxAge?: number | typeof Infinity; | ||
/** | ||
* An instance of | ||
* [http.Agent](https://nodejs.org/api/http.html#http_class_http_agent) or | ||
* [https.Agent](https://nodejs.org/api/https.html#https_class_https_agent) to | ||
* pass to the | ||
* [http.get](https://nodejs.org/api/http.html#http_http_get_options_callback) | ||
* or | ||
* [https.get](https://nodejs.org/api/https.html#https_https_get_options_callback) | ||
* method's options. Use when behind an http(s) proxy. This is a Node.js | ||
* runtime specific option, it is ignored when used outside of Node.js | ||
* runtime. | ||
* An instance of [http.Agent](https://nodejs.org/api/http.html#class-httpagent) or | ||
* [https.Agent](https://nodejs.org/api/https.html#class-httpsagent) to pass to the | ||
* [http.get](https://nodejs.org/api/http.html#httpgetoptions-callback) or | ||
* [https.get](https://nodejs.org/api/https.html#httpsgetoptions-callback) method's options. Use | ||
* when behind an http(s) proxy. This is a Node.js runtime specific option, it is ignored when | ||
* used outside of Node.js runtime. | ||
*/ | ||
agent?: any; | ||
/** | ||
* Optional headers to be sent with the HTTP request. | ||
*/ | ||
/** Optional headers to be sent with the HTTP request. */ | ||
headers?: Record<string, string>; | ||
@@ -44,14 +32,9 @@ } | ||
/** | ||
* Returns a function that resolves to a key object downloaded from a | ||
* remote endpoint returning a JSON Web Key Set, that is, for example, | ||
* an OAuth 2.0 or OIDC jwks_uri. Only a single public key must match | ||
* the selection process. | ||
* The JSON Web Key Set is fetched when no key matches the selection | ||
* process but only as frequently as the `cooldownDuration` option allows, | ||
* to prevent abuse. | ||
* Returns a function that resolves to a key object downloaded from a remote endpoint returning a | ||
* JSON Web Key Set, that is, for example, an OAuth 2.0 or OIDC jwks_uri. Only a single public key | ||
* must match the selection process. The JSON Web Key Set is fetched when no key matches the | ||
* selection process but only as frequently as the `cooldownDuration` option allows, to prevent abuse. | ||
* | ||
* @param url URL to fetch the JSON Web Key Set from. | ||
* @param options Options for the remote JSON Web Key Set. | ||
* @example Usage | ||
* | ||
* @example Usage | ||
* ```js | ||
@@ -62,3 +45,3 @@ * const JWKS = jose.createRemoteJWKSet(new URL('https://www.googleapis.com/oauth2/v3/certs')) | ||
* issuer: 'urn:example:issuer', | ||
* audience: 'urn:example:audience' | ||
* audience: 'urn:example:audience', | ||
* }) | ||
@@ -68,4 +51,7 @@ * console.log(protectedHeader) | ||
* ``` | ||
* | ||
* @param url URL to fetch the JSON Web Key Set from. | ||
* @param options Options for the remote JSON Web Key Set. | ||
*/ | ||
export declare function createRemoteJWKSet(url: URL, options?: RemoteJWKSetOptions): GetKeyFunction<JWSHeaderParameters, FlattenedJWSInput>; | ||
export {}; |
@@ -6,7 +6,6 @@ import type { CompactJWSHeaderParameters, KeyLike, SignOptions } from '../../types'; | ||
* @example Usage | ||
* | ||
* ```js | ||
* const jws = await new jose.CompactSign( | ||
* new TextEncoder().encode( | ||
* 'It’s a dangerous business, Frodo, going out your door.' | ||
* ) | ||
* new TextEncoder().encode('It’s a dangerous business, Frodo, going out your door.'), | ||
* ) | ||
@@ -21,5 +20,3 @@ * .setProtectedHeader({ alg: 'ES256' }) | ||
private _flattened; | ||
/** | ||
* @param payload Binary representation of the payload to sign. | ||
*/ | ||
/** @param payload Binary representation of the payload to sign. */ | ||
constructor(payload: Uint8Array); | ||
@@ -26,0 +23,0 @@ /** |
import type { CompactVerifyResult, FlattenedJWSInput, GetKeyFunction, CompactJWSHeaderParameters, KeyLike, VerifyOptions, ResolvedKey } from '../../types'; | ||
/** | ||
* Interface for Compact JWS Verification dynamic key resolution. | ||
* No token components have been verified at the time of this function call. | ||
* Interface for Compact JWS Verification dynamic key resolution. No token components have been | ||
* verified at the time of this function call. | ||
* | ||
* See [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset) | ||
* See | ||
* [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset) | ||
* to verify using a remote JSON Web Key Set. | ||
@@ -14,9 +15,7 @@ */ | ||
* | ||
* @param jws Compact JWS. | ||
* @param key Key to verify the JWS with. | ||
* @param options JWS Verify options. | ||
* @example Usage | ||
* | ||
* @example Usage | ||
* ```js | ||
* const jws = 'eyJhbGciOiJFUzI1NiJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4.kkAs_gPPxWMI3rHuVlxHaTPfDWDoqdI8jSvuSmqV-8IHIWXg9mcAeC9ggV-45ZHRbiRJ3obUIFo1rHphPA5URg' | ||
* const jws = | ||
* 'eyJhbGciOiJFUzI1NiJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4.kkAs_gPPxWMI3rHuVlxHaTPfDWDoqdI8jSvuSmqV-8IHIWXg9mcAeC9ggV-45ZHRbiRJ3obUIFo1rHphPA5URg' | ||
* | ||
@@ -28,2 +27,6 @@ * const { payload, protectedHeader } = await jose.compactVerify(jws, publicKey) | ||
* ``` | ||
* | ||
* @param jws Compact JWS. | ||
* @param key Key to verify the JWS with. | ||
* @param options JWS Verify options. | ||
*/ | ||
@@ -30,0 +33,0 @@ export declare function compactVerify(jws: string | Uint8Array, key: KeyLike | Uint8Array, options?: VerifyOptions): Promise<CompactVerifyResult>; |
@@ -6,7 +6,6 @@ import type { KeyLike, FlattenedJWS, JWSHeaderParameters, SignOptions } from '../../types'; | ||
* @example Usage | ||
* | ||
* ```js | ||
* const jws = await new jose.FlattenedSign( | ||
* new TextEncoder().encode( | ||
* 'It’s a dangerous business, Frodo, going out your door.' | ||
* ) | ||
* new TextEncoder().encode('It’s a dangerous business, Frodo, going out your door.'), | ||
* ) | ||
@@ -23,5 +22,3 @@ * .setProtectedHeader({ alg: 'ES256' }) | ||
private _unprotectedHeader; | ||
/** | ||
* @param payload Binary representation of the payload to sign. | ||
*/ | ||
/** @param payload Binary representation of the payload to sign. */ | ||
constructor(payload: Uint8Array); | ||
@@ -28,0 +25,0 @@ /** |
import type { FlattenedVerifyResult, KeyLike, FlattenedJWSInput, JWSHeaderParameters, VerifyOptions, GetKeyFunction, ResolvedKey } from '../../types'; | ||
/** | ||
* Interface for Flattened JWS Verification dynamic key resolution. | ||
* No token components have been verified at the time of this function call. | ||
* Interface for Flattened JWS Verification dynamic key resolution. No token components have been | ||
* verified at the time of this function call. | ||
* | ||
* See [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset) | ||
* See | ||
* [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset) | ||
* to verify using a remote JSON Web Key Set. | ||
@@ -14,13 +15,11 @@ */ | ||
* | ||
* @param jws Flattened JWS. | ||
* @param key Key to verify the JWS with. | ||
* @param options JWS Verify options. | ||
* @example Usage | ||
* | ||
* @example Usage | ||
* ```js | ||
* const decoder = new TextDecoder() | ||
* const jws = { | ||
* signature: 'FVVOXwj6kD3DqdfD9yYqfT2W9jv-Nop4kOehp_DeDGNB5dQNSPRvntBY6xH3uxlCxE8na9d_kyhYOcanpDJ0EA', | ||
* signature: | ||
* 'FVVOXwj6kD3DqdfD9yYqfT2W9jv-Nop4kOehp_DeDGNB5dQNSPRvntBY6xH3uxlCxE8na9d_kyhYOcanpDJ0EA', | ||
* payload: 'SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4', | ||
* protected: 'eyJhbGciOiJFUzI1NiJ9' | ||
* protected: 'eyJhbGciOiJFUzI1NiJ9', | ||
* } | ||
@@ -33,2 +32,6 @@ * | ||
* ``` | ||
* | ||
* @param jws Flattened JWS. | ||
* @param key Key to verify the JWS with. | ||
* @param options JWS Verify options. | ||
*/ | ||
@@ -35,0 +38,0 @@ export declare function flattenedVerify(jws: FlattenedJWSInput, key: KeyLike | Uint8Array, options?: VerifyOptions): Promise<FlattenedVerifyResult>; |
@@ -15,13 +15,7 @@ import type { KeyLike, GeneralJWS, JWSHeaderParameters, SignOptions } from '../../types'; | ||
setUnprotectedHeader(unprotectedHeader: JWSHeaderParameters): Signature; | ||
/** | ||
* A shorthand for calling addSignature() on the enclosing GeneralSign instance | ||
*/ | ||
/** A shorthand for calling addSignature() on the enclosing GeneralSign instance */ | ||
addSignature(...args: Parameters<GeneralSign['addSignature']>): Signature; | ||
/** | ||
* A shorthand for calling encrypt() on the enclosing GeneralSign instance | ||
*/ | ||
/** A shorthand for calling encrypt() on the enclosing GeneralSign instance */ | ||
sign(...args: Parameters<GeneralSign['sign']>): Promise<GeneralJWS>; | ||
/** | ||
* Returns the enclosing GeneralSign | ||
*/ | ||
/** Returns the enclosing GeneralSign */ | ||
done(): GeneralSign; | ||
@@ -33,7 +27,6 @@ } | ||
* @example Usage | ||
* | ||
* ```js | ||
* const jws = await new jose.GeneralSign( | ||
* new TextEncoder().encode( | ||
* 'It’s a dangerous business, Frodo, going out your door.' | ||
* ) | ||
* new TextEncoder().encode('It’s a dangerous business, Frodo, going out your door.'), | ||
* ) | ||
@@ -52,5 +45,3 @@ * .addSignature(ecPrivateKey) | ||
private _signatures; | ||
/** | ||
* @param payload Binary representation of the payload to sign. | ||
*/ | ||
/** @param payload Binary representation of the payload to sign. */ | ||
constructor(payload: Uint8Array); | ||
@@ -64,6 +55,4 @@ /** | ||
addSignature(key: KeyLike | Uint8Array, options?: SignOptions): Signature; | ||
/** | ||
