jose - npm Package Compare versions

Comparing version 1.23.0 to 1.24.0

CHANGELOG.md

		@@ -5,2 +5,11 @@ # Change Log

		# [1.24.0](https://github.com/panva/jose/compare/v1.23.0...v1.24.0) (2020-02-25)


		### Features

		* add JWT.verify "typ" option for checking JWT Type Header parameter ([fc08426](https://github.com/panva/jose/commit/fc08426466233709b442ba21232768ddeeb94e56))



		# [1.23.0](https://github.com/panva/jose/compare/v1.22.2...v1.23.0) (2020-02-18)
		@@ -7,0 +16,0 @@

lib/help/key_object.js

		@@ -0,1 +1,3 @@
		/* global BigInt */

		const { keyObjectSupported } = require('./runtime_support')
		@@ -329,3 +331,3 @@
		// special case when private pkcs1 PEM / DER is used with createPublicKey
		if (parsed.n === 0n) {
		if (parsed.n === BigInt(0)) {
		return createPublicKey(createPrivateKey({ key, format, type, passphrase }))
		@@ -332,0 +334,0 @@ }

lib/help/key_utils.js

		/* global BigInt */

		const { EOL } = require('os')
		@@ -3,0 +4,0 @@

lib/jwt/verify.js

		@@ -43,3 +43,3 @@ const isObject = require('../help/is_object')
		ignoreIat = false, ignoreNbf = false, issuer, jti, maxAuthAge, maxTokenAge, nonce, now = new Date(),
		profile, subject
		profile, subject, typ
		}) => {
		@@ -70,2 +70,3 @@ isOptionString(profile, 'options.profile')
		isOptionString(clockTolerance, 'options.clockTolerance')
		isOptionString(typ, 'options.typ')

		@@ -114,2 +115,4 @@ if (audience !== undefined && (isNotString(audience) && isNotArrayOfStrings(audience))) {

		typ = ATJWT

		break
		@@ -148,3 +151,4 @@ case LOGOUTTOKEN:
		profile,
		subject
		subject,
		typ
		}
		@@ -163,11 +167,11 @@ }
		isPayloadString(payload.nonce, '"nonce" claim', 'nonce', !!options.nonce)
		isPayloadString(payload.iss, '"iss" claim', 'iss', profile === IDTOKEN \|\| profile === ATJWT \|\| profile === LOGOUTTOKEN \|\| !!options.issuer)
		isPayloadString(payload.iss, '"iss" claim', 'iss', !!options.issuer)
		isPayloadString(payload.sub, '"sub" claim', 'sub', profile === IDTOKEN \|\| profile === ATJWT \|\| !!options.subject)
		isStringOrArrayOfStrings(payload.aud, 'aud', profile === IDTOKEN \|\| profile === ATJWT \|\| profile === LOGOUTTOKEN \|\| !!options.audience)
		isStringOrArrayOfStrings(payload.aud, 'aud', !!options.audience)
		isPayloadString(payload.azp, '"azp" claim', 'azp', profile === IDTOKEN && Array.isArray(payload.aud) && payload.aud.length > 1)
		isStringOrArrayOfStrings(payload.amr, 'amr')
		isPayloadString(header.typ, '"typ" header parameter', 'typ', !!options.typ)

		if (profile === ATJWT) {
		isPayloadString(payload.client_id, '"client_id" claim', 'client_id', true)
		isPayloadString(header.typ, '"typ" header parameter', 'typ', true)
		}
		@@ -229,3 +233,3 @@
		algorithms, audience, clockTolerance, complete, crit, ignoreExp, ignoreIat, ignoreNbf, issuer,
		jti, maxAuthAge, maxTokenAge, nonce, now, profile, subject
		jti, maxAuthAge, maxTokenAge, nonce, now, profile, subject, typ
		} = options = validateOptions(options)
		@@ -266,2 +270,6 @@

		if (typ && decoded.header.typ !== typ) {
		throw new JWTClaimInvalid('unexpected "typ" JWT header value', 'typ', 'check_failed')
		}

		const tolerance = clockTolerance ? secs(clockTolerance) : 0
		@@ -305,7 +313,3 @@

		if (profile === ATJWT && decoded.header.typ !== ATJWT) {
		throw new JWTClaimInvalid('invalid JWT typ header value for the used validation profile', 'typ', 'check_failed')
		}

		return complete ? decoded : decoded.payload
		}

package.json

		{
		"name": "jose",
		"version": "1.23.0",
		"version": "1.24.0",
		"description": "JSON Web Almost Everything - JWA, JWS, JWE, JWK, JWT, JWKS for Node.js with minimal dependencies",
		@@ -87,3 +87,3 @@ "keywords": [
		"c8": "^7.0.0",
		"dtslint": "^2.0.5",
		"dtslint": "^3.0.0",
		"husky": "^4.0.0",
		@@ -90,0 +90,0 @@ "standard": "^14.3.1"

types/index.d.ts

		@@ -434,2 +434,3 @@ /// <reference types="node" />
		nonce?: string;
		typ?: string;
		now?: Date;
		@@ -436,0 +437,0 @@ crit?: string[];

jose - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics