		@@ -1,96 +0,373 @@
		# jose ChangeLog
		# Change Log

		## 2015-12-01, Version 0.3.0
		All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.

		### Notable Changes
		## [1.9.2](https://github.com/panva/jose/compare/v1.9.1...v1.9.2) (2019-09-16)

		* jwa:
		- Added support for the Key Encryption Algorithms RSA1_5, dir, A128KWGCM,
		A192KWGCM and A256KWGCM, as specified in the JWA RFC
		- The signature algorithms now return and expect buffers instead of
		Base64Url-encoded strings

		### Known Issues
		### Bug Fixes

		None
		* keystore.toJWKS(true) does not throw on public keys ([81abdfa](https://github.com/panva/jose/commit/81abdfa)), closes [#42](https://github.com/panva/jose/issues/42)

		### Commits

		* [`dd9c2db`] Added documentation for jwa.unwrapKey
		* [`678e50f`] Added documentation for jwa.wrapKey
		* [`3b73781`] Added support for A*KWGCM and RSA1_5 algorithms
		* [`d26db82`] Direct Encryption can't have a wrong key
		* [`bf9ecba`] test the examples from the README
		* [`085c87a`] Start work on Key Encryption Algorithms
		* [`eb0aa3e`] Recommend usage of new
		* [`7084b3a`] Fix README for signatures
		* [`8836326`] Signature methods now expect and return buffers

		## 2015-09-22, Version 0.2.0
		## [1.9.1](https://github.com/panva/jose/compare/v1.9.0...v1.9.1) (2019-09-10)

		### Notable Changes

		* jwa:
		- Added support for all Content Encryption Algorithms specified in the JWA RFC

		### Known Issues
		# [1.9.0](https://github.com/panva/jose/compare/v1.8.0...v1.9.0) (2019-08-24)

		None

		### Commits
		### Features

		* [`945d586`] Preparing 0.2.0 release
		* [`1d4f28f`] Added changelog
		* [`48497ef`] Corrected error in README
		* [`6e26988`] Added decrypt section to README
		* [`60c6230`] Added encrypt section to README
		* [`671368c`] Implemented decrypting using AES-GCM
		* [`22545a6`] Implemented decrypting AES-CBC
		* [`819af8a`] Drop support for 0.10
		* [`2ad8eae`] Adjust build versions
		* [`d0f6653`] Fix build failure on 0.10
		* [`a66c086`] Fixed AES-GCM encryption
		* [`f6e05c0`] Started work on Content Encryption Algorithms
		* [`8300488`] Added bn.js to dependencies
		* [`052d60d`] Removed unneccessary title
		* allow JWKS.asKeyStore to swallow errors ([78398d3](https://github.com/panva/jose/commit/78398d3))

		## 2015-09-01, Version 0.1.0

		### Notable Changes

		* First release
		# [1.8.0](https://github.com/panva/jose/compare/v1.7.0...v1.8.0) (2019-08-22)


		### Known Issues
		### Features

		None
		* added Node.js lts/dubnium support for runtime supported features ([67a8601](https://github.com/panva/jose/commit/67a8601))

		### Commits

		* [`47e2a97`] Corrected error in README
		* [`b05374c`] Completed readme
		* [`12d6675`] Added note about stringification of input
		* [`b2e258f`] Now normalizing the input before processing it
		* [`e3c05fb`] Prepared library for first release
		* [`a08cdcc`] Added jwa.sign documentation
		* [`53ed188`] Added Build and Coverage badges
		* [`d798ac7`] Worked on the README
		* [`31d2806`] Completed ES* signature verification
		* [`b48772c`] Implemented signing using the ES* algorithms
		* [`9859a61`] Started work on ES signatures
		* [`0058847`] Implemented RSASSA-PKCS1-v1_5 signatures with tests
		* [`2f2f49b`] Added toBase64 method
		* [`34a2929`] Changed Travis build cmds
		* [`287dce8`] Taking a new approach on this. Now supports JWA algs none and HMAC.
		* [`ed6a3f6`] Setup Travis CI
		* [`246c1d8`] Corrected version
		* [`c5b3e73`] Added watcher tests
		* [`fc3f6fe`] Finished JWK, for now
		* [`ffed23d`] Abandoned the key-reader will instead use OpenSSL to do this, later...
		* [`c5c75e9`] Started work on BER parser
		* [`44d4d53`] Finalized Hmac Verifier
		* [`9843538`] Started work on JWKs
		* [`ee707ea`] Started work on Hmac verifier. Added base64url as dependency.
		* [`704becb`] Now using factories
		* [`25d6179`] Added Readme
		* [`fa00c25`] Initial commit

		# [1.7.0](https://github.com/panva/jose/compare/v1.6.1...v1.7.0) (2019-08-20)


		### Features

		* add RSA-OAEP-256 support (when a node version supports it) ([28d7cf8](https://github.com/panva/jose/commit/28d7cf8)), closes [#29](https://github.com/panva/jose/issues/29)



		## [1.6.1](https://github.com/panva/jose/compare/v1.6.0...v1.6.1) (2019-07-29)


		### Bug Fixes

		* properly pad calculated RSA primes ([dd121ce](https://github.com/panva/jose/commit/dd121ce))



		# [1.6.0](https://github.com/panva/jose/compare/v1.5.2...v1.6.0) (2019-07-27)


		### Bug Fixes

		* use the correct ECPrivateKey version when importing EC JWK ([24acd20](https://github.com/panva/jose/commit/24acd20))


		### Features

		* electron v6.x support ([e7ad82c](https://github.com/panva/jose/commit/e7ad82c))



		## [1.5.2](https://github.com/panva/jose/compare/v1.5.1...v1.5.2) (2019-07-27)


		### Bug Fixes

		* importing x5c in electron requires the input split ([181fd09](https://github.com/panva/jose/commit/181fd09))



		## [1.5.1](https://github.com/panva/jose/compare/v1.5.0...v1.5.1) (2019-07-27)


		### Bug Fixes

		* correctly pad integers when importing RSA JWK ([1dc7f35](https://github.com/panva/jose/commit/1dc7f35))



		# [1.5.0](https://github.com/panva/jose/compare/v1.4.1...v1.5.0) (2019-07-23)


		### Features

		* validate JWTs according to a JWT profile - ID Token ([6c98b61](https://github.com/panva/jose/commit/6c98b61))