* Signs and resolves the value of the General JWS object. | ||
*/ | ||
/** Signs and resolves the value of the General JWS object. */ | ||
sign(): Promise<GeneralJWS>; | ||
} |
import type { GeneralJWSInput, GeneralVerifyResult, FlattenedJWSInput, GetKeyFunction, JWSHeaderParameters, KeyLike, VerifyOptions, ResolvedKey } from '../../types'; | ||
/** | ||
* Interface for General JWS Verification dynamic key resolution. | ||
* No token components have been verified at the time of this function call. | ||
* Interface for General JWS Verification dynamic key resolution. No token components have been | ||
* verified at the time of this function call. | ||
* | ||
* See [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset) | ||
* See | ||
* [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset) | ||
* to verify using a remote JSON Web Key Set. | ||
@@ -14,7 +15,4 @@ */ | ||
* | ||
* @param jws General JWS. | ||
* @param key Key to verify the JWS with. | ||
* @param options JWS Verify options. | ||
* @example Usage | ||
* | ||
* @example Usage | ||
* ```js | ||
@@ -25,6 +23,7 @@ * const jws = { | ||
* { | ||
* signature: 'FVVOXwj6kD3DqdfD9yYqfT2W9jv-Nop4kOehp_DeDGNB5dQNSPRvntBY6xH3uxlCxE8na9d_kyhYOcanpDJ0EA', | ||
* protected: 'eyJhbGciOiJFUzI1NiJ9' | ||
* } | ||
* ] | ||
* signature: | ||
* 'FVVOXwj6kD3DqdfD9yYqfT2W9jv-Nop4kOehp_DeDGNB5dQNSPRvntBY6xH3uxlCxE8na9d_kyhYOcanpDJ0EA', | ||
* protected: 'eyJhbGciOiJFUzI1NiJ9', | ||
* }, | ||
* ], | ||
* } | ||
@@ -37,2 +36,6 @@ * | ||
* ``` | ||
* | ||
* @param jws General JWS. | ||
* @param key Key to verify the JWS with. | ||
* @param options JWS Verify options. | ||
*/ | ||
@@ -39,0 +42,0 @@ export declare function generalVerify(jws: GeneralJWSInput, key: KeyLike | Uint8Array, options?: VerifyOptions): Promise<GeneralVerifyResult>; |
import type { KeyLike, DecryptOptions, JWTClaimVerificationOptions, GetKeyFunction, CompactJWEHeaderParameters, FlattenedJWE, JWTDecryptResult, ResolvedKey } from '../types'; | ||
/** | ||
* Combination of JWE Decryption options and JWT Claims Set verification options. | ||
*/ | ||
/** Combination of JWE Decryption options and JWT Claims Set verification options. */ | ||
export interface JWTDecryptOptions extends DecryptOptions, JWTClaimVerificationOptions { | ||
} | ||
/** | ||
* Interface for JWT Decryption dynamic key resolution. | ||
* No token components have been verified at the time of this function call. | ||
* Interface for JWT Decryption dynamic key resolution. No token components have been verified at | ||
* the time of this function call. | ||
*/ | ||
@@ -14,15 +12,14 @@ export interface JWTDecryptGetKey extends GetKeyFunction<CompactJWEHeaderParameters, FlattenedJWE> { | ||
/** | ||
* Verifies the JWT format (to be a JWE Compact format), decrypts the ciphertext, validates the JWT Claims Set. | ||
* Verifies the JWT format (to be a JWE Compact format), decrypts the ciphertext, validates the JWT | ||
* Claims Set. | ||
* | ||
* @param jwt JSON Web Token value (encoded as JWE). | ||
* @param key Private Key or Secret to decrypt and verify the JWT with. | ||
* @param options JWT Decryption and JWT Claims Set validation options. | ||
* @example Usage | ||
* | ||
* @example Usage | ||
* ```js | ||
* const jwt = 'eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0..KVcNLqK-3-8ZkYIC.xSwF4VxO0kUMUD2W-cifsNUxnr-swyBq-nADBptyt6y9n79-iNc5b0AALJpRwc0wwDkJw8hNOMjApNUTMsK9b-asToZ3DXFMvwfJ6n1aWefvd7RsoZ2LInWFfVAuttJDzoGB.uuexQoWHwrLMEYRElT8pBQ' | ||
* const jwt = | ||
* 'eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0..KVcNLqK-3-8ZkYIC.xSwF4VxO0kUMUD2W-cifsNUxnr-swyBq-nADBptyt6y9n79-iNc5b0AALJpRwc0wwDkJw8hNOMjApNUTMsK9b-asToZ3DXFMvwfJ6n1aWefvd7RsoZ2LInWFfVAuttJDzoGB.uuexQoWHwrLMEYRElT8pBQ' | ||
* | ||
* const { payload, protectedHeader } = await jose.jwtDecrypt(jwt, secretKey, { | ||
* issuer: 'urn:example:issuer', | ||
* audience: 'urn:example:audience' | ||
* audience: 'urn:example:audience', | ||
* }) | ||
@@ -33,2 +30,6 @@ * | ||
* ``` | ||
* | ||
* @param jwt JSON Web Token value (encoded as JWE). | ||
* @param key Private Key or Secret to decrypt and verify the JWT with. | ||
* @param options JWT Decryption and JWT Claims Set validation options. | ||
*/ | ||
@@ -35,0 +36,0 @@ export declare function jwtDecrypt(jwt: string | Uint8Array, key: KeyLike | Uint8Array, options?: JWTDecryptOptions): Promise<JWTDecryptResult>; |
@@ -7,2 +7,3 @@ import type { EncryptOptions, CompactJWEHeaderParameters, JWEKeyManagementHeaderParameters, KeyLike } from '../types'; | ||
* @example Usage | ||
* | ||
* ```js | ||
@@ -31,12 +32,11 @@ * const jwt = await new jose.EncryptJWT({ 'urn:example:claim': true }) | ||
* | ||
* @param protectedHeader JWE Protected Header. | ||
* Must contain an "alg" (JWE Algorithm) and "enc" (JWE | ||
* Encryption Algorithm) properties. | ||
* @param protectedHeader JWE Protected Header. Must contain an "alg" (JWE Algorithm) and "enc" | ||
* (JWE Encryption Algorithm) properties. | ||
*/ | ||
setProtectedHeader(protectedHeader: CompactJWEHeaderParameters): this; | ||
/** | ||
* Sets the JWE Key Management parameters to be used when encrypting. | ||
* Use of this is method is really only needed for ECDH based algorithms | ||
* when utilizing the Agreement PartyUInfo or Agreement PartyVInfo parameters. | ||
* Other parameters will always be randomly generated when needed and missing. | ||
* Sets the JWE Key Management parameters to be used when encrypting. Use of this is method is | ||
* really only needed for ECDH based algorithms when utilizing the Agreement PartyUInfo or | ||
* Agreement PartyVInfo parameters. Other parameters will always be randomly generated when needed | ||
* and missing. | ||
* | ||
@@ -47,20 +47,17 @@ * @param parameters JWE Key Management parameters. | ||
/** | ||
* Sets a content encryption key to use, by default a random suitable one | ||
* is generated for the JWE enc" (Encryption Algorithm) Header Parameter. | ||
* Sets a content encryption key to use, by default a random suitable one is generated for the JWE | ||
* enc" (Encryption Algorithm) Header Parameter. | ||
* | ||
* @deprecated You should not use this method. It is only really intended for test and vector | ||
* validation purposes. | ||
* @param cek JWE Content Encryption Key. | ||
* | ||
* @deprecated You should not use this method. It is only really intended | ||
* for test and vector validation purposes. | ||
*/ | ||
setContentEncryptionKey(cek: Uint8Array): this; | ||
/** | ||
* Sets the JWE Initialization Vector to use for content encryption, by default | ||
* a random suitable one is generated for the JWE enc" (Encryption Algorithm) | ||
* Header Parameter. | ||
* Sets the JWE Initialization Vector to use for content encryption, by default a random suitable | ||
* one is generated for the JWE enc" (Encryption Algorithm) Header Parameter. | ||
* | ||
* @deprecated You should not use this method. It is only really intended for test and vector | ||
* validation purposes. | ||
* @param iv JWE Initialization Vector. | ||
* | ||
* @deprecated You should not use this method. It is only really intended | ||
* for test and vector validation purposes. | ||
*/ | ||
@@ -67,0 +64,0 @@ setInitializationVector(iv: Uint8Array): this; |
import type { JWTPayload } from '../types'; | ||
/** | ||
* Generic class for JWT producing. | ||
*/ | ||
/** Generic class for JWT producing. */ | ||
export declare class ProduceJWT { | ||
protected _payload: JWTPayload; | ||
/** | ||
* @param payload The JWT Claims Set object. | ||
*/ | ||
/** @param payload The JWT Claims Set object. */ | ||
constructor(payload: JWTPayload); | ||
@@ -38,5 +34,5 @@ /** | ||
* | ||
* @param input "nbf" (Not Before) Claim value to set on the JWT Claims Set. | ||
* When number is passed that is used as a value, when string is passed | ||
* it is resolved to a time span and added to the current timestamp. | ||
* @param input "nbf" (Not Before) Claim value to set on the JWT Claims Set. When number is passed | ||
* that is used as a value, when string is passed it is resolved to a time span and added to the | ||
* current timestamp. | ||
*/ | ||
@@ -47,5 +43,5 @@ setNotBefore(input: number | string): this; | ||
* | ||
* @param input "exp" (Expiration Time) Claim value to set on the JWT Claims Set. | ||
* When number is passed that is used as a value, when string is passed | ||
* it is resolved to a time span and added to the current timestamp. | ||
* @param input "exp" (Expiration Time) Claim value to set on the JWT Claims Set. When number is | ||
* passed that is used as a value, when string is passed it is resolved to a time span and added | ||
* to the current timestamp. | ||
*/ | ||
@@ -56,6 +52,5 @@ setExpirationTime(input: number | string): this; | ||
* | ||
* @param input "iat" (Issued At) Claim value to set on the JWT Claims Set. | ||
* Default is current timestamp. | ||
* @param input "iat" (Issued At) Claim value to set on the JWT Claims Set. Default is current timestamp. | ||
*/ | ||
setIssuedAt(input?: number): this; | ||
} |
@@ -7,2 +7,3 @@ import type { JWTHeaderParameters, KeyLike, SignOptions } from '../types'; | ||
* @example Usage | ||
* | ||
* ```js | ||
@@ -25,4 +26,3 @@ * const jwt = await new jose.SignJWT({ 'urn:example:claim': true }) | ||
* | ||
* @param protectedHeader JWS Protected Header. | ||
