Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
jose - npm Package Compare versions
Comparing version 4.8.3 to 4.9.0
@@ -17,3 +17,3 @@ export { compactDecrypt } from './jwe/compact/decrypt.js'; | ||
| export { EncryptJWT } from './jwt/encrypt.js'; | ||
| export { calculateJwkThumbprint } from './jwk/thumbprint.js'; | ||
| export { calculateJwkThumbprint, calculateJwkThumbprintUri } from './jwk/thumbprint.js'; | ||
| export { EmbeddedJWK } from './jwk/embedded.js'; | ||
@@ -20,0 +20,0 @@ export { createLocalJWKSet } from './jwks/local.js'; |
@@ -46,4 +46,4 @@ import { decode as base64url } from '../../runtime/base64url.js'; | ||
| if (jwe.protected) { | ||
| const protectedHeader = base64url(jwe.protected); | ||
| try { | ||
| const protectedHeader = base64url(jwe.protected); | ||
| parsedProt = JSON.parse(decoder.decode(protectedHeader)); | ||
@@ -50,0 +50,0 @@ } |
@@ -11,6 +11,7 @@ import digest from '../runtime/digest.js'; | ||
| }; | ||
| export async function calculateJwkThumbprint(jwk, digestAlgorithm = 'sha256') { | ||
| export async function calculateJwkThumbprint(jwk, digestAlgorithm) { | ||
| if (!isObject(jwk)) { | ||
| throw new TypeError('JWK must be an object'); | ||
| } | ||
| digestAlgorithm !== null && digestAlgorithm !== void 0 ? digestAlgorithm : (digestAlgorithm = 'sha256'); | ||
| if (digestAlgorithm !== 'sha256' && | ||
@@ -49,1 +50,6 @@ digestAlgorithm !== 'sha384' && | ||
| } | ||
| export async function calculateJwkThumbprintUri(jwk, digestAlgorithm) { | ||
| digestAlgorithm !== null && digestAlgorithm !== void 0 ? digestAlgorithm : (digestAlgorithm = 'sha256'); | ||
| const thumbprint = await calculateJwkThumbprint(jwk, digestAlgorithm); | ||
| return `urn:ietf:params:oauth:jwk-thumbprint:sha-${digestAlgorithm.slice(-3)}:${thumbprint}`; | ||
| } |
@@ -32,4 +32,4 @@ import { decode as base64url } from '../../runtime/base64url.js'; | ||
| if (jws.protected) { | ||
| const protectedHeader = base64url(jws.protected); | ||
| try { | ||
| const protectedHeader = base64url(jws.protected); | ||
| parsedProt = JSON.parse(decoder.decode(protectedHeader)); | ||
@@ -36,0 +36,0 @@ } |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.base64url = exports.generateSecret = exports.generateKeyPair = exports.errors = exports.decodeJwt = exports.decodeProtectedHeader = exports.importJWK = exports.importX509 = exports.importPKCS8 = exports.importSPKI = exports.exportJWK = exports.exportSPKI = exports.exportPKCS8 = exports.UnsecuredJWT = exports.createRemoteJWKSet = exports.createLocalJWKSet = exports.EmbeddedJWK = exports.calculateJwkThumbprint = exports.EncryptJWT = exports.SignJWT = exports.GeneralSign = exports.FlattenedSign = exports.CompactSign = exports.FlattenedEncrypt = exports.CompactEncrypt = exports.jwtDecrypt = exports.jwtVerify = exports.generalVerify = exports.flattenedVerify = exports.compactVerify = exports.GeneralEncrypt = exports.generalDecrypt = exports.flattenedDecrypt = exports.compactDecrypt = void 0; | ||
