jose-node-esm-runtime
Advanced tools
Comparing version 5.3.0 to 5.4.0
@@ -12,3 +12,3 @@ import fetchJwks from '../runtime/fetch_jwks.js'; | ||
const NAME = 'jose'; | ||
const VERSION = 'v5.3.0'; | ||
const VERSION = 'v5.4.0'; | ||
USER_AGENT = `${NAME}/${VERSION}`; | ||
@@ -15,0 +15,0 @@ } |
@@ -9,10 +9,10 @@ import { compactDecrypt } from '../jwe/compact/decrypt.js'; | ||
if (protectedHeader.iss !== undefined && protectedHeader.iss !== payload.iss) { | ||
throw new JWTClaimValidationFailed('replicated "iss" claim header parameter mismatch', 'iss', 'mismatch'); | ||
throw new JWTClaimValidationFailed('replicated "iss" claim header parameter mismatch', payload, 'iss', 'mismatch'); | ||
} | ||
if (protectedHeader.sub !== undefined && protectedHeader.sub !== payload.sub) { | ||
throw new JWTClaimValidationFailed('replicated "sub" claim header parameter mismatch', 'sub', 'mismatch'); | ||
throw new JWTClaimValidationFailed('replicated "sub" claim header parameter mismatch', payload, 'sub', 'mismatch'); | ||
} | ||
if (protectedHeader.aud !== undefined && | ||
JSON.stringify(protectedHeader.aud) !== JSON.stringify(payload.aud)) { | ||
throw new JWTClaimValidationFailed('replicated "aud" claim header parameter mismatch', 'aud', 'mismatch'); | ||
throw new JWTClaimValidationFailed('replicated "aud" claim header parameter mismatch', payload, 'aud', 'mismatch'); | ||
} | ||
@@ -19,0 +19,0 @@ const result = { payload, protectedHeader }; |
@@ -17,8 +17,2 @@ import { JWTClaimValidationFailed, JWTExpired, JWTInvalid } from '../util/errors.js'; | ||
export default (protectedHeader, encodedPayload, options = {}) => { | ||
const { typ } = options; | ||
if (typ && | ||
(typeof protectedHeader.typ !== 'string' || | ||
normalizeTyp(protectedHeader.typ) !== normalizeTyp(typ))) { | ||
throw new JWTClaimValidationFailed('unexpected "typ" JWT header value', 'typ', 'check_failed'); | ||
} | ||
let payload; | ||
@@ -33,2 +27,8 @@ try { | ||
} | ||
const { typ } = options; | ||
if (typ && | ||
(typeof protectedHeader.typ !== 'string' || | ||
normalizeTyp(protectedHeader.typ) !== normalizeTyp(typ))) { | ||
throw new JWTClaimValidationFailed('unexpected "typ" JWT header value', payload, 'typ', 'check_failed'); | ||
} | ||
const { requiredClaims = [], issuer, subject, audience, maxTokenAge } = options; | ||
@@ -46,14 +46,14 @@ const presenceCheck = [...requiredClaims]; | ||
if (!(claim in payload)) { | ||
throw new JWTClaimValidationFailed(`missing required "${claim}" claim`, claim, 'missing'); | ||
throw new JWTClaimValidationFailed(`missing required "${claim}" claim`, payload, claim, 'missing'); | ||
} | ||
} | ||
if (issuer && !(Array.isArray(issuer) ? issuer : [issuer]).includes(payload.iss)) { | ||
throw new JWTClaimValidationFailed('unexpected "iss" claim value', 'iss', 'check_failed'); | ||
throw new JWTClaimValidationFailed('unexpected "iss" claim value', payload, 'iss', 'check_failed'); | ||
} | ||
if (subject && payload.sub !== subject) { | ||
throw new JWTClaimValidationFailed('unexpected "sub" claim value', 'sub', 'check_failed'); | ||
throw new JWTClaimValidationFailed('unexpected "sub" claim value', payload, 'sub', 'check_failed'); | ||
} | ||
if (audience && | ||
!checkAudiencePresence(payload.aud, typeof audience === 'string' ? [audience] : audience)) { | ||
throw new JWTClaimValidationFailed('unexpected "aud" claim value', 'aud', 'check_failed'); | ||
throw new JWTClaimValidationFailed('unexpected "aud" claim value', payload, 'aud', 'check_failed'); | ||
} | ||
@@ -77,10 +77,10 @@ let tolerance; | ||
if ((payload.iat !== undefined || maxTokenAge) && typeof payload.iat !== 'number') { | ||