		## [1.4.1](https://github.com/panva/jose/compare/v1.4.0...v1.4.1) (2019-07-14)


		### Bug Fixes

		* honour the JWT.sign `jti` option ([36c9ce2](https://github.com/panva/jose/commit/36c9ce2)), closes [#33](https://github.com/panva/jose/issues/33)



		# [1.4.0](https://github.com/panva/jose/compare/v1.3.0...v1.4.0) (2019-07-08)


		### Features

		* add secp256k1 EC Key curve and ES256K ([211d7af](https://github.com/panva/jose/commit/211d7af))



		# [1.3.0](https://github.com/panva/jose/compare/v1.0.2...c51dc28) (2019-06-21)


		### Features

		* compute private RSA key p, q, dp, dq, qi when omitted ([6e3d6fd](https://github.com/panva/jose/commit/6e3d6fd)), closes [#26](https://github.com/panva/jose/issues/26)
		* add support for JWK x5c, x5t and x5t#S256 ([9d46c48](https://github.com/panva/jose/commit/9d46c48))
		* instances of JWKS.KeyStore are now iterable (e.g. for ... of) ([2eae293](https://github.com/panva/jose/commit/2eae293))

		### Bug Fixes

		* limit calculation of missing RSA private components ([5b53cb0](https://github.com/panva/jose/commit/5b53cb0))
		* reject rsa keys without all factors and exponents with a specific message ([b0ff436](https://github.com/panva/jose/commit/b0ff436))

		### Deprecations

		- this deprecates the use of `JWK.importKey` in favor of
		`JWK.asKey`
		- this deprecates the use of `JWKS.KeyStore.fromJWKS` in favor of
		`JWKS.asKeyStore`

		Both `JWK.importKey` and `JWKS.KeyStore.fromJWKS` could have resulted
		in the process getting blocked when large bitsize RSA private keys
		were missing their components and could also result in an endless
		calculation loop when the private key's private exponent was outright
		invalid or tampered with.

		The new methods still allow to import private RSA keys with these
		optimization key parameters missing but it is disabled by default and one
		should choose to enable it when working with keys from trusted sources

		It is recommended not to use `jose` versions with this feature in
		its original on-by-default form - v1.1.0 and v1.2.0



		## [1.0.2](https://github.com/panva/jose/compare/v1.0.1...v1.0.2) (2019-05-13)


		### Bug Fixes

		* add missing keystore.toJWKS() .d.ts definition ([c7a8606](https://github.com/panva/jose/commit/c7a8606)), closes [#25](https://github.com/panva/jose/issues/25)



		## [1.0.1](https://github.com/panva/jose/compare/v1.0.0...v1.0.1) (2019-04-27)


		### Bug Fixes

		* oct key ts "k" type fix ([0750d2c](https://github.com/panva/jose/commit/0750d2c))



		<a name="1.0.0"></a>
		# [1.0.0](https://github.com/panva/jose/compare/v0.12.0...v1.0.0) (2019-04-23)


		### Bug Fixes

		* fail to import invalid PEM formatted strings and buffers ([857dc2b](https://github.com/panva/jose/commit/857dc2b))


		### Features

		* add JWK key_ops support, fix .algorithms() op returns ([23b874c](https://github.com/panva/jose/commit/23b874c))
		* add key.toPEM() export function with optional encryption ([1159b0d](https://github.com/panva/jose/commit/1159b0d))
		* add OKP Key and EdDSA sign/verify support ([2dbd3ed](https://github.com/panva/jose/commit/2dbd3ed)), closes [#12](https://github.com/panva/jose/issues/12)


		### BREAKING CHANGES

		* key.algorithms(op) un+wrapKey was split into correct
		wrapKey/unwrapKey/deriveKey returns
		* keystore.all and keystore.get `operation` option was
		removed, `key_ops: string[]` supersedes it
		* Node.js minimal version is now v12.0.0 due to its
		added EdDSA support (crypto.sign, crypto.verify and eddsa key objects)



		<a name="0.12.0"></a>
		# [0.12.0](https://github.com/panva/jose/compare/v0.11.5...v0.12.0) (2019-04-07)


		### Reverts

		* add EC P-256K JWK and ES256K sign/verify support ([e21fea1](https://github.com/panva/jose/commit/e21fea1))


		### BREAKING CHANGES

		* removing ES256K alg and EC P-256K crv support until the
		IETF WG decides on what the final names will be.



		<a name="0.11.5"></a>
		## [0.11.5](https://github.com/panva/jose/compare/v0.11.4...v0.11.5) (2019-04-04)


		### Features

		* add key.secret<boolean> and key.type<string> for completeness ([2dd7053](https://github.com/panva/jose/commit/2dd7053))
		* add key.thumbprint always returning the JWK Thumbprint (RFC7638) ([65db7e0](https://github.com/panva/jose/commit/65db7e0))



		<a name="0.11.4"></a>
		## [0.11.4](https://github.com/panva/jose/compare/v0.11.3...v0.11.4) (2019-03-28)


		### Bug Fixes

		* properly restrict EC curves in generate(Sync) ([764b863](https://github.com/panva/jose/commit/764b863))
		* remove unintended exposure of private material via enumerables ([946d9df](https://github.com/panva/jose/commit/946d9df))



		<a name="0.11.3"></a>
		## [0.11.3](https://github.com/panva/jose/compare/v0.11.2...v0.11.3) (2019-03-27)


		### Bug Fixes

		* throw on unsupported EC curves ([cfa4222](https://github.com/panva/jose/commit/cfa4222))


		### Features

		* add EC P-256K JWK and ES256K sign/verify support ([2e33e1c](https://github.com/panva/jose/commit/2e33e1c))



		<a name="0.11.2"></a>
		## [0.11.2](https://github.com/panva/jose/compare/v0.11.1...v0.11.2) (2019-03-19)


		### Bug Fixes

		* internal symbol method is now really a symbol ([925d47c](https://github.com/panva/jose/commit/925d47c))
		* key.toJWK() fixed on windows ([57f1692](https://github.com/panva/jose/commit/57f1692)), closes [#17](https://github.com/panva/jose/issues/17)


		## [0.11.1](https://github.com/panva/jose/compare/v0.11.0...v0.11.1) (2019-03-17)


		### Bug Fixes

		* restrict RS key algorithms by the key's bit size ([9af295b](https://github.com/panva/jose/commit/9af295b))


		# [0.11.0](https://github.com/panva/jose/compare/v0.10.0...v0.11.0) (2019-03-16)


		### Bug Fixes

		* all JWA defined RSA operations require key of 2048 or more ([cc70c5d](https://github.com/panva/jose/commit/cc70c5d))
		* use correct salt length for RSASSA-PSS ([e936d54](https://github.com/panva/jose/commit/e936d54))


		### BREAKING CHANGES

		* all [JWA](https://tools.ietf.org/html/rfc7518) defined
		RSA based operations require key size of 2048 bits or more.