* Must contain an "alg" (JWS Algorithm) property. | ||
* @param protectedHeader JWS Protected Header. Must contain an "alg" (JWS Algorithm) property. | ||
*/ | ||
@@ -29,0 +29,0 @@ setProtectedHeader(protectedHeader: JWTHeaderParameters): this; |
@@ -11,2 +11,3 @@ import type { JWSHeaderParameters, JWTClaimVerificationOptions, JWTPayload } from '../types'; | ||
* @example Encoding | ||
* | ||
* ```js | ||
@@ -24,6 +25,7 @@ * const unsecuredJwt = new jose.UnsecuredJWT({ 'urn:example:claim': true }) | ||
* @example Decoding | ||
* | ||
* ```js | ||
* const payload = jose.UnsecuredJWT.decode(jwt, { | ||
* issuer: 'urn:example:issuer', | ||
* audience: 'urn:example:audience' | ||
* audience: 'urn:example:audience', | ||
* }) | ||
@@ -35,5 +37,3 @@ * | ||
export declare class UnsecuredJWT extends ProduceJWT { | ||
/** | ||
* Encodes the Unsecured JWT. | ||
*/ | ||
/** Encodes the Unsecured JWT. */ | ||
encode(): string; | ||
@@ -40,0 +40,0 @@ /** |
import type { KeyLike, VerifyOptions, JWTClaimVerificationOptions, JWTHeaderParameters, GetKeyFunction, FlattenedJWSInput, JWTVerifyResult, ResolvedKey } from '../types'; | ||
/** | ||
* Combination of JWS Verification options and JWT Claims Set verification options. | ||
*/ | ||
/** Combination of JWS Verification options and JWT Claims Set verification options. */ | ||
export interface JWTVerifyOptions extends VerifyOptions, JWTClaimVerificationOptions { | ||
} | ||
/** | ||
* Interface for JWT Verification dynamic key resolution. | ||
* No token components have been verified at the time of this function call. | ||
* Interface for JWT Verification dynamic key resolution. No token components have been verified at | ||
* the time of this function call. | ||
* | ||
* See [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset) | ||
* See | ||
* [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset) | ||
* to verify using a remote JSON Web Key Set. | ||
@@ -17,15 +16,14 @@ */ | ||
/** | ||
* Verifies the JWT format (to be a JWS Compact format), verifies the JWS signature, validates the JWT Claims Set. | ||
* Verifies the JWT format (to be a JWS Compact format), verifies the JWS signature, validates the | ||
* JWT Claims Set. | ||
* | ||
* @param jwt JSON Web Token value (encoded as JWS). | ||
* @param key Key to verify the JWT with. | ||
* @param options JWT Decryption and JWT Claims Set validation options. | ||
* @example Usage | ||
* | ||
* @example Usage | ||
* ```js | ||
* const jwt = 'eyJhbGciOiJFUzI1NiJ9.eyJ1cm46ZXhhbXBsZTpjbGFpbSI6dHJ1ZSwiaWF0IjoxNjA0MzE1MDc0LCJpc3MiOiJ1cm46ZXhhbXBsZTppc3N1ZXIiLCJhdWQiOiJ1cm46ZXhhbXBsZTphdWRpZW5jZSJ9.hx1nOfAT5LlXuzu8O-bhjXBGpklWDt2EsHw7-MDn49NrnwvVsstNhEnkW2ddauB7eSikFtUNeumLpFI9CWDBsg' | ||
* const jwt = | ||
* 'eyJhbGciOiJFUzI1NiJ9.eyJ1cm46ZXhhbXBsZTpjbGFpbSI6dHJ1ZSwiaWF0IjoxNjA0MzE1MDc0LCJpc3MiOiJ1cm46ZXhhbXBsZTppc3N1ZXIiLCJhdWQiOiJ1cm46ZXhhbXBsZTphdWRpZW5jZSJ9.hx1nOfAT5LlXuzu8O-bhjXBGpklWDt2EsHw7-MDn49NrnwvVsstNhEnkW2ddauB7eSikFtUNeumLpFI9CWDBsg' | ||
* | ||
* const { payload, protectedHeader } = await jose.jwtVerify(jwt, publicKey, { | ||
* issuer: 'urn:example:issuer', | ||
* audience: 'urn:example:audience' | ||
* audience: 'urn:example:audience', | ||
* }) | ||
@@ -36,2 +34,6 @@ * | ||
* ``` | ||
* | ||
* @param jwt JSON Web Token value (encoded as JWS). | ||
* @param key Key to verify the JWT with. | ||
* @param options JWT Decryption and JWT Claims Set validation options. | ||
*/ | ||
@@ -38,0 +40,0 @@ export declare function jwtVerify(jwt: string | Uint8Array, key: KeyLike | Uint8Array, options?: JWTVerifyOptions): Promise<JWTVerifyResult>; |
import type { JWK, KeyLike } from '../types'; | ||
/** | ||
* Exports a runtime-specific public key representation (KeyObject or CryptoKey) to a PEM-encoded SPKI string format. | ||
* Exports a runtime-specific public key representation (KeyObject or CryptoKey) to a PEM-encoded | ||
* SPKI string format. | ||
* | ||
* @param key Key representation to transform to a PEM-encoded SPKI string format. | ||
* @example Usage | ||
* | ||
* @example Usage | ||
* ```js | ||
@@ -13,10 +13,12 @@ * const spkiPem = await jose.exportSPKI(publicKey) | ||
* ``` | ||
* | ||
* @param key Key representation to transform to a PEM-encoded SPKI string format. | ||
*/ | ||
export declare function exportSPKI(key: KeyLike): Promise<string>; | ||
/** | ||
* Exports a runtime-specific private key representation (KeyObject or CryptoKey) to a PEM-encoded PKCS8 string format. | ||
* Exports a runtime-specific private key representation (KeyObject or CryptoKey) to a PEM-encoded | ||
* PKCS8 string format. | ||
* | ||
* @param key Key representation to transform to a PEM-encoded PKCS8 string format. | ||
* @example Usage | ||
* | ||
* @example Usage | ||
* ```js | ||
@@ -27,2 +29,4 @@ * const pkcs8Pem = await jose.exportPKCS8(privateKey) | ||
* ``` | ||
* | ||
* @param key Key representation to transform to a PEM-encoded PKCS8 string format. | ||
*/ | ||
@@ -33,5 +37,4 @@ export declare function exportPKCS8(key: KeyLike): Promise<string>; | ||
* | ||
* @param key Key representation to export as JWK. | ||
* @example Usage | ||
* | ||
* @example Usage | ||
* ```js | ||
@@ -44,3 +47,5 @@ * const privateJwk = await jose.exportJWK(privateKey) | ||
* ``` | ||
* | ||
* @param key Key representation to export as JWK. | ||
*/ | ||
export declare function exportJWK(key: KeyLike | Uint8Array): Promise<JWK>; |
import type { KeyLike } from '../types'; | ||
export interface GenerateKeyPairResult { | ||
/** | ||
* The generated Private Key. | ||
*/ | ||
/** The generated Private Key. */ | ||
privateKey: KeyLike; | ||
/** | ||
* Public Key corresponding to the generated Private Key. | ||
*/ | ||
/** Public Key corresponding to the generated Private Key. */ | ||
publicKey: KeyLike; | ||
@@ -14,10 +10,9 @@ } | ||
/** | ||
* The EC "crv" (Curve) or OKP "crv" (Subtype of Key Pair) value to generate. | ||
* The curve must be both supported on the runtime as well as applicable for | ||
* the given JWA algorithm identifier. | ||
* The EC "crv" (Curve) or OKP "crv" (Subtype of Key Pair) value to generate. The curve must be | ||
* both supported on the runtime as well as applicable for the given JWA algorithm identifier. | ||
*/ | ||
crv?: string; | ||
/** | ||
* A hint for RSA algorithms to generate an RSA key of a given `modulusLength` | ||
* (Key size in bits). JOSE requires 2048 bits or larger. Default is 2048. | ||
* A hint for RSA algorithms to generate an RSA key of a given `modulusLength` (Key size in bits). | ||
* JOSE requires 2048 bits or larger. Default is 2048. | ||
*/ | ||
@@ -33,13 +28,10 @@ modulusLength?: number; | ||
/** | ||
* Generates a private and a public key for a given JWA algorithm identifier. | ||
* This can only generate asymmetric key pairs. For symmetric secrets use the | ||
* `generateSecret` function. | ||
* Generates a private and a public key for a given JWA algorithm identifier. This can only generate | ||
* asymmetric key pairs. For symmetric secrets use the `generateSecret` function. | ||
* | ||
* Note: Under Web Cryptography API runtime the `privateKey` is generated with | ||
* `extractable` set to `false` by default. | ||
* Note: Under Web Cryptography API runtime the `privateKey` is generated with `extractable` set to | ||
* `false` by default. | ||
* | ||
* @param alg JWA Algorithm Identifier to be used with the generated key pair. | ||
* @param options Additional options passed down to the key pair generation. | ||
* @example Usage | ||
* | ||
* @example Usage | ||
* ```js | ||
@@ -50,3 +42,6 @@ * const { publicKey, privateKey } = await jose.generateKeyPair('PS256') | ||
* ``` | ||
* | ||
* @param alg JWA Algorithm Identifier to be used with the generated key pair. | ||
* @param options Additional options passed down to the key pair generation. | ||
*/ | ||
export declare function generateKeyPair(alg: string, options?: GenerateKeyPairOptions): Promise<GenerateKeyPairResult>; |
@@ -13,6 +13,7 @@ import type { KeyLike } from '../types'; | ||
* | ||
* Note: Under Web Cryptography API runtime the secret key is generated with | ||
* `extractable` set to `false` by default. | ||
* Note: Under Web Cryptography API runtime the secret key is generated with `extractable` set to | ||
* `false` by default. | ||
* | ||
* @example Usage | ||
* | ||
* ```js | ||
@@ -19,0 +20,0 @@ * const secret = await jose.generateSecret('HS256') |
@@ -11,10 +11,8 @@ import type { JWK, KeyLike } from '../types'; | ||
/** | ||
* Imports a PEM-encoded SPKI string as a runtime-specific public key representation (KeyObject or CryptoKey). | ||
* See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210) to learn about key to algorithm | ||
* requirements and mapping. | ||
* Imports a PEM-encoded SPKI string as a runtime-specific public key representation (KeyObject or | ||
* CryptoKey). See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210) to learn | ||
* about key to algorithm requirements and mapping. | ||
* | ||
* @param pem PEM-encoded SPKI string | ||
* @param alg JSON Web Algorithm identifier to be used with the imported key. | ||
* @example Usage | ||
* | ||
* @example Usage | ||
* ```js | ||
@@ -28,13 +26,15 @@ * const algorithm = 'ES256' | ||
* ``` | ||
* | ||
* @param pem PEM-encoded SPKI string | ||
* @param alg JSON Web Algorithm identifier to be used with the imported key. | ||
*/ | ||