throw new JWTClaimValidationFailed('"iat" claim must be a number', 'iat', 'invalid'); | ||
throw new JWTClaimValidationFailed('"iat" claim must be a number', payload, 'iat', 'invalid'); | ||
} | ||
if (payload.nbf !== undefined) { | ||
if (typeof payload.nbf !== 'number') { | ||
throw new JWTClaimValidationFailed('"nbf" claim must be a number', 'nbf', 'invalid'); | ||
throw new JWTClaimValidationFailed('"nbf" claim must be a number', payload, 'nbf', 'invalid'); | ||
} | ||
if (payload.nbf > now + tolerance) { | ||
throw new JWTClaimValidationFailed('"nbf" claim timestamp check failed', 'nbf', 'check_failed'); | ||
throw new JWTClaimValidationFailed('"nbf" claim timestamp check failed', payload, 'nbf', 'check_failed'); | ||
} | ||
@@ -90,6 +90,6 @@ } | ||
if (typeof payload.exp !== 'number') { | ||
throw new JWTClaimValidationFailed('"exp" claim must be a number', 'exp', 'invalid'); | ||
throw new JWTClaimValidationFailed('"exp" claim must be a number', payload, 'exp', 'invalid'); | ||
} | ||
if (payload.exp <= now - tolerance) { | ||
throw new JWTExpired('"exp" claim timestamp check failed', 'exp', 'check_failed'); | ||
throw new JWTExpired('"exp" claim timestamp check failed', payload, 'exp', 'check_failed'); | ||
} | ||
@@ -101,6 +101,6 @@ } | ||
if (age - tolerance > max) { | ||
throw new JWTExpired('"iat" claim timestamp check failed (too far in the past)', 'iat', 'check_failed'); | ||
throw new JWTExpired('"iat" claim timestamp check failed (too far in the past)', payload, 'iat', 'check_failed'); | ||
} | ||
if (age < 0 - tolerance) { | ||
throw new JWTClaimValidationFailed('"iat" claim timestamp check failed (it should be in the past)', 'iat', 'check_failed'); | ||
throw new JWTClaimValidationFailed('"iat" claim timestamp check failed (it should be in the past)', payload, 'iat', 'check_failed'); | ||
} | ||
@@ -107,0 +107,0 @@ } |
@@ -19,6 +19,8 @@ export class JOSEError extends Error { | ||
reason; | ||
constructor(message, claim = 'unspecified', reason = 'unspecified') { | ||
payload; | ||
constructor(message, payload, claim = 'unspecified', reason = 'unspecified') { | ||
super(message); | ||
this.claim = claim; | ||
this.reason = reason; | ||
this.payload = payload; | ||
} | ||
@@ -33,6 +35,8 @@ } | ||
reason; | ||
constructor(message, claim = 'unspecified', reason = 'unspecified') { | ||
payload; | ||
constructor(message, payload, claim = 'unspecified', reason = 'unspecified') { | ||
super(message); | ||
this.claim = claim; | ||
this.reason = reason; | ||
this.payload = payload; | ||
} | ||
@@ -39,0 +43,0 @@ } |
@@ -1,2 +0,2 @@ | ||
import type { KeyLike } from '../types'; | ||
import type { JWTPayload, KeyLike } from '../types'; | ||
/** | ||
@@ -30,4 +30,6 @@ * A generic Error that all other JOSE specific Error subclasses extend. | ||
reason: string; | ||
/** The parsed JWT payload. */ | ||
payload: JWTPayload; | ||
/** @ignore */ | ||
constructor(message: string, claim?: string, reason?: string); | ||
constructor(message: string, payload: JWTPayload, claim?: string, reason?: string); | ||
} | ||
@@ -46,4 +48,6 @@ /** | ||
reason: string; | ||
/** The parsed JWT payload. */ | ||
payload: JWTPayload; | ||
/** @ignore */ | ||
constructor(message: string, claim?: string, reason?: string); | ||
constructor(message: string, payload: JWTPayload, claim?: string, reason?: string); | ||
} | ||
@@ -50,0 +54,0 @@ /** |
{ | ||
"name": "jose-node-esm-runtime", | ||
"version": "5.3.0", | ||
"version": "5.4.0", | ||
"homepage": "https://github.com/panva/jose", | ||
@@ -5,0 +5,0 @@ "repository": "panva/jose", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
208282
5226