		# [0.10.0](https://github.com/panva/jose/compare/v0.9.2...v0.10.0) (2019-03-12)


		### Bug Fixes

		* do not list "dir" under wrap/unwrapKey operations ([17b37d3](https://github.com/panva/jose/commit/17b37d3))


		### Features

		* keystore .all and .get operation option ([d349ba9](https://github.com/panva/jose/commit/d349ba9))


		### BREAKING CHANGES

		* "dir" is no longer returned as wrap/unwrapKey key
		operation



		## [0.9.2](https://github.com/panva/jose/compare/v0.9.1...v0.9.2) (2019-03-05)


		### Bug Fixes

		* "dir" is only available on keys with correct lengths ([6854860](https://github.com/panva/jose/commit/6854860))
		* do not 'in' operator when importing keys as string ([be3f4e4](https://github.com/panva/jose/commit/be3f4e4))



		## [0.9.1](https://github.com/panva/jose/compare/v0.9.0...v0.9.1) (2019-03-02)


		### Bug Fixes

		* only import RSA, EC and oct successfully ([e5e02fc](https://github.com/panva/jose/commit/e5e02fc))


		# 0.9.0 (2019-03-02)

		Initial release

		### Implemented Features

		- JSON Web Signature (JWS) - [RFC7515][spec-jws]
		- JSON Web Encryption (JWE) - [RFC7516][spec-jwe]
		- JSON Web Key (JWK) - [RFC7517][spec-jwk]
		- JSON Web Algorithms (JWA) - [RFC7518][spec-jwa]
		- JSON Web Token (JWT) - [RFC7519][spec-jwt]
		- JSON Web Key (JWK) Thumbprint - [RFC7638][spec-thumbprint]
		- JWS Unencoded Payload Option - [RFC7797][spec-b64]

		\| JWK Key Types \| Supported \|\|
		\| -- \| -- \| -- \|
		\| RSA \| ✓ \| RSA \|
		\| Elliptic Curve \| ✓ \| EC \|
		\| Octet sequence \| ✓ \| oct \|

		\| Serialization \| JWS Sign \| JWS Verify \| JWE Encrypt \| JWE Decrypt \|
		\| -- \| -- \| -- \| -- \| -- \|
		\| Compact \| ✓ \| ✓ \| ✓ \| ✓ \|
		\| General JSON \| ✓ \| ✓ \| ✓ \| ✓ \|
		\| Flattened JSON \| ✓ \| ✓ \| ✓ \| ✓ \|

		\| JWS Algorithms \| Supported \|\|
		\| -- \| -- \| -- \|
		\| RSASSA-PKCS1-v1_5 \| ✓ \| RS256, RS384, RS512 \|
		\| RSASSA-PSS \| ✓ \| PS256, PS384, PS512 \|
		\| ECDSA \| ✓ \| ES256, ES384, ES512 \|
		\| HMAC with SHA-2 \| ✓ \| HS256, HS384, HS512 \|

		\| JWE Key Management Algorithms \| Supported \|\|
		\| -- \| -- \| -- \|
		\| AES \| ✓ \| A128KW, A192KW, A256KW \|
		\| AES GCM \| ✓ \| A128GCMKW, A192GCMKW, A256GCMKW \|
		\| Direct Key Agreement \| ✓ \| dir \|
		\| RSAES OAEP \| ✓<sup></sup> \| RSA-OAEP <sub>(<sup></sup>RSA-OAEP-256 is not supported due to its lack of support in Node.js)</sub> \|
		\| RSAES-PKCS1-v1_5 \| ✓ \| RSA1_5 \|
		\| PBES2 \| ✓ \| PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW \|
		\| ECDH-ES \| ✓ \| ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW \|

		\| JWE Content Encryption Algorithms \| Supported \|\|
		\| -- \| -- \| -- \|
		\| AES GCM \| ✓ \| A128GCM, A192GCM, A256GCM \|
		\| AES_CBC_HMAC_SHA2 \| ✓ \| A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 \|

		[spec-b64]: https://tools.ietf.org/html/rfc7797
		[spec-jwa]: https://tools.ietf.org/html/rfc7518
		[spec-jwe]: https://tools.ietf.org/html/rfc7516
		[spec-jwk]: https://tools.ietf.org/html/rfc7517
		[spec-jws]: https://tools.ietf.org/html/rfc7515
		[spec-jwt]: https://tools.ietf.org/html/rfc7519
		[spec-thumbprint]: https://tools.ietf.org/html/rfc7638