| exports.base64url = exports.generateSecret = exports.generateKeyPair = exports.errors = exports.decodeJwt = exports.decodeProtectedHeader = exports.importJWK = exports.importX509 = exports.importPKCS8 = exports.importSPKI = exports.exportJWK = exports.exportSPKI = exports.exportPKCS8 = exports.UnsecuredJWT = exports.createRemoteJWKSet = exports.createLocalJWKSet = exports.EmbeddedJWK = exports.calculateJwkThumbprintUri = exports.calculateJwkThumbprint = exports.EncryptJWT = exports.SignJWT = exports.GeneralSign = exports.FlattenedSign = exports.CompactSign = exports.FlattenedEncrypt = exports.CompactEncrypt = exports.jwtDecrypt = exports.jwtVerify = exports.generalVerify = exports.flattenedVerify = exports.compactVerify = exports.GeneralEncrypt = exports.generalDecrypt = exports.flattenedDecrypt = exports.compactDecrypt = void 0; | ||
| var decrypt_js_1 = require("./jwe/compact/decrypt.js"); | ||
@@ -38,2 +38,3 @@ Object.defineProperty(exports, "compactDecrypt", { enumerable: true, get: function () { return decrypt_js_1.compactDecrypt; } }); | ||
| Object.defineProperty(exports, "calculateJwkThumbprint", { enumerable: true, get: function () { return thumbprint_js_1.calculateJwkThumbprint; } }); | ||
| Object.defineProperty(exports, "calculateJwkThumbprintUri", { enumerable: true, get: function () { return thumbprint_js_1.calculateJwkThumbprintUri; } }); | ||
| var embedded_js_1 = require("./jwk/embedded.js"); | ||
@@ -40,0 +41,0 @@ Object.defineProperty(exports, "EmbeddedJWK", { enumerable: true, get: function () { return embedded_js_1.EmbeddedJWK; } }); |
@@ -49,4 +49,4 @@ "use strict"; | ||
| if (jwe.protected) { | ||
| const protectedHeader = (0, base64url_js_1.decode)(jwe.protected); | ||
| try { | ||
| const protectedHeader = (0, base64url_js_1.decode)(jwe.protected); | ||
| parsedProt = JSON.parse(buffer_utils_js_1.decoder.decode(protectedHeader)); | ||
@@ -53,0 +53,0 @@ } |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.calculateJwkThumbprint = void 0; | ||
| exports.calculateJwkThumbprintUri = exports.calculateJwkThumbprint = void 0; | ||
| const digest_js_1 = require("../runtime/digest.js"); | ||
@@ -14,6 +14,7 @@ const base64url_js_1 = require("../runtime/base64url.js"); | ||
| }; | ||
| async function calculateJwkThumbprint(jwk, digestAlgorithm = 'sha256') { | ||
| async function calculateJwkThumbprint(jwk, digestAlgorithm) { | ||
| if (!(0, is_object_js_1.default)(jwk)) { | ||
| throw new TypeError('JWK must be an object'); | ||
| } | ||
| digestAlgorithm !== null && digestAlgorithm !== void 0 ? digestAlgorithm : (digestAlgorithm = 'sha256'); | ||
| if (digestAlgorithm !== 'sha256' && | ||
@@ -53,1 +54,7 @@ digestAlgorithm !== 'sha384' && | ||
| exports.calculateJwkThumbprint = calculateJwkThumbprint; | ||
| async function calculateJwkThumbprintUri(jwk, digestAlgorithm) { | ||
| digestAlgorithm !== null && digestAlgorithm !== void 0 ? digestAlgorithm : (digestAlgorithm = 'sha256'); | ||
| const thumbprint = await calculateJwkThumbprint(jwk, digestAlgorithm); | ||
| return `urn:ietf:params:oauth:jwk-thumbprint:sha-${digestAlgorithm.slice(-3)}:${thumbprint}`; | ||
| } | ||
| exports.calculateJwkThumbprintUri = calculateJwkThumbprintUri; |
@@ -35,4 +35,4 @@ "use strict"; | ||
| if (jws.protected) { | ||
| const protectedHeader = (0, base64url_js_1.decode)(jws.protected); | ||
| try { | ||
| const protectedHeader = (0, base64url_js_1.decode)(jws.protected); | ||
| parsedProt = JSON.parse(buffer_utils_js_1.decoder.decode(protectedHeader)); | ||
@@ -39,0 +39,0 @@ } |
@@ -38,2 +38,6 @@ "use strict"; | ||
| if (jwkExportSupported) { | ||
| if (keyObject.type !== 'secret' && | ||