export declare function importSPKI(spki: string, alg: string, options?: PEMImportOptions): Promise<KeyLike>; | ||
/** | ||
* Imports the SPKI from an X.509 string certificate as a runtime-specific public key representation (KeyObject or CryptoKey). | ||
* See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210) to learn about key to algorithm | ||
* Imports the SPKI from an X.509 string certificate as a runtime-specific public key representation | ||
* (KeyObject or CryptoKey). See [Algorithm Key | ||
* Requirements](https://github.com/panva/jose/issues/210) to learn about key to algorithm | ||
* requirements and mapping. | ||
* | ||
* @param pem X.509 certificate string | ||
* @param alg JSON Web Algorithm identifier to be used with the imported key. | ||
* @example Usage | ||
* | ||
* @example Usage | ||
* ```js | ||
@@ -54,13 +54,14 @@ * const algorithm = 'ES256' | ||
* ``` | ||
* | ||
* @param pem X.509 certificate string | ||
* @param alg JSON Web Algorithm identifier to be used with the imported key. | ||
*/ | ||
export declare function importX509(x509: string, alg: string, options?: PEMImportOptions): Promise<KeyLike>; | ||
/** | ||
* Imports a PEM-encoded PKCS8 string as a runtime-specific private key representation (KeyObject or CryptoKey). | ||
* See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210) to learn about key to algorithm | ||
* requirements and mapping. Encrypted keys are not supported. | ||
* Imports a PEM-encoded PKCS8 string as a runtime-specific private key representation (KeyObject or | ||
* CryptoKey). See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210) to learn | ||
* about key to algorithm requirements and mapping. Encrypted keys are not supported. | ||
* | ||
* @param pem PEM-encoded PKCS8 string | ||
* @param alg JSON Web Algorithm identifier to be used with the imported key. | ||
* @example Usage | ||
* | ||
* @example Usage | ||
* ```js | ||
@@ -75,34 +76,44 @@ * const algorithm = 'ES256' | ||
* ``` | ||
* | ||
* @param pem PEM-encoded PKCS8 string | ||
* @param alg JSON Web Algorithm identifier to be used with the imported key. | ||
*/ | ||
export declare function importPKCS8(pkcs8: string, alg: string, options?: PEMImportOptions): Promise<KeyLike>; | ||
/** | ||
* Imports a JWK to a runtime-specific key representation (KeyLike). Either | ||
* JWK "alg" (Algorithm) Parameter must be present or the optional "alg" argument. When | ||
* running on a runtime using [Web Cryptography API](https://www.w3.org/TR/WebCryptoAPI/) | ||
* the jwk parameters "use", "key_ops", and "ext" are also used in the resulting `CryptoKey`. | ||
* See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210) to learn about key to algorithm | ||
* Imports a JWK to a runtime-specific key representation (KeyLike). Either JWK "alg" (Algorithm) | ||
* Parameter must be present or the optional "alg" argument. When running on a runtime using [Web | ||
* Cryptography API](https://www.w3.org/TR/WebCryptoAPI/) the jwk parameters "use", "key_ops", and | ||
* "ext" are also used in the resulting `CryptoKey`. See [Algorithm Key | ||
* Requirements](https://github.com/panva/jose/issues/210) to learn about key to algorithm | ||
* requirements and mapping. | ||
* | ||
* @param jwk JSON Web Key. | ||
* @param alg JSON Web Algorithm identifier to be used with the imported key. | ||
* Default is the "alg" property on the JWK. | ||
* @param octAsKeyObject Forces a symmetric key to be imported to a KeyObject or | ||
* CryptoKey. Default is true unless JWK "ext" (Extractable) is true. | ||
* @example Usage | ||
* | ||
* @example Usage | ||
* ```js | ||
* const ecPublicKey = await jose.importJWK({ | ||
* crv: 'P-256', | ||
* kty: 'EC', | ||
* x: 'ySK38C1jBdLwDsNWKzzBHqKYEE5Cgv-qjWvorUXk9fw', | ||
* y: '_LeQBw07cf5t57Iavn4j-BqJsAD1dpoz8gokd3sBsOo' | ||
* }, 'ES256') | ||
* const ecPublicKey = await jose.importJWK( | ||
* { | ||
* crv: 'P-256', | ||
* kty: 'EC', | ||
* x: 'ySK38C1jBdLwDsNWKzzBHqKYEE5Cgv-qjWvorUXk9fw', | ||
* y: '_LeQBw07cf5t57Iavn4j-BqJsAD1dpoz8gokd3sBsOo', | ||
* }, | ||
* 'ES256', | ||
* ) | ||
* | ||
* const rsaPublicKey = await jose.importJWK({ | ||
* kty: 'RSA', | ||
* e: 'AQAB', | ||
* n: '12oBZRhCiZFJLcPg59LkZZ9mdhSMTKAQZYq32k_ti5SBB6jerkh-WzOMAO664r_qyLkqHUSp3u5SbXtseZEpN3XPWGKSxjsy-1JyEFTdLSYe6f9gfrmxkUF_7DTpq0gn6rntP05g2-wFW50YO7mosfdslfrTJYWHFhJALabAeYirYD7-9kqq9ebfFMF4sRRELbv9oi36As6Q9B3Qb5_C1rAzqfao_PCsf9EPsTZsVVVkA5qoIAr47lo1ipfiBPxUCCNSdvkmDTYgvvRm6ZoMjFbvOtgyts55fXKdMWv7I9HMD5HwE9uW839PWA514qhbcIsXEYSFMPMV6fnlsiZvQQ' | ||
* }, 'PS256') | ||
* const rsaPublicKey = await jose.importJWK( | ||
* { | ||
* kty: 'RSA', | ||
* e: 'AQAB', | ||
* n: '12oBZRhCiZFJLcPg59LkZZ9mdhSMTKAQZYq32k_ti5SBB6jerkh-WzOMAO664r_qyLkqHUSp3u5SbXtseZEpN3XPWGKSxjsy-1JyEFTdLSYe6f9gfrmxkUF_7DTpq0gn6rntP05g2-wFW50YO7mosfdslfrTJYWHFhJALabAeYirYD7-9kqq9ebfFMF4sRRELbv9oi36As6Q9B3Qb5_C1rAzqfao_PCsf9EPsTZsVVVkA5qoIAr47lo1ipfiBPxUCCNSdvkmDTYgvvRm6ZoMjFbvOtgyts55fXKdMWv7I9HMD5HwE9uW839PWA514qhbcIsXEYSFMPMV6fnlsiZvQQ', | ||
* }, | ||
* 'PS256', | ||
* ) | ||
* ``` | ||
* | ||
* @param jwk JSON Web Key. | ||
* @param alg JSON Web Algorithm identifier to be used with the imported key. Default is the "alg" | ||
* property on the JWK. | ||
* @param octAsKeyObject Forces a symmetric key to be imported to a KeyObject or CryptoKey. Default | ||
* is true unless JWK "ext" (Extractable) is true. | ||
*/ | ||
export declare function importJWK(jwk: JWK, alg?: string, octAsKeyObject?: boolean): Promise<KeyLike | Uint8Array>; |
/** | ||
* KeyLike are runtime-specific classes representing asymmetric keys or symmetric secrets. | ||
* These are instances of | ||
* [CryptoKey](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey) and additionally | ||
* [KeyObject](https://nodejs.org/api/crypto.html#crypto_class_keyobject) | ||
* in Node.js runtime. | ||
* KeyLike are runtime-specific classes representing asymmetric keys or symmetric secrets. These are | ||
* instances of [CryptoKey](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey) and | ||
* additionally [KeyObject](https://nodejs.org/api/crypto.html#class-keyobject) in Node.js runtime. | ||
* [Uint8Array](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array) | ||
* instances are also accepted as symmetric secret representation only. | ||
* | ||
* [Key Import Functions](../modules/key_import.md#readme) can be used to import PEM, | ||
* or JWK formatted asymmetric keys and certificates to these runtime-specific representations. | ||
* [Key Import Functions](../modules/key_import.md#readme) can be used to import PEM, or JWK | ||
* formatted asymmetric keys and certificates to these runtime-specific representations. | ||
* | ||
* In Node.js the | ||
* [Buffer](https://nodejs.org/api/buffer.html#buffer_buffer) class is a subclass of Uint8Array | ||
* and so Buffer can be provided for symmetric secrets as well. | ||
* In Node.js the [Buffer](https://nodejs.org/api/buffer.html#buffer) class is a subclass of | ||
* Uint8Array and so Buffer can be provided for symmetric secrets as well. | ||
* | ||
* --- | ||
* [KeyObject](https://nodejs.org/api/crypto.html#class-keyobject) is a representation of a | ||
* key/secret available in the Node.js runtime. In addition to the import functions of this library | ||
* you may use the runtime APIs | ||
* [crypto.createPublicKey](https://nodejs.org/api/crypto.html#cryptocreatepublickeykey), | ||
* [crypto.createPrivateKey](https://nodejs.org/api/crypto.html#cryptocreateprivatekeykey), and | ||
* [crypto.createSecretKey](https://nodejs.org/api/crypto.html#cryptocreatesecretkeykey-encoding) to | ||
* obtain a KeyObject from your existing key material. | ||
* | ||
* [KeyObject](https://nodejs.org/api/crypto.html#crypto_class_keyobject) is a representation of a | ||
* key/secret available in the Node.js runtime. | ||
* In addition to the import functions of this library you may use the | ||
* runtime APIs | ||
* [crypto.createPublicKey](https://nodejs.org/api/crypto.html#crypto_crypto_createpublickey_key), | ||
* [crypto.createPrivateKey](https://nodejs.org/api/crypto.html#crypto_crypto_createprivatekey_key), and | ||
* [crypto.createSecretKey](https://nodejs.org/api/crypto.html#crypto_crypto_createsecretkey_key_encoding) | ||
* to obtain a KeyObject from your existing key material. | ||
* | ||
* [CryptoKey](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey) is a representation of a | ||
* key/secret available in the Browser and Deno runtimes. | ||
* In addition to the import functions of this library you may use the | ||
* [SubtleCrypto.importKey](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey) API | ||
* to obtain a CryptoKey from your existing key material. | ||
* key/secret available in the Browser and Deno runtimes. In addition to the import functions of | ||
* this library you may use the | ||
* [SubtleCrypto.importKey](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey) | ||
* API to obtain a CryptoKey from your existing key material. | ||
* | ||
* --- | ||
* @example Import a PEM-encoded SPKI Public Key | ||
* | ||
* @example Import a PEM-encoded SPKI Public Key | ||
* ```js | ||
@@ -47,2 +40,3 @@ * const algorithm = 'ES256' | ||
* @example Import a X.509 Certificate | ||
* | ||
* ```js | ||
@@ -64,2 +58,3 @@ * const algorithm = 'ES256' | ||
* @example Import a PEM-encoded PKCS8 Private Key | ||