package.json

		{
		"name": "jose",
		"version": "0.3.2",
		"description": "JSON Object Signing and Encryption (JOSE) library (symmetric and asymmetric)",
		"main": "index.js",
		"scripts": {
		"pretest": "make",
		"test": "mocha",
		"test-ci": "istanbul cover ./node_modules/.bin/_mocha --report lcovonly -- -R spec",
		"test-cov": "istanbul cover ./node_modules/.bin/_mocha -- -R spec",
		"test-watch": "mocha -w -R dot"
		},
		"repository": {
		"type": "git",
		"url": "git+ssh://git@github.com/autoit4you/node-jose.git"
		},
		"version": "1.9.2",
		"description": "JSON Web Almost Everything - JWA, JWS, JWE, JWK, JWT, JWKS for Node.js with minimal dependencies",
		"keywords": [
		"jws",
		"compact",
		"decode",
		"decrypt",
		"eddsa",
		"electron",
		"encrypt",
		"flattened",
		"general",
		"id token",
		"id_token",
		"jose",
		"json web token",
		"jsonwebtoken",
		"jwa",
		"jwe",
		"jwk",
		"jwks",
		"jws",
		"jwt",
		"jwa"
		"secp256k1",
		"sign",
		"validate",
		"verify"
		],
		"author": "Jonathan Horn <info@autoit4you.de>",
		"homepage": "https://github.com/panva/jose",
		"repository": "panva/jose",
		"license": "MIT",
		"bugs": {
		"url": "https://github.com/autoit4you/node-jose/issues"
		"author": "Filip Skokan <panva.ip@gmail.com>",
		"files": [
		"lib",
		"LICENSE_THIRD_PARTY",
		"types/index.d.ts"
		],
		"main": "lib/index.js",
		"types": "types/index.d.ts",
		"scripts": {
		"coverage": "c8 ava",
		"lint": "standard && dtslint types",
		"lint-fix": "standard --fix",
		"test": "ava",
		"watch": "ava --watch"
		},
		"homepage": "https://github.com/autoit4you/node-jose#readme",
		"husky": {
		"hooks": {
		"commit-msg": "commitlint -E HUSKY_GIT_PARAMS"
		}
		},
		"commitlint": {
		"extends": [
		"@commitlint/config-conventional"
		]
		},
		"dependencies": {
		"asn1.js": "^5.2.0"
		},
		"devDependencies": {
		"chai": "^3.2.0",
		"istanbul": "^0.3.18",
		"mocha": "^2.2.5"
		"@commitlint/cli": "^8.2.0",
		"@commitlint/config-conventional": "^8.2.0",
		"ava": "^2.4.0",
		"babel-eslint": "^10.0.3",
		"c8": "^5.0.4",
		"dtslint": "^0.9.8",
		"husky": "^3.0.7",
		"standard": "^14.3.1",
		"typescript": "^3.6.3"
		},
		"dependencies": {
		"asn1.js": "^2.2.0",
		"bn.js": "^3.1.2"
		"engines": {
		"node": "^10.13.0 \|\| >=12.0.0"
		},
		"ava": {
		"babel": false,
		"compileEnhancements": false,
		"files": [
		"test/*/.test.js"
		]
		},
		"standard": {
		"parser": "babel-eslint"
		}
		}

486

README.md

		# jose

		[![Build](https://travis-ci.org/autoit4you/node-jose.svg?branch=master)](https://travis-ci.org/autoit4you/node-jose)
		[![Coverage](https://coveralls.io/repos/autoit4you/node-jose/badge.svg?branch=master&service=github)](https://coveralls.io/github/autoit4you/node-jose?branch=master)
		![build][actions-image] [![codecov][codecov-image]][codecov-url]

		# API
		## JWA
		The implementation of the
		[JSON Web Algorithms](https://tools.ietf.org/html/rfc7518) for use
		with [JSON Web Signatures](https://tools.ietf.org/html/rfc7515) or
		[JSON Web Encryption](https://tools.ietf.org/html/rfc7516).
		> "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS for Node.js with minimal dependencies

		The following digital signature/MAC algorithms are supported:
		<p align="center"><img src="/img/demo.gif?raw=true"/></p>

		"alg" Header Parameter \| Digital Signature or MAC Algorithm
		-----------------\|-----------------------------------
		HS256 \| HMAC using SHA-256 hash algorithm
		HS384 \| HMAC using SHA-384 hash algorithm
		HS512 \| HMAC using SHA-512 hash algorithm
		RS256 \| RSASSA-PKCS1-v1_5 using SHA-256 hash algorithm
		RS384 \| RSASSA-PKCS1-v1_5 using SHA-384 hash algorithm
		RS512 \| RSASSA-PKCS1-v1_5 using SHA-512 hash algorithm
		ES256 \| ECDSA using P-256 curve and SHA-256 hash algorithm
		ES384 \| ECDSA using P-384 curve and SHA-384 hash algorithm
		ES512 \| ECDSA using P-521 curve and SHA-512 hash algorithm
		none \| No integrity protection
		## Implemented specs & features

		The following key encryption algorithms are supported:
		The following specifications are implemented by `jose`

		"alg" Header Parameter \| Key Encryption Algorithm \| Additional paramters needed
		-----------------------\|------------------------- \| ---------------------------
		RSA1_5 \| Key wrapping using RSAES-PKCS1-v1_5 \| none
		dir \| Direct use of key as CEK \| none
		A128GCMKW \| Key wrapping using AES-GCM with 128-bit key \| iv, tag for unwrapping
		A192GCMKW \| Key wrapping using AES-GCM with 192-bit key \| iv, tag for unwrapping
		A256GCMKW \| Key wrapping using AES-GCM with 256-bit key \| iv, tag for unwrapping
		- JSON Web Signature (JWS) - [RFC7515][spec-jws]
		- JSON Web Encryption (JWE) - [RFC7516][spec-jwe]
		- JSON Web Key (JWK) - [RFC7517][spec-jwk]
		- JSON Web Algorithms (JWA) - [RFC7518][spec-jwa]
		- JSON Web Token (JWT) - [RFC7519][spec-jwt]
		- JSON Web Key Thumbprint - [RFC7638][spec-thumbprint]
		- JWS Unencoded Payload Option - [RFC7797][spec-b64]
		- CFRG Elliptic Curve Signatures (EdDSA) - [RFC8037][spec-okp]
		- secp256k1 curve EC Key support - [JOSE Registrations for WebAuthn Algorithms][draft-secp256k1]

		The following content encryption algorithms are supported:
		The test suite utilizes examples defined in [RFC7520][spec-cookbook] to confirm its JOSE
		implementation is correct.

		"enc" Header Parameter \| Content Encryption Algorithm
		-----------------\|-----------------------------------------
		A128CBC-HS256 \| AES CBC using 128-bit key with SHA-256 as HMAC
		A192CBC-HS384 \| AES CBC using 192-bit key with SHA-384 as HMAC
		A256CBC-HS512 \| AES CBC using 256-bit key with SHA-512 as HMAC
		A128GCM \| AES GCM using 128-bit key
		A192GCM \| AES GCM using 192-bit key
		A256GCM \| AES GCM using 256-bit key
		Available JWT validation profiles

		### jwa(algorithm)
		Creates a new `jwa` object with `sign` and `verify` or `encrypt` and `decrypt` methods, depending
		on the specified algorithm. Valid values for `algorithm` can be found
		in the above table and are case-sensitive. Passing an invalid algorithm
		will throw a `TypeError`.
		- Generic JWT
		- ID Token (id_token) - [OpenID Connect Core 1.0][spec-oidc-id_token]