| !['rsa', 'ec', 'ed25519', 'x25519', 'ed448', 'x448'].includes(keyObject.asymmetricKeyType)) { | ||
| throw new errors_js_1.JOSENotSupported('Unsupported key asymmetricKeyType'); | ||
| } | ||
| return keyObject.export({ format: 'jwk' }); | ||
@@ -40,0 +44,0 @@ } |
@@ -17,3 +17,3 @@ export { compactDecrypt } from './jwe/compact/decrypt.js'; | ||
| export { EncryptJWT } from './jwt/encrypt.js'; | ||
| export { calculateJwkThumbprint } from './jwk/thumbprint.js'; | ||
| export { calculateJwkThumbprint, calculateJwkThumbprintUri } from './jwk/thumbprint.js'; | ||
| export { EmbeddedJWK } from './jwk/embedded.js'; | ||
@@ -20,0 +20,0 @@ export { createLocalJWKSet } from './jwks/local.js'; |
@@ -46,4 +46,4 @@ import { decode as base64url } from '../../runtime/base64url.js'; | ||
| if (jwe.protected) { | ||
| const protectedHeader = base64url(jwe.protected); | ||
| try { | ||
| const protectedHeader = base64url(jwe.protected); | ||
| parsedProt = JSON.parse(decoder.decode(protectedHeader)); | ||
@@ -50,0 +50,0 @@ } |
@@ -11,6 +11,7 @@ import digest from '../runtime/digest.js'; | ||
| }; | ||
| export async function calculateJwkThumbprint(jwk, digestAlgorithm = 'sha256') { | ||
| export async function calculateJwkThumbprint(jwk, digestAlgorithm) { | ||
| if (!isObject(jwk)) { | ||
| throw new TypeError('JWK must be an object'); | ||
| } | ||
| digestAlgorithm !== null && digestAlgorithm !== void 0 ? digestAlgorithm : (digestAlgorithm = 'sha256'); | ||
| if (digestAlgorithm !== 'sha256' && | ||
@@ -49,1 +50,6 @@ digestAlgorithm !== 'sha384' && | ||
| } | ||
| export async function calculateJwkThumbprintUri(jwk, digestAlgorithm) { | ||
| digestAlgorithm !== null && digestAlgorithm !== void 0 ? digestAlgorithm : (digestAlgorithm = 'sha256'); | ||
| const thumbprint = await calculateJwkThumbprint(jwk, digestAlgorithm); | ||
| return `urn:ietf:params:oauth:jwk-thumbprint:sha-${digestAlgorithm.slice(-3)}:${thumbprint}`; | ||
| } |
@@ -32,4 +32,4 @@ import { decode as base64url } from '../../runtime/base64url.js'; | ||
| if (jws.protected) { | ||
| const protectedHeader = base64url(jws.protected); | ||
| try { | ||
| const protectedHeader = base64url(jws.protected); | ||
| parsedProt = JSON.parse(decoder.decode(protectedHeader)); | ||
@@ -36,0 +36,0 @@ } |
@@ -36,2 +36,6 @@ import { KeyObject, createPublicKey } from 'crypto'; | ||
| if (jwkExportSupported) { | ||
| if (keyObject.type !== 'secret' && | ||
| !['rsa', 'ec', 'ed25519', 'x25519', 'ed448', 'x448'].includes(keyObject.asymmetricKeyType)) { | ||
| throw new JOSENotSupported('Unsupported key asymmetricKeyType'); | ||
| } | ||
| return keyObject.export({ format: 'jwk' }); | ||
@@ -38,0 +42,0 @@ } |
@@ -28,3 +28,3 @@ export { compactDecrypt } from './jwe/compact/decrypt'; | ||
| export { EncryptJWT } from './jwt/encrypt'; | ||
| export { calculateJwkThumbprint } from './jwk/thumbprint'; | ||
| export { calculateJwkThumbprint, calculateJwkThumbprintUri } from './jwk/thumbprint'; | ||
| export { EmbeddedJWK } from './jwk/embedded'; | ||
@@ -31,0 +31,0 @@ export { createLocalJWKSet } from './jwks/local'; |
| import type { KeyLike, DecryptOptions, CompactJWEHeaderParameters, GetKeyFunction, FlattenedJWE, CompactDecryptResult, ResolvedKey } from '../../types'; | ||
| /** | ||
| * Interface for Compact JWE Decryption dynamic key resolution. | ||