* | ||
* ```js | ||
@@ -76,15 +71,22 @@ * const algorithm = 'ES256' | ||
* @example Import a JSON Web Key (JWK) | ||
* | ||
* ```js | ||
* const ecPublicKey = await jose.importJWK({ | ||
* crv: 'P-256', | ||
* kty: 'EC', | ||
* x: 'ySK38C1jBdLwDsNWKzzBHqKYEE5Cgv-qjWvorUXk9fw', | ||
* y: '_LeQBw07cf5t57Iavn4j-BqJsAD1dpoz8gokd3sBsOo' | ||
* }, 'ES256') | ||
* const ecPublicKey = await jose.importJWK( | ||
* { | ||
* crv: 'P-256', | ||
* kty: 'EC', | ||
* x: 'ySK38C1jBdLwDsNWKzzBHqKYEE5Cgv-qjWvorUXk9fw', | ||
* y: '_LeQBw07cf5t57Iavn4j-BqJsAD1dpoz8gokd3sBsOo', | ||
* }, | ||
* 'ES256', | ||
* ) | ||
* | ||
* const rsaPublicKey = await jose.importJWK({ | ||
* kty: 'RSA', | ||
* e: 'AQAB', | ||
* n: '12oBZRhCiZFJLcPg59LkZZ9mdhSMTKAQZYq32k_ti5SBB6jerkh-WzOMAO664r_qyLkqHUSp3u5SbXtseZEpN3XPWGKSxjsy-1JyEFTdLSYe6f9gfrmxkUF_7DTpq0gn6rntP05g2-wFW50YO7mosfdslfrTJYWHFhJALabAeYirYD7-9kqq9ebfFMF4sRRELbv9oi36As6Q9B3Qb5_C1rAzqfao_PCsf9EPsTZsVVVkA5qoIAr47lo1ipfiBPxUCCNSdvkmDTYgvvRm6ZoMjFbvOtgyts55fXKdMWv7I9HMD5HwE9uW839PWA514qhbcIsXEYSFMPMV6fnlsiZvQQ' | ||
* }, 'PS256') | ||
* const rsaPublicKey = await jose.importJWK( | ||
* { | ||
* kty: 'RSA', | ||
* e: 'AQAB', | ||
* n: '12oBZRhCiZFJLcPg59LkZZ9mdhSMTKAQZYq32k_ti5SBB6jerkh-WzOMAO664r_qyLkqHUSp3u5SbXtseZEpN3XPWGKSxjsy-1JyEFTdLSYe6f9gfrmxkUF_7DTpq0gn6rntP05g2-wFW50YO7mosfdslfrTJYWHFhJALabAeYirYD7-9kqq9ebfFMF4sRRELbv9oi36As6Q9B3Qb5_C1rAzqfao_PCsf9EPsTZsVVVkA5qoIAr47lo1ipfiBPxUCCNSdvkmDTYgvvRm6ZoMjFbvOtgyts55fXKdMWv7I9HMD5HwE9uW839PWA514qhbcIsXEYSFMPMV6fnlsiZvQQ', | ||
* }, | ||
* 'PS256', | ||
* ) | ||
* ``` | ||
@@ -95,9 +97,7 @@ */ | ||
/** | ||
* JSON Web Key ([JWK](https://www.rfc-editor.org/rfc/rfc7517)). | ||
* "RSA", "EC", "OKP", and "oct" key types are supported. | ||
* JSON Web Key ([JWK](https://www.rfc-editor.org/rfc/rfc7517)). "RSA", "EC", "OKP", and "oct" key | ||
* types are supported. | ||
*/ | ||
export interface JWK { | ||
/** | ||
* JWK "alg" (Algorithm) Parameter. | ||
*/ | ||
/** JWK "alg" (Algorithm) Parameter. */ | ||
alg?: string | ||
@@ -109,18 +109,10 @@ crv?: string | ||
e?: string | ||
/** | ||
* JWK "ext" (Extractable) Parameter. | ||
*/ | ||
/** JWK "ext" (Extractable) Parameter. */ | ||
ext?: boolean | ||
k?: string | ||
/** | ||
* JWK "key_ops" (Key Operations) Parameter. | ||
*/ | ||
/** JWK "key_ops" (Key Operations) Parameter. */ | ||
key_ops?: string[] | ||
/** | ||
* JWK "kid" (Key ID) Parameter. | ||
*/ | ||
/** JWK "kid" (Key ID) Parameter. */ | ||
kid?: string | ||
/** | ||
* JWK "kty" (Key Type) Parameter. | ||
*/ | ||
/** JWK "kty" (Key Type) Parameter. */ | ||
kty?: string | ||
@@ -136,23 +128,13 @@ n?: string | ||
qi?: string | ||
/** | ||
* JWK "use" (Public Key Use) Parameter. | ||
*/ | ||
/** JWK "use" (Public Key Use) Parameter. */ | ||
use?: string | ||
x?: string | ||
y?: string | ||
/** | ||
* JWK "x5c" (X.509 Certificate Chain) Parameter. | ||
*/ | ||
/** JWK "x5c" (X.509 Certificate Chain) Parameter. */ | ||
x5c?: string[] | ||
/** | ||
* JWK "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter. | ||
*/ | ||
/** JWK "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter. */ | ||
x5t?: string | ||
/** | ||
* "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter. | ||
*/ | ||
/** "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter. */ | ||
'x5t#S256'?: string | ||
/** | ||
* JWK "x5u" (X.509 URL) Parameter. | ||
*/ | ||
/** JWK "x5u" (X.509 URL) Parameter. */ | ||
x5u?: string | ||
@@ -164,4 +146,4 @@ | ||
/** | ||
* Generic Interface for consuming operations dynamic key resolution. | ||
* No token components have been verified at the time of this function call. | ||
* Generic Interface for consuming operations dynamic key resolution. No token components have been | ||
* verified at the time of this function call. | ||
* | ||
@@ -178,12 +160,11 @@ * If you cannot match a key suitable for the token, throw an error instead. | ||
/** | ||
* Flattened JWS definition for verify function inputs, allows payload as | ||
* Uint8Array for detached signature validation. | ||
* Flattened JWS definition for verify function inputs, allows payload as Uint8Array for detached | ||
* signature validation. | ||
*/ | ||
export interface FlattenedJWSInput { | ||
/** | ||
* The "header" member MUST be present and contain the value JWS | ||
* Unprotected Header when the JWS Unprotected Header value is non- | ||
* empty; otherwise, it MUST be absent. This value is represented as | ||
* an unencoded JSON object, rather than as a string. These Header | ||
* Parameter values are not integrity protected. | ||
* The "header" member MUST be present and contain the value JWS Unprotected Header when the JWS | ||
* Unprotected Header value is non- empty; otherwise, it MUST be absent. This value is represented | ||
* as an unencoded JSON object, rather than as a string. These Header Parameter values are not | ||
* integrity protected. | ||
*/ | ||
@@ -193,5 +174,4 @@ header?: JWSHeaderParameters | ||
/** | ||
* The "payload" member MUST be present and contain the value | ||
* BASE64URL(JWS Payload). When RFC7797 "b64": false is used | ||
* the value passed may also be a Uint8Array. | ||
* The "payload" member MUST be present and contain the value BASE64URL(JWS Payload). When RFC7797 | ||
* "b64": false is used the value passed may also be a Uint8Array. | ||
*/ | ||
@@ -201,5 +181,4 @@ payload: string | Uint8Array | ||
/** | ||
* The "protected" member MUST be present and contain the value | ||
* BASE64URL(UTF8(JWS Protected Header)) when the JWS Protected | ||
* Header value is non-empty; otherwise, it MUST be absent. These | ||
* The "protected" member MUST be present and contain the value BASE64URL(UTF8(JWS Protected | ||
* Header)) when the JWS Protected Header value is non-empty; otherwise, it MUST be absent. These | ||
* Header Parameter values are integrity protected. | ||
@@ -209,6 +188,3 @@ */ | ||
/** | ||
* The "signature" member MUST be present and contain the value | ||
* BASE64URL(JWS Signature). | ||
*/ | ||
/** The "signature" member MUST be present and contain the value BASE64URL(JWS Signature). */ | ||
signature: string | ||
@@ -218,10 +194,9 @@ } | ||
/** | ||
* General JWS definition for verify function inputs, allows payload as | ||
* Uint8Array for detached signature validation. | ||
* General JWS definition for verify function inputs, allows payload as Uint8Array for detached | ||
* signature validation. | ||
*/ | ||
export interface GeneralJWSInput { | ||
/** | ||
* The "payload" member MUST be present and contain the value | ||
* BASE64URL(JWS Payload). When RFC7797 "b64": false is used | ||
* the value passed may also be a Uint8Array. | ||
* The "payload" member MUST be present and contain the value BASE64URL(JWS Payload). When RFC7797 | ||
* "b64": false is used the value passed may also be a Uint8Array. | ||
*/ | ||
@@ -231,5 +206,4 @@ payload: string | Uint8Array | ||
/** | ||
* The "signatures" member value MUST be an array of JSON objects. | ||
* Each object represents a signature or MAC over the JWS Payload and | ||
* the JWS Protected Header. | ||
* The "signatures" member value MUST be an array of JSON objects. Each object represents a | ||
* signature or MAC over the JWS Payload and the JWS Protected Header. | ||
*/ | ||
@@ -240,5 +214,4 @@ signatures: Omit<FlattenedJWSInput, 'payload'>[] | ||
/** | ||
* Flattened JWS definition. Payload is returned as an empty | ||
* string when JWS Unencoded Payload Option | ||
* [RFC7797](https://www.rfc-editor.org/rfc/rfc7797) is used. | ||
* Flattened JWS definition. Payload is returned as an empty string when JWS Unencoded Payload | ||
* Option [RFC7797](https://www.rfc-editor.org/rfc/rfc7797) is used. | ||
*/ | ||
@@ -251,4 +224,3 @@ export interface FlattenedJWS extends Partial<FlattenedJWSInput> { | ||
/** | ||
* General JWS definition. Payload is returned as an empty | ||
* string when JWS Unencoded Payload Option | ||
* General JWS definition. Payload is returned as an empty string when JWS Unencoded Payload Option | ||
* [RFC7797](https://www.rfc-editor.org/rfc/rfc7797) is used. | ||
@@ -262,74 +234,46 @@ */ | ||
export interface JoseHeaderParameters { | ||
/** | ||
* "kid" (Key ID) Header Parameter. | ||
*/ | ||
/** "kid" (Key ID) Header Parameter. */ | ||
kid?: string | ||
/** | ||
* "x5t" (X.509 Certificate SHA-1 Thumbprint) Header Parameter. | ||
*/ | ||
/** "x5t" (X.509 Certificate SHA-1 Thumbprint) Header Parameter. */ | ||
x5t?: string | ||
/** | ||
* "x5c" (X.509 Certificate Chain) Header Parameter. | ||
*/ | ||
/** "x5c" (X.509 Certificate Chain) Header Parameter. */ | ||
x5c?: string[] | ||
/** | ||
* "x5u" (X.509 URL) Header Parameter. | ||
*/ | ||
/** "x5u" (X.509 URL) Header Parameter. */ | ||
x5u?: string | ||
/** | ||
* "jku" (JWK Set URL) Header Parameter. | ||
*/ | ||
/** "jku" (JWK Set URL) Header Parameter. */ | ||
jku?: string | ||
/** | ||
* "jwk" (JSON Web Key) Header Parameter. | ||
*/ | ||
/** "jwk" (JSON Web Key) Header Parameter. */ | ||
jwk?: Pick<JWK, 'kty' | 'crv' | 'x' | 'y' | 'e' | 'n'> | ||
/** | ||
* "typ" (Type) Header Parameter. | ||
*/ | ||
/** "typ" (Type) Header Parameter. */ | ||
typ?: string | ||
/** | ||
* "cty" (Content Type) Header Parameter. | ||
*/ | ||
/** "cty" (Content Type) Header Parameter. */ | ||
cty?: string | ||
} | ||
/** | ||