		#### Example:
		<details>
		<summary><em><strong>Detailed feature matrix</strong></em> (Click to expand)</summary><br>

		Legend:
		- ✓ Implemented
		- ✕ Missing node crypto support / won't implement
		- ◯ TBD

		\| JWK Key Types \| Supported \|\|
		\| -- \| -- \| -- \|
		\| RSA \| ✓ \| RSA \|
		\| Elliptic Curve \| ✓ \| EC \|
		\| Octet Key Pair \| ✓ \| OKP \|
		\| Octet sequence \| ✓ \| oct \|

		\| Serialization \| JWS Sign \| JWS Verify \| JWE Encrypt \| JWE Decrypt \|
		\| -- \| -- \| -- \| -- \| -- \|
		\| Compact \| ✓ \| ✓ \| ✓ \| ✓ \|
		\| General JSON \| ✓ \| ✓ \| ✓ \| ✓ \|
		\| Flattened JSON \| ✓ \| ✓ \| ✓ \| ✓ \|

		\| JWS Algorithms \| Supported \|\|
		\| -- \| -- \| -- \|
		\| RSASSA-PKCS1-v1_5 \| ✓ \| RS256, RS384, RS512 \|
		\| RSASSA-PSS \| ✓ \| PS256, PS384, PS512 \|
		\| ECDSA \| ✓ \| ES256, ES256K, ES384, ES512 \|
		\| Edwards-curve DSA \| ✓ \| EdDSA \|
		\| HMAC with SHA-2 \| ✓ \| HS256, HS384, HS512 \|

		\| JWE Key Management Algorithms \| Supported \|\|
		\| -- \| -- \| -- \|
		\| AES \| ✓ \| A128KW, A192KW, A256KW \|
		\| AES GCM \| ✓ \| A128GCMKW, A192GCMKW, A256GCMKW \|
		\| Direct Key Agreement \| ✓ \| dir \|
		\| RSAES OAEP \| ✓ \| RSA-OAEP, RSA-OAEP-256 \|
		\| RSAES-PKCS1-v1_5 \| ✓ \| RSA1_5 \|
		\| PBES2 \| ✓ \| PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW \|
		\| ECDH-ES \| ✓ \| ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW \|

		\| JWE Content Encryption Algorithms \| Supported \|\|
		\| -- \| -- \| -- \|
		\| AES GCM \| ✓ \| A128GCM, A192GCM, A256GCM \|
		\| AES_CBC_HMAC_SHA2 \| ✓ \| A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 \|

		\| JWT profile validation \| Supported \| profile option value \|
		\| -- \| -- \| -- \|
		\| ID Token - [OpenID Connect Core 1.0][spec-oidc-id_token] \| ✓ \| `id_token` \|
		\| JWT Access Tokens [JWT Profile for OAuth 2.0 Access Tokens][draft-ietf-oauth-access-token-jwt] \| ◯ \|\|
		\| Logout Token - [OpenID Connect Back-Channel Logout 1.0][spec-oidc-logout_token] \| ◯ \|\|
		\| JARM - [JWT Secured Authorization Response Mode for OAuth 2.0][draft-jarm] \| ◯ \|\|

		Notes
		- RSA-OAEP-256 JWE algorithm is only supported when Node.js >= 12.9.0 runtime is detected
		- Importing X.509 certificates and handling `x5c` is only supported when Node.js >= 12.0.0 runtime is detected
		- OKP keys are only supported when Node.js >= 12.0.0 runtime is detected
		- See [#electron-support](#electron-support) for electron exceptions

		---

		Pending Node.js Support 🤞:
		- ECDH-ES with X25519 and X448 - see [nodejs/node#26626](https://github.com/nodejs/node/pull/26626)

		Won't implement:
		- ✕ JWS embedded key / referenced verification
		- one can decode the header and pass the (`x5c`, `jwk`) to `JWK.asKey` and validate with that
		key, similarly the application can handle fetching and then instantiating the referenced `x5u`
		or `jku` in its own code. This way you opt-in to these behaviours.
		- ✕ JWS detached content
		- one can remove/attach the payload after/before the respective operation
		- ✕ "none" alg support
		- no crypto, no use

		</details>

		<br>

		Have a question about using `jose`? - [ask][ask].
		Found a bug? - [report it][bug].
		Missing a feature? - If it wasn't already discussed before, [ask for it][suggest-feature].
		Found a vulnerability? - Reach out to us via email first, see [security vulnerability disclosure][security-vulnerability].

		## Sponsor

		[<img width="65" height="65" align="left" src="https://avatars.githubusercontent.com/u/2824157?s=75&v=4" alt="auth0-logo">][sponsor-auth0] If you want to quickly add secure token-based authentication to Node.js projects, feel free to check Auth0’s free plan at [auth0.com/overview][sponsor-auth0].<br><br>

		## Support

		If you or your business use `jose`, please consider becoming a [sponsor][support-sponsor] so I can continue maintaining it and adding new features carefree.

		## Documentation

		- [jose API Documentation][documentation]
		- [JWK (JSON Web Key)][documentation-jwk]
		- [JWKS (JSON Web Key Set)][documentation-jwks]
		- [JWT (JSON Web Token)][documentation-jwt]
		- [JWS (JSON Web Signature)][documentation-jws]
		- [JWE (JSON Web Encryption)][documentation-jwe]

		## Usage

		For the best performance Node.js version >=12.0.0 is recommended, but ^10.13.0 lts/dubnium
		is also supported.

		Installing `jose`

		```console
		npm install jose
		```

		Usage
		```js
		var jose = require('jose');
		var hs256 = jose.jwa('HS256');
		const jose = require('jose')
		const {
		JWE, // JSON Web Encryption (JWE)
		JWK, // JSON Web Key (JWK)
		JWKS, // JSON Web Key Set (JWKS)
		JWS, // JSON Web Signature (JWS)
		JWT, // JSON Web Token (JWT)
		errors // errors utilized by jose
		} = jose
		```

		### jwa.sign(input, secretOrPrivateKey)
		This method is only available to algorithms for digital signatures and MACs.
		#### Keys and KeyStores

		Sign `input` with either a secret using a HMAC algorithm or
		a private key using a digital signature algorithm.
		Prepare your Keys and KeyStores. See the [documentation][documentation-jwk] for more.