| * No token components have been verified at the time of this function call. | ||
| * Interface for Compact JWE Decryption dynamic key resolution. No token components have been | ||
| * verified at the time of this function call. | ||
| */ | ||
@@ -11,9 +11,7 @@ export interface CompactDecryptGetKey extends GetKeyFunction<CompactJWEHeaderParameters, FlattenedJWE> { | ||
| * | ||
| * @param jwe Compact JWE. | ||
| * @param key Private Key or Secret to decrypt the JWE with. | ||
| * @param options JWE Decryption options. | ||
| * @example Usage | ||
| * | ||
| * @example Usage | ||
| * ```js | ||
| * const jwe = 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIn0.nyQ19eq9ogh9wA7fFtnI2oouzy5_8b5DeLkoRMfi2yijgfTs2zEnayCEofz_qhnL-nwszabd9qUeHv0-IwvhhJJS7GUJOU3ikiIe42qcIAFme1A_Fo9CTxw4XTOy-I5qanl8So91u6hwfyN1VxAqVLsSE7_23EC-gfGEg_5znew9PyXXsOIE-K_HH7IQowRrlZ1X_bM_Liu53RzDpLDvRz59mp3S8L56YqpM8FexFGTGpEaoTcEIst375qncYt3-79IVR7gZN1RWsWgjPatfvVbnh74PglQcATSf3UUhaW0OAKn6q7r3PDx6DIKQ35bgHQg5QopuN00eIfLQL2trGw.W3grIVj5HVuAb76X.6PcuDe5D6ttWFYyv0oqqdDXfI2R8wBg1F2Q80UUA_Gv8eEimNWfxIWdLxrjzgQGSvIhxmFKuLM0.a93_Ug3uZHuczj70Zavx8Q' | ||
| * const jwe = | ||
| * 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIn0.nyQ19eq9ogh9wA7fFtnI2oouzy5_8b5DeLkoRMfi2yijgfTs2zEnayCEofz_qhnL-nwszabd9qUeHv0-IwvhhJJS7GUJOU3ikiIe42qcIAFme1A_Fo9CTxw4XTOy-I5qanl8So91u6hwfyN1VxAqVLsSE7_23EC-gfGEg_5znew9PyXXsOIE-K_HH7IQowRrlZ1X_bM_Liu53RzDpLDvRz59mp3S8L56YqpM8FexFGTGpEaoTcEIst375qncYt3-79IVR7gZN1RWsWgjPatfvVbnh74PglQcATSf3UUhaW0OAKn6q7r3PDx6DIKQ35bgHQg5QopuN00eIfLQL2trGw.W3grIVj5HVuAb76X.6PcuDe5D6ttWFYyv0oqqdDXfI2R8wBg1F2Q80UUA_Gv8eEimNWfxIWdLxrjzgQGSvIhxmFKuLM0.a93_Ug3uZHuczj70Zavx8Q' | ||
| * | ||
@@ -25,2 +23,6 @@ * const { plaintext, protectedHeader } = await jose.compactDecrypt(jwe, privateKey) | ||
| * ``` | ||
| * | ||
| * @param jwe Compact JWE. | ||
| * @param key Private Key or Secret to decrypt the JWE with. | ||
| * @param options JWE Decryption options. | ||
| */ | ||
@@ -27,0 +29,0 @@ export declare function compactDecrypt(jwe: string | Uint8Array, key: KeyLike | Uint8Array, options?: DecryptOptions): Promise<CompactDecryptResult>; |
@@ -6,7 +6,6 @@ import type { KeyLike, JWEKeyManagementHeaderParameters, CompactJWEHeaderParameters, EncryptOptions } from '../../types'; | ||
| * @example Usage | ||
| * | ||
| * ```js | ||
| * const jwe = await new jose.CompactEncrypt( | ||
| * new TextEncoder().encode( | ||
| * 'It’s a dangerous business, Frodo, going out your door.' | ||
| * ) | ||
| * new TextEncoder().encode('It’s a dangerous business, Frodo, going out your door.'), | ||
| * ) | ||
@@ -21,25 +20,20 @@ * .setProtectedHeader({ alg: 'RSA-OAEP-256', enc: 'A256GCM' }) | ||
| private _flattened; | ||
| /** | ||
| * @param plaintext Binary representation of the plaintext to encrypt. | ||
| */ | ||
| /** @param plaintext Binary representation of the plaintext to encrypt. */ | ||
| constructor(plaintext: Uint8Array); | ||
| /** | ||
| * Sets a content encryption key to use, by default a random suitable one | ||
| * is generated for the JWE enc" (Encryption Algorithm) Header Parameter. | ||
| * Sets a content encryption key to use, by default a random suitable one is generated for the JWE | ||
| * enc" (Encryption Algorithm) Header Parameter. | ||
| * | ||
| * @deprecated You should not use this method. It is only really intended for test and vector | ||