* Recognized JWS Header Parameters, any other Header Members | ||
* may also be present. | ||
*/ | ||
/** Recognized JWS Header Parameters, any other Header Members may also be present. */ | ||
export interface JWSHeaderParameters extends JoseHeaderParameters { | ||
/** | ||
* JWS "alg" (Algorithm) Header Parameter. | ||
*/ | ||
/** JWS "alg" (Algorithm) Header Parameter. */ | ||
alg?: string | ||
/** | ||
* This JWS Extension Header Parameter modifies the JWS Payload | ||
* representation and the JWS Signing Input computation as per | ||
* [RFC7797](https://www.rfc-editor.org/rfc/rfc7797). | ||
* This JWS Extension Header Parameter modifies the JWS Payload representation and the JWS Signing | ||
* Input computation as per [RFC7797](https://www.rfc-editor.org/rfc/rfc7797). | ||
*/ | ||
b64?: boolean | ||
/** | ||
* JWS "crit" (Critical) Header Parameter. | ||
*/ | ||
/** JWS "crit" (Critical) Header Parameter. */ | ||
crit?: string[] | ||
/** | ||
* Any other JWS Header member. | ||
*/ | ||
/** Any other JWS Header member. */ | ||
[propName: string]: unknown | ||
} | ||
/** | ||
* Recognized JWE Key Management-related Header Parameters. | ||
*/ | ||
/** Recognized JWE Key Management-related Header Parameters. */ | ||
export interface JWEKeyManagementHeaderParameters { | ||
@@ -339,19 +283,19 @@ apu?: Uint8Array | ||
/** | ||
* @deprecated You should not use this parameter. It is only really intended | ||
* for test and vector validation purposes. | ||
* @deprecated You should not use this parameter. It is only really intended for test and vector | ||
* validation purposes. | ||
*/ | ||
p2c?: number | ||
/** | ||
* @deprecated You should not use this parameter. It is only really intended | ||
* for test and vector validation purposes. | ||
* @deprecated You should not use this parameter. It is only really intended for test and vector | ||
* validation purposes. | ||
*/ | ||
p2s?: Uint8Array | ||
/** | ||
* @deprecated You should not use this parameter. It is only really intended | ||
* for test and vector validation purposes. | ||
* @deprecated You should not use this parameter. It is only really intended for test and vector | ||
* validation purposes. | ||
*/ | ||
iv?: Uint8Array | ||
/** | ||
* @deprecated You should not use this parameter. It is only really intended | ||
* for test and vector validation purposes. | ||
* @deprecated You should not use this parameter. It is only really intended for test and vector | ||
* validation purposes. | ||
*/ | ||
@@ -361,25 +305,17 @@ epk?: KeyLike | ||
/** | ||
* Flattened JWE definition. | ||
*/ | ||
/** Flattened JWE definition. */ | ||
export interface FlattenedJWE { | ||
/** | ||
* The "aad" member MUST be present and contain the value | ||
* BASE64URL(JWE AAD)) when the JWE AAD value is non-empty; | ||
* otherwise, it MUST be absent. A JWE AAD value can be included to | ||
* supply a base64url-encoded value to be integrity protected but not | ||
* encrypted. | ||
* The "aad" member MUST be present and contain the value BASE64URL(JWE AAD)) when the JWE AAD | ||
* value is non-empty; otherwise, it MUST be absent. A JWE AAD value can be included to supply a | ||
* base64url-encoded value to be integrity protected but not encrypted. | ||
*/ | ||
aad?: string | ||
/** | ||
* The "ciphertext" member MUST be present and contain the value | ||
* BASE64URL(JWE Ciphertext). | ||
*/ | ||
/** The "ciphertext" member MUST be present and contain the value BASE64URL(JWE Ciphertext). */ | ||
ciphertext: string | ||
/** | ||
* The "encrypted_key" member MUST be present and contain the value | ||
* BASE64URL(JWE Encrypted Key) when the JWE Encrypted Key value is | ||
* non-empty; otherwise, it MUST be absent. | ||
* The "encrypted_key" member MUST be present and contain the value BASE64URL(JWE Encrypted Key) | ||
* when the JWE Encrypted Key value is non-empty; otherwise, it MUST be absent. | ||
*/ | ||
@@ -389,8 +325,6 @@ encrypted_key?: string | ||
/** | ||
* The "header" member MUST be present and contain the value JWE Per- | ||
* Recipient Unprotected Header when the JWE Per-Recipient | ||
* Unprotected Header value is non-empty; otherwise, it MUST be | ||
* absent. This value is represented as an unencoded JSON object, | ||
* rather than as a string. These Header Parameter values are not | ||
* integrity protected. | ||
* The "header" member MUST be present and contain the value JWE Per- Recipient Unprotected Header | ||
* when the JWE Per-Recipient Unprotected Header value is non-empty; otherwise, it MUST be absent. | ||
* This value is represented as an unencoded JSON object, rather than as a string. These Header | ||
* Parameter values are not integrity protected. | ||
*/ | ||
@@ -400,5 +334,4 @@ header?: JWEHeaderParameters | ||
/** | ||
* The "iv" member MUST be present and contain the value | ||
* BASE64URL(JWE Initialization Vector) when the JWE Initialization | ||
* Vector value is non-empty; otherwise, it MUST be absent. | ||
* The "iv" member MUST be present and contain the value BASE64URL(JWE Initialization Vector) when | ||
* the JWE Initialization Vector value is non-empty; otherwise, it MUST be absent. | ||
*/ | ||
@@ -408,5 +341,4 @@ iv: string | ||
/** | ||
* The "protected" member MUST be present and contain the value | ||
* BASE64URL(UTF8(JWE Protected Header)) when the JWE Protected | ||
* Header value is non-empty; otherwise, it MUST be absent. These | ||
* The "protected" member MUST be present and contain the value BASE64URL(UTF8(JWE Protected | ||
* Header)) when the JWE Protected Header value is non-empty; otherwise, it MUST be absent. These | ||
* Header Parameter values are integrity protected. | ||
@@ -417,5 +349,4 @@ */ | ||
/** | ||
* The "tag" member MUST be present and contain the value | ||
* BASE64URL(JWE Authentication Tag) when the JWE Authentication Tag | ||
* value is non-empty; otherwise, it MUST be absent. | ||
* The "tag" member MUST be present and contain the value BASE64URL(JWE Authentication Tag) when | ||
* the JWE Authentication Tag value is non-empty; otherwise, it MUST be absent. | ||
*/ | ||
@@ -425,7 +356,6 @@ tag: string | ||
/** | ||
* The "unprotected" member MUST be present and contain the value JWE | ||
* Shared Unprotected Header when the JWE Shared Unprotected Header | ||
* value is non-empty; otherwise, it MUST be absent. This value is | ||
* represented as an unencoded JSON object, rather than as a string. | ||
* These Header Parameter values are not integrity protected. | ||
* The "unprotected" member MUST be present and contain the value JWE Shared Unprotected Header | ||
* when the JWE Shared Unprotected Header value is non-empty; otherwise, it MUST be absent. This | ||
* value is represented as an unencoded JSON object, rather than as a string. These Header | ||
* Parameter values are not integrity protected. | ||
*/ | ||
@@ -439,57 +369,38 @@ unprotected?: JWEHeaderParameters | ||
/** | ||
* Recognized JWE Header Parameters, any other Header members | ||
* may also be present. | ||
*/ | ||
/** Recognized JWE Header Parameters, any other Header members may also be present. */ | ||
export interface JWEHeaderParameters extends JoseHeaderParameters { | ||
/** | ||
* JWE "alg" (Algorithm) Header Parameter. | ||
*/ | ||
/** JWE "alg" (Algorithm) Header Parameter. */ | ||
alg?: string | ||
/** | ||
* JWE "enc" (Encryption Algorithm) Header Parameter. | ||
*/ | ||
/** JWE "enc" (Encryption Algorithm) Header Parameter. */ | ||
enc?: string | ||
/** | ||
* JWE "crit" (Critical) Header Parameter. | ||
*/ | ||
/** JWE "crit" (Critical) Header Parameter. */ | ||
crit?: string[] | ||
/** | ||
* JWE "zip" (Compression Algorithm) Header Parameter. | ||
*/ | ||
/** JWE "zip" (Compression Algorithm) Header Parameter. */ | ||
zip?: string | ||
/** | ||
* Any other JWE Header member. | ||
*/ | ||
/** Any other JWE Header member. */ | ||
[propName: string]: unknown | ||
} | ||
/** | ||
* Shared Interface with a "crit" property for all sign, verify, encrypt and decrypt | ||
* operations. | ||
*/ | ||
/** Shared Interface with a "crit" property for all sign, verify, encrypt and decrypt operations. */ | ||
export interface CritOption { | ||
/** | ||
* An object with keys representing recognized "crit" (Critical) Header Parameter | ||
* names. The value for those is either `true` or `false`. `true` when the | ||
* Header Parameter MUST be integrity protected, `false` when it's irrelevant. | ||
* An object with keys representing recognized "crit" (Critical) Header Parameter names. The value | ||
* for those is either `true` or `false`. `true` when the Header Parameter MUST be integrity | ||
* protected, `false` when it's irrelevant. | ||
* | ||
* This makes the "Extension Header Parameter "${parameter}" is not recognized" | ||
* error go away. | ||
* This makes the "Extension Header Parameter "${parameter}" is not recognized" error go away. | ||
* | ||
* Use this when a given JWS/JWT/JWE profile requires the use of proprietary | ||
* non-registered "crit" (Critical) Header Parameters. This will only make sure | ||
* the Header Parameter is syntactically correct when provided and that it is | ||
* optionally integrity protected. It will not process the Header Parameter in | ||
* any way or reject the operation if it is missing. You MUST still | ||
* verify the Header Parameter was present and process it according to the | ||