		`input` must be a buffer.
		```js
		const key = jose.JWK.asKey(fs.readFileSync('path/to/key/file'))

		When using a HMAC algorithm `secretOrPrivateKey` should be either a
		string or a buffer. When using a digital signature algorithm, the
		value should be a PEM encoded private key.
		const jwk = { kty: 'EC',
		kid: 'dl4M_fcI7XoFCsQ22PYrQBkuxZ2pDcbDimcdFmmXM98',
		crv: 'P-256',
		x: 'v37avifcL-xgh8cy6IFzcINqqmFLc2JF20XUpn4Y2uQ',
		y: 'QTwy27XgP7ZMOdGOSopAHB-FU1JMQn3J9GEWGtUXreQ' }
		const anotherKey = jose.JWK.asKey(jwk)

		Returns the signature as buffer.
		const keystore = new jose.JWKS.KeyStore(key, key2)
		```

		#### Example:
		### JWT vs JWS

		The JWT module provides IANA registered claim type and format validations on top of JWS as well as
		convenience options for verifying UNIX timestamps, setting maximum allowed JWT age, verifying
		audiences, and more.

		The JWS module on the other hand handles the other JWS Serialization Syntaxes with all their
		additional available features and allows signing of any payload, i.e. not just serialized JSON
		objects.

		#### JWT Signing

		Sign with a private or symmetric key with plethora of convenience options. See the
		[documentation][documentation-jwt] for more.

		```js
		var jose = require('jose');
		var hs256 = new jose.jwa('HS256');
		var signature = hs256.sign(input, 'secret');
		console.log(signature); // Prints Buffer <8C, ...
		jose.JWT.sign(
		{ 'urn:example:claim': 'foo' },
		privateKey,
		{
		algorithm: 'PS256',
		audience: 'urn:example:client_id',
		expiresIn: '1 hour',
		header: {
		typ: 'JWT'
		},
		issuer: 'https://op.example.com'
		}
		)
		```

		### jwa.verify(input, signature, secretOrPublicKey)
		This method is only available to algorithms for digital signatures and MACs.
		#### JWT Verifying

		Verify that `signature` is a valid signature for `input` using
		a secret for HMAC algorithms or a public key for
		digital signature algorithms.
		Verify with a public or symmetric key with plethora of convenience options. See the
		[documentation][documentation-jwt] for more.

		`input` must be a buffer.
		```js
		jose.JWT.verify(
		'eyJ0eXAiOiJKV1QiLCJhbGciOiJQUzI1NiIsImtpZCI6IjRQQXBsVkJIN0toS1ZqN0xob0RFM0VVQnNGc0hvaTRhSmxBZGstM3JuME0ifQ.eyJ1cm46ZXhhbXBsZTpjbGFpbSI6ImZvbyIsImF1ZCI6InVybjpleGFtcGxlOmNsaWVudF9pZCIsImlzcyI6Imh0dHBzOi8vb3AuZXhhbXBsZS5jb20iLCJpYXQiOjE1NTEyOTI2MjksImV4cCI6MTU1MTI5NjIyOX0.nE5fgRL8gvlStf_wB4mJ0TSXVmhJRnUVQuZ0ts6a1nWnnk0Rv69bEJ12BoMdpyPrGa_W6dxU4HFj89F4pQwW0kqBK2-TZ_n9lq-iqupj46w_lpKOfPC3clVc7ZmqYF81bEA-nX93cSKqVV-qPNPEFenb8XHKszYhBFu_uiRg9rXj2qXVU7PXGJAGTzhVgVxB-3XDB1bQ_6KiDCwzVPftrHxEYLydRCaHzggDg6sAFUhQqhPguKuE2gs6jVUh_gIL2RXeoLoinx6gZ72rfovaOmud-yzNIUN8Tvo0pqBmx0s_lEhTlfrQCzN7hZNmV1eG0GDDE-S_CfZhPePnVJZoRA',
		publicKey,
		{
		issuer: 'https://op.example.com',
		audience: 'urn:example:client_id',
		algorithms: ['PS256']
		}
		)
		```

		When using a HMAC algorithm `secretOrPublicKey` should be either a
		string or a buffer. When using a digital signature algorithm, the
		value should be a PEM encoded public key.
		#### ID Token Verifying

		Returns a boolean indicating whether or not the signature is valid.
		ID Token is a JWT, but profiled, there are additional requirements to a JWT to be accepted as an
		ID Token and it is pretty easy to omit some, use the `profile` option of `JWT.verify` to make sure
		what you're accepting is really an ID Token meant to your Client. This will then perform all
		doable validations given the input. See the [documentation][documentation-jwt] for more.

		#### Example:
		```js
		var jose = require('jose');
		var hs256 = new jose.jwa('HS256');
		var isValid = hs256.verify(input, signature, 'secret');
		console.log(isValid); // Prints 'true'
		jose.JWT.verify(
		'eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InIxTGtiQm8zOTI1UmIyWkZGckt5VTNNVmV4OVQyODE3S3gwdmJpNmlfS2MifQ.eyJzdWIiOiJmb28iLCJub25jZSI6ImE1MWNjZjA4ZjRiYmIwNmU4ODcxNWRkYzRiYmI0MWQ4IiwiYXVkIjoidXJuOmV4YW1wbGU6Y2xpZW50X2lkIiwiZXhwIjoxNTYzODg4ODMwLCJpYXQiOjE1NjM4ODUyMzAsImlzcyI6Imh0dHBzOi8vb3AuZXhhbXBsZS5jb20ifQ.RKCZczgICF5G9XdNDSwe4dolGauQHptpFKPzahA2wYGG2HKrKhyC8ZzqpeVc8cbntuqFBgABJVv6_9YICRx_dgwPYydTpZfZYjHnxrdWF9QsIPEGs672mrnhqIXUnXoseZ0TF6GOq6P7Qbf6gk1ru7TAbr_ieyJnNWcJhh5iHpz1k3mFz0TyTh7UNXshtQXftPUipqz4OBni5r9UaZXHw8B3QYOnms8__GJ3owOxaqkr1jgRs_EWqMlBNjPaj7ElVaeBWljDKuoK673tH0heSpgzUmUX_W8IDUVqs33uglpZwAQC7cAA5mGEg2odcRpvpP5M-WaP4RE9dl9jzcYmrw',
		keystore,
		{
		profile: 'id_token',
		issuer: 'https://op.example.com',
		audience: 'urn:example:client_id',
		nonce: 'a51ccf08f4bbb06e88715ddc4bbb41d8',
		algorithms: ['PS256']
		}
		)
		```

		### jwa.encrypt(plaintext, aad, iv, key)
		This method is only available to algorithms for content encryption.
		Note: Depending on the channel you receive an ID Token from the following claims may be required
		and must also be checked: `at_hash`, `c_hash` or `s_hash`. Use e.g. [`oidc-token-hash`][oidc-token-hash]
		to validate those hashes after getting the ID Token payload and signature validated by `jose`

		Encrypt `plaintext` and compute an authentication tag using `aad`,
		`iv` and `key`.
		#### JWS Signing

		All parameters must be `Buffer`s except `plaintext` which can
		also be a `string`.
		Sign with a private or symmetric key using compact serialization. See the
		[documentation][documentation-jws] for more.