| * validation purposes. | ||
| * @param cek JWE Content Encryption Key. | ||
| * | ||
| * @deprecated You should not use this method. It is only really intended | ||
| * for test and vector validation purposes. | ||
| */ | ||
| setContentEncryptionKey(cek: Uint8Array): this; | ||
| /** | ||
| * Sets the JWE Initialization Vector to use for content encryption, by default | ||
| * a random suitable one is generated for the JWE enc" (Encryption Algorithm) | ||
| * Header Parameter. | ||
| * Sets the JWE Initialization Vector to use for content encryption, by default a random suitable | ||
| * one is generated for the JWE enc" (Encryption Algorithm) Header Parameter. | ||
| * | ||
| * @deprecated You should not use this method. It is only really intended for test and vector | ||
| * validation purposes. | ||
| * @param iv JWE Initialization Vector. | ||
| * | ||
| * @deprecated You should not use this method. It is only really intended | ||
| * for test and vector validation purposes. | ||
| */ | ||
@@ -54,5 +48,5 @@ setInitializationVector(iv: Uint8Array): this; | ||
| /** | ||
| * Sets the JWE Key Management parameters to be used when encrypting the Content | ||
| * Encryption Key. You do not need to invoke this method, it is only really | ||
| * intended for test and vector validation purposes. | ||
| * Sets the JWE Key Management parameters to be used when encrypting the Content Encryption Key. | ||
| * You do not need to invoke this method, it is only really intended for test and vector | ||
| * validation purposes. | ||
| * | ||
@@ -59,0 +53,0 @@ * @param parameters JWE Key Management parameters. |
| import type { FlattenedDecryptResult, KeyLike, FlattenedJWE, JWEHeaderParameters, DecryptOptions, GetKeyFunction, ResolvedKey } from '../../types'; | ||
| /** | ||
| * Interface for Flattened JWE Decryption dynamic key resolution. | ||
| * No token components have been verified at the time of this function call. | ||
| * Interface for Flattened JWE Decryption dynamic key resolution. No token components have been | ||
| * verified at the time of this function call. | ||
| */ | ||
@@ -11,7 +11,4 @@ export interface FlattenedDecryptGetKey extends GetKeyFunction<JWEHeaderParameters | undefined, FlattenedJWE> { | ||
| * | ||
| * @param jwe Flattened JWE. | ||
| * @param key Private Key or Secret to decrypt the JWE with. | ||
| * @param options JWE Decryption options. | ||
| * @example Usage | ||
| * | ||
| * @example Usage | ||
| * ```js | ||
@@ -22,12 +19,10 @@ * const jwe = { | ||
| * tag: 'W76IYV6arGRuDSaSyWrQNg', | ||
| * encrypted_key: 'Z6eD4UK_yFb5ZoKvKkGAdqywEG_m0e4IYo0x8Vf30LAMJcsc-_zSgIeiF82teZyYi2YYduHKoqImk7MRnoPZOlEs0Q5BNK1OgBmSOhCE8DFyqh9Zh48TCTP6lmBQ52naqoUJFMtHzu-0LwZH26hxos0GP3Dt19O379MJB837TdKKa87skq0zHaVLAquRHOBF77GI54Bc7O49d8aOrSu1VEFGMThlW2caspPRiTSePDMDPq7_WGk50izRhB3Asl9wmP9wEeaTrkJKRnQj5ips1SAZ1hDBsqEQKKukxP1HtdcopHV5_qgwU8Hjm5EwSLMluMQuiE6hwlkXGOujZLVizA', | ||
| * encrypted_key: | ||
| * 'Z6eD4UK_yFb5ZoKvKkGAdqywEG_m0e4IYo0x8Vf30LAMJcsc-_zSgIeiF82teZyYi2YYduHKoqImk7MRnoPZOlEs0Q5BNK1OgBmSOhCE8DFyqh9Zh48TCTP6lmBQ52naqoUJFMtHzu-0LwZH26hxos0GP3Dt19O379MJB837TdKKa87skq0zHaVLAquRHOBF77GI54Bc7O49d8aOrSu1VEFGMThlW2caspPRiTSePDMDPq7_WGk50izRhB3Asl9wmP9wEeaTrkJKRnQj5ips1SAZ1hDBsqEQKKukxP1HtdcopHV5_qgwU8Hjm5EwSLMluMQuiE6hwlkXGOujZLVizA', | ||
| * aad: 'VGhlIEZlbGxvd3NoaXAgb2YgdGhlIFJpbmc', | ||