* profile's validation steps after the operation succeeds. | ||
* Use this when a given JWS/JWT/JWE profile requires the use of proprietary non-registered "crit" | ||
* (Critical) Header Parameters. This will only make sure the Header Parameter is syntactically | ||
* correct when provided and that it is optionally integrity protected. It will not process the | ||
* Header Parameter in any way or reject the operation if it is missing. You MUST still verify the | ||
* Header Parameter was present and process it according to the profile's validation steps after | ||
* the operation succeeds. | ||
* | ||
* The JWS extension Header Parameter `b64` is always recognized and processed | ||
* properly. No other registered Header Parameters that need this kind of | ||
* default built-in treatment are currently available. | ||
* The JWS extension Header Parameter `b64` is always recognized and processed properly. No other | ||
* registered Header Parameters that need this kind of default built-in treatment are currently available. | ||
*/ | ||
@@ -501,15 +412,10 @@ crit?: { | ||
/** | ||
* JWE Decryption options. | ||
*/ | ||
/** JWE Decryption options. */ | ||
export interface DecryptOptions extends CritOption { | ||
/** | ||
* A list of accepted JWE "alg" (Algorithm) Header Parameter values. | ||
*/ | ||
/** A list of accepted JWE "alg" (Algorithm) Header Parameter values. */ | ||
keyManagementAlgorithms?: string[] | ||
/** | ||
* A list of accepted JWE "enc" (Encryption Algorithm) Header Parameter values. | ||
* By default all "enc" (Encryption Algorithm) values applicable for the used | ||
* key/secret are allowed. | ||
* A list of accepted JWE "enc" (Encryption Algorithm) Header Parameter values. By default all | ||
* "enc" (Encryption Algorithm) values applicable for the used key/secret are allowed. | ||
*/ | ||
@@ -519,4 +425,4 @@ contentEncryptionAlgorithms?: string[] | ||
/** | ||
* In a browser runtime you have to provide an implementation for Inflate Raw | ||
* when you expect JWEs with compressed plaintext. | ||
* In a browser runtime you have to provide an implementation for Inflate Raw when you expect JWEs | ||
* with compressed plaintext. | ||
*/ | ||
@@ -526,9 +432,7 @@ inflateRaw?: InflateFunction | ||
/** | ||
* JWE Deflate option. | ||
*/ | ||
/** JWE Deflate option. */ | ||
export interface DeflateOption { | ||
/** | ||
* In a browser runtime you have to provide an implementation for Deflate Raw | ||
* when you will be producing JWEs with compressed plaintext. | ||
* In a browser runtime you have to provide an implementation for Deflate Raw when you will be | ||
* producing JWEs with compressed plaintext. | ||
*/ | ||
@@ -538,14 +442,8 @@ deflateRaw?: DeflateFunction | ||
/** | ||
* JWE Encryption options. | ||
*/ | ||
/** JWE Encryption options. */ | ||
export interface EncryptOptions extends CritOption, DeflateOption {} | ||
/** | ||
* JWT Claims Set verification options. | ||
*/ | ||
/** JWT Claims Set verification options. */ | ||
export interface JWTClaimVerificationOptions { | ||
/** | ||
* Expected JWT "aud" (Audience) Claim value(s). | ||
*/ | ||
/** Expected JWT "aud" (Audience) Claim value(s). */ | ||
audience?: string | string[] | ||
@@ -555,10 +453,9 @@ | ||
* Expected clock tolerance | ||
* - in seconds when number (e.g. 5) | ||
* - parsed as seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours"). | ||
* | ||
* - In seconds when number (e.g. 5) | ||
* - Parsed as seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours"). | ||
*/ | ||
clockTolerance?: string | number | ||
/** | ||
* Expected JWT "iss" (Issuer) Claim value(s). | ||
*/ | ||
/** Expected JWT "iss" (Issuer) Claim value(s). */ | ||
issuer?: string | string[] | ||
@@ -568,31 +465,23 @@ | ||
* Maximum time elapsed (in seconds) from the JWT "iat" (Issued At) Claim value. | ||
* - in seconds when number (e.g. 5) | ||
* - parsed as seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours"). | ||
* | ||
* - In seconds when number (e.g. 5) | ||
* - Parsed as seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours"). | ||
*/ | ||
maxTokenAge?: string | number | ||
/** | ||
* Expected JWT "sub" (Subject) Claim value. | ||
*/ | ||
/** Expected JWT "sub" (Subject) Claim value. */ | ||
subject?: string | ||
/** | ||
* Expected JWT "typ" (Type) Header Parameter value. | ||
*/ | ||
/** Expected JWT "typ" (Type) Header Parameter value. */ | ||
typ?: string | ||
/** | ||
* Date to use when comparing NumericDate claims, defaults to `new Date()`. | ||
*/ | ||
/** Date to use when comparing NumericDate claims, defaults to `new Date()`. */ | ||
currentDate?: Date | ||
} | ||
/** | ||
* JWS Verification options. | ||
*/ | ||
/** JWS Verification options. */ | ||
export interface VerifyOptions extends CritOption { | ||
/** | ||
* A list of accepted JWS "alg" (Algorithm) Header Parameter values. | ||
* By default all "alg" (Algorithm) values applicable for the used | ||
* key/secret are allowed. Note: "none" is never accepted. | ||
* A list of accepted JWS "alg" (Algorithm) Header Parameter values. By default all "alg" | ||
* (Algorithm) values applicable for the used key/secret are allowed. Note: "none" is never accepted. | ||
*/ | ||
@@ -602,50 +491,29 @@ algorithms?: string[] | ||
/** | ||
* JWS Signing options. | ||
*/ | ||
/** JWS Signing options. */ | ||
export interface SignOptions extends CritOption {} | ||
/** | ||
* Recognized JWT Claims Set members, any other members | ||
* may also be present. | ||
*/ | ||
/** Recognized JWT Claims Set members, any other members may also be present. */ | ||
export interface JWTPayload { | ||
/** | ||
* JWT Issuer - [RFC7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1). | ||
*/ | ||
/** JWT Issuer - [RFC7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1). */ | ||
iss?: string | ||
/** | ||
* JWT Subject - [RFC7519#section-4.1.2](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.2). | ||
*/ | ||
/** JWT Subject - [RFC7519#section-4.1.2](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.2). */ | ||
sub?: string | ||
/** | ||
* JWT Audience [RFC7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3). | ||
*/ | ||
/** JWT Audience [RFC7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3). */ | ||
aud?: string | string[] | ||
/** | ||
* JWT ID - [RFC7519#section-4.1.7](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.7). | ||
*/ | ||
/** JWT ID - [RFC7519#section-4.1.7](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.7). */ | ||
jti?: string | ||
/** | ||
* JWT Not Before - [RFC7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5). | ||
*/ | ||
/** JWT Not Before - [RFC7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5). */ | ||
nbf?: number | ||
/** | ||
* JWT Expiration Time - [RFC7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4). | ||
*/ | ||
/** JWT Expiration Time - [RFC7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4). */ | ||
exp?: number | ||
/** | ||
* JWT Issued At - [RFC7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6). | ||
*/ | ||
/** JWT Issued At - [RFC7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6). */ | ||
iat?: number | ||
/** | ||
* Any other JWT Claim Set member. | ||
*/ | ||
/** Any other JWT Claim Set member. */ | ||
[propName: string]: unknown | ||
@@ -655,3 +523,4 @@ } | ||
/** | ||
* Deflate Raw implementation, e.g. promisified [zlib.deflateRaw](https://nodejs.org/api/zlib.html#zlib_zlib_deflateraw_buffer_options_callback). | ||
* Deflate Raw implementation, e.g. promisified | ||
* [zlib.deflateRaw](https://nodejs.org/api/zlib.html#zlibdeflaterawbuffer-options-callback). | ||
*/ | ||
@@ -663,3 +532,4 @@ export interface DeflateFunction { | ||
/** | ||
* Inflate Raw implementation, e.g. promisified [zlib.inflateRaw](https://nodejs.org/api/zlib.html#zlib_zlib_inflateraw_buffer_options_callback). | ||
* Inflate Raw implementation, e.g. promisified | ||
* [zlib.inflateRaw](https://nodejs.org/api/zlib.html#zlibinflaterawbuffer-options-callback). | ||
*/ | ||
@@ -671,25 +541,15 @@ export interface InflateFunction { | ||
export interface FlattenedDecryptResult { | ||
/** | ||
* JWE AAD. | ||
*/ | ||
/** JWE AAD. */ | ||
additionalAuthenticatedData?: Uint8Array | ||
/** | ||
* Plaintext. | ||
*/ | ||
/** Plaintext. */ | ||
plaintext: Uint8Array | ||
/** | ||
* JWE Protected Header. | ||
*/ | ||
/** JWE Protected Header. */ | ||
protectedHeader?: JWEHeaderParameters | ||
/** | ||
* JWE Shared Unprotected Header. | ||
*/ | ||
/** JWE Shared Unprotected Header. */ | ||
sharedUnprotectedHeader?: JWEHeaderParameters | ||
/** | ||
* JWE Per-Recipient Unprotected Header. | ||
*/ | ||
/** JWE Per-Recipient Unprotected Header. */ | ||
unprotectedHeader?: JWEHeaderParameters | ||
@@ -701,10 +561,6 @@ } | ||
export interface CompactDecryptResult { | ||
/** | ||
* Plaintext. | ||
*/ | ||
/** Plaintext. */ | ||
plaintext: Uint8Array | ||
/** | ||
* JWE Protected Header. | ||
*/ | ||
/** JWE Protected Header. */ | ||
protectedHeader: CompactJWEHeaderParameters | ||
@@ -714,15 +570,9 @@ } | ||
export interface FlattenedVerifyResult { | ||
/** | ||
* JWS Payload. | ||
*/ | ||
/** JWS Payload. */ | ||
payload: Uint8Array | ||
/** | ||
* JWS Protected Header. | ||
*/ | ||
/** JWS Protected Header. */ | ||
protectedHeader?: JWSHeaderParameters | ||
/** | ||
* JWS Unprotected Header. | ||
