Comparing version 1.17.1 to 1.17.2
@@ -5,2 +5,11 @@ # Change Log | ||
## [1.17.2](https://github.com/panva/jose/compare/v1.17.1...v1.17.2) (2019-12-17) | ||
### Bug Fixes | ||
* skip validating iat is in the past when exp is present ([0ed5025](https://github.com/panva/jose/commit/0ed5025de30a754de95ae2587ce0f4573909b006)) | ||
## [1.17.1](https://github.com/panva/jose/compare/v1.17.0...v1.17.1) (2019-12-10) | ||
@@ -7,0 +16,0 @@ |
@@ -60,5 +60,2 @@ const { strict: assert } = require('assert') | ||
x5c = [...x5c] | ||
Object.freeze(x5c) | ||
x5c.forEach((cert, i) => { | ||
@@ -103,3 +100,6 @@ let publicKey | ||
use: { value: use, enumerable: use !== undefined }, | ||
x5c: { value: x5c, enumerable: x5c !== undefined }, | ||
x5c: { | ||
enumerable: x5c !== undefined, | ||
...(x5c ? { get () { return [...x5c] } } : { value: undefined }) | ||
}, | ||
key_ops: { | ||
@@ -106,0 +106,0 @@ enumerable: ops !== undefined, |
@@ -0,6 +1,13 @@ | ||
const { deprecate } = require('util') | ||
const deprecation = deprecate(() => {}, '"P-256K" EC curve name is deprecated') | ||
module.exports = { | ||
name: 'secp256k1', | ||
rename (value) { | ||
if (value !== 'secp256k1') { | ||
deprecation() | ||
} | ||
module.exports.name = value | ||
} | ||
} |
@@ -195,3 +195,3 @@ const isObject = require('../help/is_object') | ||
if (!ignoreIat && 'iat' in decoded.payload && decoded.payload.iat > unix + tolerance) { | ||
if (!ignoreIat && !('exp' in decoded.payload) && 'iat' in decoded.payload && decoded.payload.iat > unix + tolerance) { | ||
throw new JWTClaimInvalid('token issued in the future') | ||
@@ -198,0 +198,0 @@ } |
{ | ||
"name": "jose", | ||
"version": "1.17.1", | ||
"version": "1.17.2", | ||
"description": "JSON Web Almost Everything - JWA, JWS, JWE, JWK, JWT, JWKS for Node.js with minimal dependencies", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
@@ -19,3 +19,3 @@ # jose | ||
- CFRG Elliptic Curve ECDH and Signatures - [RFC8037][spec-okp] | ||
- secp256k1 curve EC Key support - [JOSE Registrations for WebAuthn Algorithms][draft-secp256k1] | ||
- secp256k1 EC Key curve support - [JOSE Registrations for WebAuthn Algorithms][draft-secp256k1] | ||
@@ -101,4 +101,2 @@ The test suite utilizes examples defined in [RFC7520][spec-cookbook] to confirm its JOSE | ||
or `jku` in its own code. This way you opt-in to these behaviours. | ||
- ✕ JWS detached content | ||
- one can remove/attach the payload after/before the respective operation | ||
- ✕ "none" alg support | ||
@@ -139,4 +137,4 @@ - no crypto, no use | ||
- [jose-chacha][plugin-chacha] adds aead_chacha20_poly1305 and aead_xchacha20_poly1305 based algorithms | ||
- [jose-x25519-ecdh][plugin-x25519] adds OKP X25519 curve keys ECDH-ES support | ||
- [jose-chacha][plugin-chacha] adds aead_chacha20_poly1305 and aead_xchacha20_poly1305 based algorithms (individual draft) | ||
- [jose-x25519-ecdh][plugin-x25519] adds OKP X25519 curve keys ECDH-ES support (missing Node.js `crypto` support) | ||
@@ -181,3 +179,3 @@ ## Usage | ||
const keystore = new jose.JWKS.KeyStore(key, key2) | ||
const keystore = new jose.JWKS.KeyStore(key, anotherKey) | ||
``` | ||
@@ -307,28 +305,2 @@ | ||
#### secp256k1 | ||
Note: the secp256k1 JOSE parameters registration and the RFC is still in a draft state. If the WG | ||
draft changes its mind about the parameter names again the new values will be propagated as a MINOR | ||
library version. | ||
When you require `jose` you can work with `secp256k1` EC keys right away, the EC JWK `crv` | ||
used is as per the specification `secp256k1`. | ||
```js | ||
const jose = require('jose') | ||
let key = jose.JWK.generateSync('EC', 'secp256k1') | ||
key = jose.JWK.asKey(fs.readFileSync('path/to/key/file')) | ||
key.crv === 'secp256k1' | ||
``` | ||
For legacy reasons the unregistered EC JWK `crv` value `P-256K` is also supported but you must | ||
require `jose` like so to use it: | ||
```js | ||
const jose = require('jose/P-256K') | ||
let key = jose.JWK.generateSync('EC', 'P-256K') | ||
key = jose.JWK.asKey(fs.readFileSync('path/to/key/file')) | ||
key.crv === 'P-256K' | ||
``` | ||
#### Electron Support | ||
@@ -335,0 +307,0 @@ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
4687
214123
391