		Returns an object containing `cipher` with the ciphertext and `tag`
		with the authentication tag, both being a `Buffer`.
		```js
		jose.JWS.sign(
		{ sub: 'johndoe' },
		privateKey,
		{ kid: privateKey.kid }
		)
		```

		#### Example:
		#### JWS Verifying

		Verify with a public or symmetric key. See the [documentation][documentation-jws] for more.

		```js
		var jose = require('jose');
		var aes = new jose.jwa('A256GCM');
		var enc = aes.encrypt('secret', aad, iv, key);
		console.log(enc.cipher); // Prints Buffer <5F, ...
		console.log(enc.tag); // Prints Buffer <9E, ...
		jose.JWS.verify(
		'eyJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJqb2huZG9lIn0.T_SYLQV3A5_kFDDVNuoadoURSEtuSOR-dG2CMmrP-ULK9xbIf2vYeiHOkvTrnqGlWEGBGxYtsP1VkXmNsi1uOw',
		publicKey
		)
		```

		### jwa.decrypt(ciphertext, tag, aad, iv, key)
		This method is only available to algorithms for content encryption.
		#### JWE Encrypting

		Authenticate and decrypt `ciphertext` using `tag`, `aad`, `iv` and `key`.
		Encrypt using the recipient's public key or a shared symmetrical secret. See the
		[documentation][documentation-jwe] for more.

		All parameters must be `Buffer`s.
		```js
		jose.JWE.encrypt(
		'eyJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJqb2huZG9lIn0.T_SYLQV3A5_kFDDVNuoadoURSEtuSOR-dG2CMmrP-ULK9xbIf2vYeiHOkvTrnqGlWEGBGxYtsP1VkXmNsi1uOw',
		publicKey,
		{ kid: publicKey.kid }
		)
		```

		Returns a `Buffer` containing the decrypted plaintext. Throws an
		Error if the `ciphertext` can't be authenticated.
		#### JWE Decrypting

		#### Example:
		Decrypt using the private key or a shared symmetrical secret. See the
		[documentation][documentation-jwe] for more.

		```js
		var jose = require('jose');
		var aes = new jose.jwa('A256GCM');
		var plain = aes.encrypt(ciphertext, tag, aad, iv, key);
		console.log(plain); // Prints Buffer <F9, ...
		jose.JWE.decrypt(
		'eyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiRUNESC1FUyIsImVwayI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6IkVsUGhsN1ljTVZsWkhHM0daSkRoOVJhemNYYlN2VFNheUF6aTBINFFtRUEiLCJ5IjoiM0hDREJTRy12emd6cGtLWmJqMU05UzVuUEJrTDBBdFM4U29ORUxMWE1SayJ9fQ..FhmidRo0twvFA7jcfKFNJw.o112vgiG_qUL1JR5WHpsErcxxgaK_FAa7vCWJ--WulndLpdwdRXHd9k3aL_k8K67xoAThrt10d7dSY2TlPpHdYkw979u0V-C4TNrpzNkv5jpBjU6hHyKpoGZfEsiTD1ivHaFy3ZLCTS69kN_eVKsZGLVf_dkq6Sz6bWE4-ln_fuwukPyMvjTyaTreLjPLBZW.ocKwptCm4Zn437L5hWFnHg',
		privateKey
		)
		```

		### jwa.wrapKey(keyToWrap, key[, options])
		This method is only available to algorithms for key encryption.
		#### secp256k1

		Wraps the `keyToWrap` with a key suitable to the used algorithm,
		as defined by RFC7518. `options` may have to be provided,
		depending on the algorithm used for wrapping.
		Note: the secp256k1 JOSE parameters registration and the RFC is still in a draft state. If the WG
		draft changes its mind about the parameter names again the new values will be propagated as a MINOR
		library version.

		`keyToWrap` must be a `Buffer`.
		`key` must be of an type that the used algorithm accepts.
		`options`, if provided, must be an object.
		When you require `jose` you can work with `secp256k1` EC keys right away, the EC JWK `crv`
		used is as per the specification `secp256k1`.

		Returns an object containing `keydata`, which is a `Buffer`,
		and possibly further arguments that are needed to unwrap the key again
		(see supported algorithms table).
		```js
		const jose = require('jose')
		let key = jose.JWK.generateSync('EC', 'secp256k1')
		key = jose.JWK.asKey(fs.readFileSync('path/to/key/file'))
		key.crv === 'secp256k1'
		```

		#### Example:
		For legacy reasons the unregistered EC JWK `crv` value `P-256K` is also supported but you must
		require `jose` like so to use it:

		```js
		var jose = require('jose');
		var rsa = new jose.jwa('RSA1_5');
		var wrapped = rsa.wrapKey(keyToWrap, key);
		console.log(wrapped.keydata); // Prints Buffer <58, ...
		const jose = require('jose/P-256K')
		let key = jose.JWK.generateSync('EC', 'P-256K')
		key = jose.JWK.asKey(fs.readFileSync('path/to/key/file'))
		key.crv === 'P-256K'
		```

		### jwa.unwrapKey(keyToUnwrap, key[, options])
		This method is only available to algorithms for key encryption.
		#### Electron Support

		Unwraps the `keyToUnwrap` with a key suitable to the used algorithm,
		as defined by RFC7518. `options` may have to be provided,
		depending on the algorithm used for unwrapping.
		Electron v6.x runtime is supported to the extent of the crypto engine BoringSSL feature parity with
		standard Node.js OpenSSL. The following is disabled in Electron runtime because of its lack of
		[support](https://github.com/panva/jose/blob/master/test/electron/electron.test.js).

