Comparing version 1.27.3 to 1.28.0
@@ -5,2 +5,11 @@ # Change Log | ||
# [1.28.0](https://github.com/panva/jose/compare/v1.27.3...v1.28.0) (2020-08-10) | ||
### Features | ||
* support for validating issuer from a list of values ([#91](https://github.com/panva/jose/issues/91)) ([ce6836a](https://github.com/panva/jose/commit/ce6836af88c9e73c29560233f15ed1760c7dcc13)) | ||
## [1.27.3](https://github.com/panva/jose/compare/v1.27.2...v1.27.3) (2020-08-04) | ||
@@ -7,0 +16,0 @@ |
@@ -193,3 +193,7 @@ const { deflateRawSync } = require('zlib') | ||
final.aad = base64url.encode(this._aad) | ||
aad = Buffer.concat([Buffer.from(final.protected || ''), Buffer.from('.'), Buffer.from(final.aad)]) | ||
aad = Buffer.concat([ | ||
Buffer.from(final.protected || ''), | ||
Buffer.from('.'), | ||
Buffer.from(final.aad) | ||
]) | ||
} else { | ||
@@ -196,0 +200,0 @@ aad = Buffer.from(final.protected || '') |
@@ -90,22 +90,17 @@ const base64url = require('../help/base64url') | ||
let toBeSigned | ||
if (joseHeader.protected.crit && joseHeader.protected.crit.includes('b64')) { | ||
if (first && !joseHeader.protected.b64) { | ||
if (this._binary) { | ||
this._payload = base64url.decodeToBuffer(this._payload) | ||
} else { | ||
this._payload = base64url.decode(this._payload) | ||
} | ||
if (first && joseHeader.protected.crit && joseHeader.protected.crit.includes('b64') && joseHeader.protected.b64 === false) { | ||
if (this._binary) { | ||
this._payload = base64url.decodeToBuffer(this._payload) | ||
} else { | ||
this._payload = base64url.decode(this._payload) | ||
} | ||
toBeSigned = Buffer.concat([ | ||
Buffer.from(recipient.protected || ''), | ||
Buffer.from('.'), | ||
Buffer.isBuffer(this._payload) ? this._payload : Buffer.from(this._payload) | ||
]) | ||
} else { | ||
toBeSigned = `${recipient.protected || ''}.${this._payload}` | ||
} | ||
recipient.signature = base64url.encodeBuffer(sign(alg, key, toBeSigned)) | ||
const data = Buffer.concat([ | ||
Buffer.from(recipient.protected || ''), | ||
Buffer.from('.'), | ||
Buffer.from(this._payload) | ||
]) | ||
recipient.signature = base64url.encodeBuffer(sign(alg, key, data)) | ||
} | ||
@@ -112,0 +107,0 @@ |
@@ -66,3 +66,2 @@ const isObject = require('../help/is_object') | ||
isOptionString(subject, 'options.subject') | ||
isOptionString(issuer, 'options.issuer') | ||
isOptionString(maxAuthAge, 'options.maxAuthAge') | ||
@@ -73,2 +72,6 @@ isOptionString(jti, 'options.jti') | ||
if (issuer !== undefined && (isNotString(issuer) && isNotArrayOfStrings(issuer))) { | ||
throw new TypeError('options.issuer must be a string or an array of strings') | ||
} | ||
if (audience !== undefined && (isNotString(audience) && isNotArrayOfStrings(audience))) { | ||
@@ -166,3 +169,3 @@ throw new TypeError('options.audience must be a string or an array of strings') | ||
isPayloadString(payload.nonce, '"nonce" claim', 'nonce', !!options.nonce) | ||
isPayloadString(payload.iss, '"iss" claim', 'iss', !!options.issuer) | ||
isStringOrArrayOfStrings(payload.iss, 'iss', !!options.issuer) | ||
isPayloadString(payload.sub, '"sub" claim', 'sub', profile === IDTOKEN || profile === ATJWT || !!options.subject) | ||
@@ -241,3 +244,3 @@ isStringOrArrayOfStrings(payload.aud, 'aud', !!options.audience) | ||
if (issuer && decoded.payload.iss !== issuer) { | ||
if (issuer && (typeof decoded.payload.iss !== 'string' || !(typeof issuer === 'string' ? [issuer] : issuer).includes(decoded.payload.iss))) { | ||
throw new JWTClaimInvalid('unexpected "iss" claim value', 'iss', 'check_failed') | ||
@@ -244,0 +247,0 @@ } |
{ | ||
"name": "jose", | ||
"version": "1.27.3", | ||
"version": "1.28.0", | ||
"description": "JSON Web Almost Everything - JWA, JWS, JWE, JWK, JWT, JWKS for Node.js with minimal dependencies", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
@@ -447,3 +447,3 @@ /// <reference types="node" /> | ||
subject?: string; | ||
issuer?: string; | ||
issuer?: string | string[]; | ||
maxAuthAge?: string; | ||
@@ -483,3 +483,3 @@ jti?: string; | ||
interface VerifyProfileOptions<profile> { | ||
issuer: string; | ||
issuer: string | string[]; | ||
audience: string | string[]; | ||
@@ -486,0 +486,0 @@ profile?: profile; |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
232623
4855