*/ | ||
/** JWS Unprotected Header. */ | ||
unprotectedHeader?: JWSHeaderParameters | ||
@@ -734,10 +584,6 @@ } | ||
export interface CompactVerifyResult { | ||
/** | ||
* JWS Payload. | ||
*/ | ||
/** JWS Payload. */ | ||
payload: Uint8Array | ||
/** | ||
* JWS Protected Header. | ||
*/ | ||
/** JWS Protected Header. */ | ||
protectedHeader: CompactJWSHeaderParameters | ||
@@ -747,10 +593,6 @@ } | ||
export interface JWTVerifyResult { | ||
/** | ||
* JWT Claims Set. | ||
*/ | ||
/** JWT Claims Set. */ | ||
payload: JWTPayload | ||
/** | ||
* JWS Protected Header. | ||
*/ | ||
/** JWS Protected Header. */ | ||
protectedHeader: JWTHeaderParameters | ||
@@ -760,10 +602,6 @@ } | ||
export interface JWTDecryptResult { | ||
/** | ||
* JWT Claims Set. | ||
*/ | ||
/** JWT Claims Set. */ | ||
payload: JWTPayload | ||
/** | ||
* JWE Protected Header. | ||
*/ | ||
/** JWE Protected Header. */ | ||
protectedHeader: CompactJWEHeaderParameters | ||
@@ -773,12 +611,7 @@ } | ||
export interface ResolvedKey { | ||
/** | ||
* Key resolved from the key resolver function. | ||
*/ | ||
/** Key resolved from the key resolver function. */ | ||
key: KeyLike | Uint8Array | ||
} | ||
/** | ||
* Recognized Compact JWS Header Parameters, any other Header Members | ||
* may also be present. | ||
*/ | ||
/** Recognized Compact JWS Header Parameters, any other Header Members may also be present. */ | ||
export interface CompactJWSHeaderParameters extends JWSHeaderParameters { | ||
@@ -788,6 +621,3 @@ alg: string | ||
/** | ||
* Recognized Signed JWT Header Parameters, any other Header Members | ||
* may also be present. | ||
*/ | ||
/** Recognized Signed JWT Header Parameters, any other Header Members may also be present. */ | ||
export interface JWTHeaderParameters extends CompactJWSHeaderParameters { | ||
@@ -797,6 +627,3 @@ b64?: true | ||
/** | ||
* Recognized Compact JWE Header Parameters, any other Header Members | ||
* may also be present. | ||
*/ | ||
/** Recognized Compact JWE Header Parameters, any other Header Members may also be present. */ | ||
export interface CompactJWEHeaderParameters extends JWEHeaderParameters { | ||
@@ -807,7 +634,5 @@ alg: string | ||
/** | ||
* JSON Web Key Set | ||
*/ | ||
/** JSON Web Key Set */ | ||
export interface JSONWebKeySet { | ||
keys: JWK[] | ||
} |
import type { JWTPayload } from '../types'; | ||
/** | ||
* Decodes a signed JSON Web Token payload. This does not validate the JWT Claims Set | ||
* types or values. This does not validate the JWS Signature. For a proper | ||
* Signed JWT Claims Set validation and JWS signature verification use `jose.jwtVerify()`. | ||
* For an encrypted JWT Claims Set validation and JWE decryption use `jose.jwtDecrypt()`. | ||
* Decodes a signed JSON Web Token payload. This does not validate the JWT Claims Set types or | ||
* values. This does not validate the JWS Signature. For a proper Signed JWT Claims Set validation | ||
* and JWS signature verification use `jose.jwtVerify()`. For an encrypted JWT Claims Set validation | ||
* and JWE decryption use `jose.jwtDecrypt()`. | ||
* | ||
* @param jwt JWT token in compact JWS serialization. | ||
* @example Usage | ||
* | ||
* @example Usage | ||
* ```js | ||
@@ -15,3 +14,5 @@ * const claims = jose.decodeJwt(token) | ||
* ``` | ||
* | ||
* @param jwt JWT token in compact JWS serialization. | ||
*/ | ||
export declare function decodeJwt(jwt: string): JWTPayload; |
@@ -6,5 +6,4 @@ import type { JWSHeaderParameters, JWEHeaderParameters } from '../types'; | ||
* | ||
* @param token JWE/JWS/JWT token in any JOSE serialization. | ||
* @example Usage | ||
* | ||
* @example Usage | ||
* ```js | ||
@@ -14,3 +13,5 @@ * const protectedHeader = jose.decodeProtectedHeader(token) | ||
* ``` | ||
* | ||
* @param token JWE/JWS/JWT token in any JOSE serialization. | ||
*/ | ||
export declare function decodeProtectedHeader(token: string | object): ProtectedHeaderParameters; |
@@ -1,51 +0,30 @@ | ||
/** | ||
* A generic Error subclass that all other specific | ||
* JOSE Error subclasses inherit from. | ||
*/ | ||
/** A generic Error subclass that all other specific JOSE Error subclasses inherit from. */ | ||
export declare class JOSEError extends Error { | ||
/** | ||
* A unique error code for the particular error subclass. | ||
*/ | ||
/** A unique error code for the particular error subclass. */ | ||
static get code(): string; | ||
/** | ||
* A unique error code for the particular error subclass. | ||
*/ | ||
/** A unique error code for the particular error subclass. */ | ||
code: string; | ||
constructor(message?: string); | ||
} | ||
/** | ||
* An error subclass thrown when a JWT Claim Set member validation fails. | ||
*/ | ||
/** An error subclass thrown when a JWT Claim Set member validation fails. */ | ||
export declare class JWTClaimValidationFailed extends JOSEError { | ||
static get code(): 'ERR_JWT_CLAIM_VALIDATION_FAILED'; | ||
code: string; | ||
/** | ||
* The Claim for which the validation failed. | ||
*/ | ||
/** The Claim for which the validation failed. */ | ||
claim: string; | ||
/** | ||
* Reason code for the validation failure. | ||
*/ | ||
/** Reason code for the validation failure. */ | ||
reason: string; | ||
constructor(message: string, claim?: string, reason?: string); | ||
} | ||
/** | ||
* An error subclass thrown when a JWT is expired. | ||
*/ | ||
/** An error subclass thrown when a JWT is expired. */ | ||
export declare class JWTExpired extends JOSEError implements JWTClaimValidationFailed { | ||
static get code(): 'ERR_JWT_EXPIRED'; | ||
code: string; | ||
/** | ||
* The Claim for which the validation failed. | ||
*/ | ||
/** The Claim for which the validation failed. */ | ||
claim: string; | ||
/** | ||
* Reason code for the validation failure. | ||
*/ | ||
/** Reason code for the validation failure. */ | ||
reason: string; | ||
constructor(message: string, claim?: string, reason?: string); | ||
} | ||
/** | ||
* An error subclass thrown when a JOSE Algorithm is not allowed per developer preference. | ||
*/ | ||
/** An error subclass thrown when a JOSE Algorithm is not allowed per developer preference. */ | ||
export declare class JOSEAlgNotAllowed extends JOSEError { | ||
@@ -63,5 +42,3 @@ static get code(): 'ERR_JOSE_ALG_NOT_ALLOWED'; | ||
} | ||
/** | ||
* An error subclass thrown when a JWE ciphertext decryption fails. | ||
*/ | ||
/** An error subclass thrown when a JWE ciphertext decryption fails. */ | ||
export declare class JWEDecryptionFailed extends JOSEError { | ||
@@ -72,5 +49,3 @@ static get code(): 'ERR_JWE_DECRYPTION_FAILED'; | ||
} | ||
/** | ||
* An error subclass thrown when a JWE is invalid. | ||
*/ | ||
/** An error subclass thrown when a JWE is invalid. */ | ||
export declare class JWEInvalid extends JOSEError { | ||
@@ -80,5 +55,3 @@ static get code(): 'ERR_JWE_INVALID'; | ||
} | ||
/** | ||
* An error subclass thrown when a JWS is invalid. | ||
*/ | ||
/** An error subclass thrown when a JWS is invalid. */ | ||
export declare class JWSInvalid extends JOSEError { | ||
@@ -88,5 +61,3 @@ static get code(): 'ERR_JWS_INVALID'; | ||
} | ||
/** | ||
* An error subclass thrown when a JWT is invalid. | ||
*/ | ||
/** An error subclass thrown when a JWT is invalid. */ | ||
export declare class JWTInvalid extends JOSEError { | ||
@@ -96,5 +67,3 @@ static get code(): 'ERR_JWT_INVALID'; | ||
} | ||
/** | ||
* An error subclass thrown when a JWK is invalid. | ||
*/ | ||
/** An error subclass thrown when a JWK is invalid. */ | ||
export declare class JWKInvalid extends JOSEError { | ||
@@ -104,5 +73,3 @@ static get code(): 'ERR_JWK_INVALID'; | ||
} | ||
/** | ||
* An error subclass thrown when a JWKS is invalid. | ||
*/ | ||
/** An error subclass thrown when a JWKS is invalid. */ | ||
export declare class JWKSInvalid extends JOSEError { | ||
@@ -112,5 +79,3 @@ static get code(): 'ERR_JWKS_INVALID'; | ||
} | ||
/** | ||
* An error subclass thrown when no keys match from a JWKS. | ||
*/ | ||
/** An error subclass thrown when no keys match from a JWKS. */ | ||
export declare class JWKSNoMatchingKey extends JOSEError { | ||
@@ -121,5 +86,3 @@ static get code(): 'ERR_JWKS_NO_MATCHING_KEY'; | ||
} | ||
/** | ||
* An error subclass thrown when multiple keys match from a JWKS. | ||
*/ | ||
/** An error subclass thrown when multiple keys match from a JWKS. */ | ||
export declare class JWKSMultipleMatchingKeys extends JOSEError { | ||
@@ -130,5 +93,3 @@ static get code(): 'ERR_JWKS_MULTIPLE_MATCHING_KEYS'; | ||
} | ||
/** | ||
* Timeout was reached when retrieving the JWKS response. | ||
*/ | ||
/** Timeout was reached when retrieving the JWKS response. */ | ||
export declare class JWKSTimeout extends JOSEError { | ||
@@ -139,5 +100,3 @@ static get code(): 'ERR_JWKS_TIMEOUT'; | ||
} | ||
/** | ||
* An error subclass thrown when JWS signature verification fails. | ||
*/ | ||
/** An error subclass thrown when JWS signature verification fails. */ | ||
export declare class JWSSignatureVerificationFailed extends JOSEError { | ||
@@ -144,0 +103,0 @@ static get code(): 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED'; |
{ | ||
"name": "jose-browser-runtime", | ||
"version": "4.8.3", | ||
"version": "4.9.0", | ||
"homepage": "https://github.com/panva/jose", | ||
@@ -5,0 +5,0 @@ "repository": "panva/jose", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
215069
5417