		`keyToUnwrap` must be a `Buffer`.
		`key` must be of an type that the used algorithm accepts.
		`options`, if provided, must be an object.
		- JWE `A128KW`, `A192KW` and `A256KW` algorithms are not available, this also means that other JWAs
		depending on those are not working, those are `ECDH-ES+A128KW`, `ECDH-ES+A192KW`,
		`ECDH-ES+A256KW`, `PBES2-HS256+A128KW`, `PBES2-HS384+A192KW`, `PBES2-HS512+A256KW`)
		- OKP curves `Ed448`, `X25519` and `X448` are not supported
		- EC curve `secp256k1` is not supported

		Returns a `Buffer`, which is the unwrapped key.
		## FAQ

		#### Example:
		```js
		var jose = require('jose');
		var rsa = new jose.jwa('RSA1_5');
		var unwrapped = rsa.unwrapKey(keytoUnwrap, key);
		console.log(unwrapped); // Prints Buffer <A7, ...
		```
		#### Semver?

		Yes. Everything that's either exported in the TypeScript definitions file or
		[documented][documentation] is subject to
		[Semantic Versioning 2.0.0](https://semver.org/spec/v2.0.0.html). The rest is to be considered
		private API and is subject to change between any versions.

		#### How do I use it outside of Node.js

		It is only built for ^10.13.0 \|\| >=12.0.0 Node.js environment - including `jose` in
		transpiled browser-environment targeted projects is not supported and may result in unexpected
		results.

		#### How is it different from [`jws`](https://github.com/brianloveswords/node-jws), [`jwa`](https://github.com/brianloveswords/node-jwa) or [`jsonwebtoken`](https://github.com/auth0/node-jsonwebtoken)?

		- it supports JWK Key Format for all four key types (oct, RSA, EC and OKP)
		- it is providing Key and KeyStore abstractions
		- there is JSON Web Encryption support
		- it supports all JWS / JWE Serialization Syntaxes
		- it supports the "crit" member validations to make sure extensions are handled correctly
		- it is not only validating the signatures, it is making sure the JWE/JWS is syntactically correct,
		e.g. not having duplicated header parameters between protected/unprotected or per-recipient
		headers

		#### How is it different from [`node-jose`][node-jose]

		`node-jose` is built to work in any javascript runtime, to be able to do that it packs a lot of
		backfill and javascript implementation code in the form of
		[`node-forge`](https://github.com/digitalbazaar/forge), this significantly increases the footprint
		of the module with dependencies that either aren't ever used or have native implementation available
		in Node.js already, those are often times faster and more reliable.

		#### What is the ultimate goal?

		- No dependencies, the moment JWK formatted keys are supported by node's `crypto` the direct
		dependency count will go down from 1 to 0. 🚀
		- Just the API one needs, having used other jose modules for 3+ years I only include what's useful

		#### Why? Just, why?

		I was using [`node-jose`][node-jose] for
		[`openid-client`](https://github.com/panva/node-openid-client) and
		[`oidc-provider`](https://github.com/panva/node-oidc-provider) and came to realize its shortcomings
		in terms of performance and API (not having well defined errors).

		+ this was an amazing opportunity to learn JOSE as a whole

		[ask]: https://github.com/panva/jose/issues/new?labels=question&template=question.md&title=question%3A+
		[bug]: https://github.com/panva/jose/issues/new?labels=bug&template=bug-report.md&title=bug%3A+
		[codecov-image]: https://img.shields.io/codecov/c/github/panva/jose/master.svg
		[codecov-url]: https://codecov.io/gh/panva/jose
		[documentation-jwe]: https://github.com/panva/jose/blob/master/docs/README.md#jwe-json-web-encryption
		[documentation-jwk]: https://github.com/panva/jose/blob/master/docs/README.md#jwk-json-web-key
		[documentation-jwks]: https://github.com/panva/jose/blob/master/docs/README.md#jwks-json-web-key-set
		[documentation-jws]: https://github.com/panva/jose/blob/master/docs/README.md#jws-json-web-signature
		[documentation-jwt]: https://github.com/panva/jose/blob/master/docs/README.md#jwt-json-web-token
		[documentation]: https://github.com/panva/jose/blob/master/docs/README.md
		[node-jose]: https://github.com/cisco/node-jose
		[security-vulnerability]: https://github.com/panva/jose/issues/new?template=security-vulnerability.md
		[spec-b64]: https://tools.ietf.org/html/rfc7797
		[spec-cookbook]: https://tools.ietf.org/html/rfc7520
		[spec-jwa]: https://tools.ietf.org/html/rfc7518
		[spec-jwe]: https://tools.ietf.org/html/rfc7516
		[spec-jwk]: https://tools.ietf.org/html/rfc7517
		[spec-jws]: https://tools.ietf.org/html/rfc7515
		[spec-jwt]: https://tools.ietf.org/html/rfc7519
		[spec-okp]: https://tools.ietf.org/html/rfc8037
		[draft-secp256k1]: https://tools.ietf.org/html/draft-ietf-cose-webauthn-algorithms-01
		[draft-ietf-oauth-access-token-jwt]: https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt
		[draft-jarm]: https://openid.net/specs/openid-financial-api-jarm.html
		[spec-thumbprint]: https://tools.ietf.org/html/rfc7638
		[spec-oidc-id_token]: https://openid.net/specs/openid-connect-core-1_0.html#IDToken
		[spec-oidc-logout_token]: https://openid.net/specs/openid-connect-backchannel-1_0.html#LogoutToken
		[oidc-token-hash]: https://www.npmjs.com/package/oidc-token-hash
		[suggest-feature]: https://github.com/panva/jose/issues/new?labels=enhancement&template=feature-request.md&title=proposal%3A+
		[support-sponsor]: https://github.com/users/panva/sponsorship
		[actions-image]: https://github.com/panva/jose/workflows/Continuous%20Integration/badge.svg
		[sponsor-auth0]: https://auth0.com/overview?utm_source=GHsponsor&utm_medium=GHsponsor&utm_campaign=panva-jose&utm_content=auth

.npmignore

.travis.yml

index.js

lib/base64url.js

lib/bufferEqual.js

lib/jwa/content.js

lib/jwa/jwa.js

lib/jwa/key.js

lib/jwa/signer.js

LICENSE

makefile

test/base64url.js

test/bufferEqual.js

test/docs-examples.js

test/jwa.content.js

test/jwa.key.js

test/jwa.signer.js

jose - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes