Comparing version 1.26.0 to 1.26.1
@@ -5,2 +5,12 @@ # Change Log | ||
## [1.26.1](https://github.com/panva/jose/compare/v1.26.0...v1.26.1) (2020-04-27) | ||
### Bug Fixes | ||
* **typescript:** types of key generate functions without overloads ([7e60722](https://github.com/panva/jose/commit/7e60722ae7054f8acf833e015c22679d56fbc0ca)), closes [#80](https://github.com/panva/jose/issues/80) | ||
* "typ" content-type validation, case insensitive and handled prefix ([0691586](https://github.com/panva/jose/commit/06915861b32c0ae252dcc84791050bc3716ce102)) | ||
# [1.26.0](https://github.com/panva/jose/compare/v1.25.2...v1.26.0) (2020-04-16) | ||
@@ -7,0 +17,0 @@ |
@@ -39,2 +39,3 @@ const isObject = require('../help/is_object') | ||
const isNotArrayOfStrings = val => !Array.isArray(val) || val.length === 0 || val.some(isNotString) | ||
const normalizeTyp = (value) => value.toLowerCase().replace(/^application\//, '') | ||
@@ -258,3 +259,3 @@ const validateOptions = ({ | ||
if (typ && decoded.header.typ !== typ) { | ||
if (typ && normalizeTyp(decoded.header.typ) !== normalizeTyp(typ)) { | ||
throw new JWTClaimInvalid('unexpected "typ" JWT header value', 'typ', 'check_failed') | ||
@@ -261,0 +262,0 @@ } |
{ | ||
"name": "jose", | ||
"version": "1.26.0", | ||
"version": "1.26.1", | ||
"description": "JSON Web Almost Everything - JWA, JWS, JWE, JWK, JWT, JWKS for Node.js with minimal dependencies", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
@@ -144,4 +144,2 @@ # jose | ||
#### ID Token Verifying | ||
ID Token is a JWT, but profiled, there are additional requirements to a JWT to be accepted as an | ||
@@ -175,3 +173,5 @@ ID Token and it is pretty easy to omit some, use the `profile` option of `JWT.verify` or the | ||
#### JWT Access Token Verifying | ||
Draft specification profiles are updated as minor versions of the library, therefore, | ||
since they may have breaking changes use the `~` semver operator when using these and pay close | ||
attention to changelog and the drafts themselves. | ||
@@ -202,3 +202,5 @@ When accepting a JWT-formatted OAuth 2.0 Access Token there are additional requirements for the JWT | ||
#### Logout Token Verifying | ||
Draft specification profiles are updated as minor versions of the library, therefore, | ||
since they may have breaking changes use the `~` semver operator when using these and pay close | ||
attention to changelog and the drafts themselves. | ||
@@ -307,3 +309,2 @@ Logout Token is a JWT, but profiled, there are additional requirements to a JWT to be accepted as an | ||
| ECDH-ES | ✓<sup>[4]</sup> | ECDH-ES, ECDH-ES+A128KW<sup>[1]</sup>, ECDH-ES+A192KW<sup>[1]</sup>, ECDH-ES+A256KW<sup>[1]</sup> | | ||
| (X)ChaCha | ✓ <sup>via [plugin][plugin-chacha]</sup> | C20PKW, XC20PKW, ECDH-ES+C20PKW, ECDH-ES+XC20PKW | | ||
@@ -314,3 +315,2 @@ | JWE Content Encryption Algorithms | Supported || | ||
| AES_CBC_HMAC_SHA2 | ✓ | A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 | | ||
| (X)ChaCha | ✓ <sup>via [plugin][plugin-chacha]</sup> | C20P, XC20P | | ||
@@ -320,3 +320,3 @@ | JWT profile validation | Supported | Stable profile | profile option value | | ||
| ID Token - [OpenID Connect Core 1.0][spec-oidc-id_token] | ✓ | ✓ | `id_token` | | ||
| JWT Access Tokens [JWT Profile for OAuth 2.0 Access Tokens][draft-ietf-oauth-access-token-jwt] | ✓ | ✕<sup>5</sup> | `at+JWT` | | ||
| JWT Access Tokens - [JWT Profile for OAuth 2.0 Access Tokens][draft-ietf-oauth-access-token-jwt] | ✓ | ✕<sup>5</sup> | `at+JWT` | | ||
| Logout Token - [OpenID Connect Back-Channel Logout 1.0][spec-oidc-logout_token] | ✓ | ✕<sup>5</sup> | `logout_token` | | ||
@@ -350,2 +350,6 @@ | JARM - [JWT Secured Authorization Response Mode for OAuth 2.0][draft-jarm] | ◯ ||| | ||
**Although.** Draft specification profiles are updated as minor versions of the library, therefore, | ||
since they may have breaking changes use the `~` semver operator when using these and pay close | ||
attention to changelog and the drafts themselves. | ||
#### How do I use it outside of Node.js | ||
@@ -416,2 +420,1 @@ | ||
[sponsor-auth0]: https://auth0.com/overview?utm_source=GHsponsor&utm_medium=GHsponsor&utm_campaign=panva-jose&utm_content=auth | ||
[plugin-chacha]: https://github.com/panva/jose-chacha |
@@ -21,2 +21,3 @@ /// <reference types="node" /> | ||
export type OKPCurve = 'Ed25519' | 'Ed448' | 'X25519' | 'X448'; | ||
export type Curves = OKPCurve | ECCurve; | ||
export type keyType = 'RSA' | 'EC' | 'OKP' | 'oct'; | ||
@@ -236,2 +237,3 @@ export type asymmetricKeyObjectTypes = 'private' | 'public'; | ||
function generate(kty: keyType, crvOrSize?: Curves | number, parameters?: BasicParameters, private?: boolean): Promise<JWK.Key>; | ||
function generate(kty: 'EC', crv?: ECCurve, parameters?: BasicParameters, private?: boolean): Promise<ECKey>; | ||
@@ -242,2 +244,3 @@ function generate(kty: 'OKP', crv?: OKPCurve, parameters?: BasicParameters, private?: boolean): Promise<OKPKey>; | ||
function generateSync(kty: keyType, crvOrSize?: Curves | number, parameters?: BasicParameters, private?: boolean): JWK.Key; | ||
function generateSync(kty: 'EC', crv?: ECCurve, parameters?: BasicParameters, private?: boolean): ECKey; | ||
@@ -270,7 +273,9 @@ function generateSync(kty: 'OKP', crv?: OKPCurve, parameters?: BasicParameters, private?: boolean): OKPKey; | ||
generate(kty: 'EC', crv?: ECCurve, parameters?: BasicParameters, private?: boolean): void; | ||
generate(kty: 'OKP', crv?: OKPCurve, parameters?: BasicParameters, private?: boolean): void; | ||
generate(kty: 'RSA', bitlength?: number, parameters?: BasicParameters, private?: boolean): void; | ||
generate(kty: 'oct', bitlength?: number, parameters?: BasicParameters): void; | ||
generate(kty: keyType, crvOrSize?: Curves | number, parameters?: BasicParameters, private?: boolean): Promise<void>; | ||
generate(kty: 'EC', crv?: ECCurve, parameters?: BasicParameters, private?: boolean): Promise<void>; | ||
generate(kty: 'OKP', crv?: OKPCurve, parameters?: BasicParameters, private?: boolean): Promise<void>; | ||
generate(kty: 'RSA', bitlength?: number, parameters?: BasicParameters, private?: boolean): Promise<void>; | ||
generate(kty: 'oct', bitlength?: number, parameters?: BasicParameters): Promise<void>; | ||
generateSync(kty: keyType, crvOrSize?: Curves | number, parameters?: BasicParameters, private?: boolean): void; | ||
generateSync(kty: 'EC', crv?: ECCurve, parameters?: BasicParameters, private?: boolean): void; | ||
@@ -277,0 +282,0 @@ generateSync(kty: 'OKP', crv?: OKPCurve, parameters?: BasicParameters, private?: boolean): void; |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
227389
4757
413