| * protected: 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIn0' | ||
| * protected: 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMjU2R0NNIn0', | ||
| * } | ||
| * | ||
| * const { | ||
| * plaintext, | ||
| * protectedHeader, | ||
| * additionalAuthenticatedData | ||
| * } = await jose.flattenedDecrypt(jwe, privateKey) | ||
| * const { plaintext, protectedHeader, additionalAuthenticatedData } = | ||
| * await jose.flattenedDecrypt(jwe, privateKey) | ||
| * | ||
@@ -39,2 +34,6 @@ * console.log(protectedHeader) | ||
| * ``` | ||
| * | ||
| * @param jwe Flattened JWE. | ||
| * @param key Private Key or Secret to decrypt the JWE with. | ||
| * @param options JWE Decryption options. | ||
| */ | ||
@@ -41,0 +40,0 @@ export declare function flattenedDecrypt(jwe: FlattenedJWE, key: KeyLike | Uint8Array, options?: DecryptOptions): Promise<FlattenedDecryptResult>; |
| import type { KeyLike, FlattenedJWE, JWEHeaderParameters, JWEKeyManagementHeaderParameters, EncryptOptions } from '../../types'; | ||
| /** | ||
| * @private | ||
| */ | ||
| /** @private */ | ||
| export declare const unprotected: unique symbol; | ||
| /** | ||
| * The FlattenedEncrypt class is a utility for creating Flattened JWE | ||
| * objects. | ||
| * The FlattenedEncrypt class is a utility for creating Flattened JWE objects. | ||
| * | ||
| * @example Usage | ||
| * | ||
| * ```js | ||
| * const jwe = await new jose.FlattenedEncrypt( | ||
| * new TextEncoder().encode( | ||
| * 'It’s a dangerous business, Frodo, going out your door.' | ||
| * ) | ||
| * new TextEncoder().encode('It’s a dangerous business, Frodo, going out your door.'), | ||
| * ) | ||
@@ -33,11 +29,9 @@ * .setProtectedHeader({ alg: 'RSA-OAEP-256', enc: 'A256GCM' }) | ||
| private _keyManagementParameters; | ||
| /** | ||
| * @param plaintext Binary representation of the plaintext to encrypt. | ||
| */ | ||
| /** @param plaintext Binary representation of the plaintext to encrypt. */ | ||
| constructor(plaintext: Uint8Array); | ||
| /** | ||
| * Sets the JWE Key Management parameters to be used when encrypting. | ||
| * Use of this is method is really only needed for ECDH based algorithms | ||
| * when utilizing the Agreement PartyUInfo or Agreement PartyVInfo parameters. | ||
| * Other parameters will always be randomly generated when needed and missing. | ||
| * Sets the JWE Key Management parameters to be used when encrypting. Use of this is method is | ||
| * really only needed for ECDH based algorithms when utilizing the Agreement PartyUInfo or | ||
| * Agreement PartyVInfo parameters. Other parameters will always be randomly generated when needed | ||
| * and missing. | ||
| * | ||
@@ -72,20 +66,17 @@ * @param parameters JWE Key Management parameters. | ||
| /** | ||
| * Sets a content encryption key to use, by default a random suitable one | ||
| * is generated for the JWE enc" (Encryption Algorithm) Header Parameter. | ||
| * Sets a content encryption key to use, by default a random suitable one is generated for the JWE | ||
| * enc" (Encryption Algorithm) Header Parameter. | ||
| * | ||
| * @deprecated You should not use this method. It is only really intended for test and vector | ||
| * validation purposes. | ||
| * @param cek JWE Content Encryption Key. | ||
| * | ||
| * @deprecated You should not use this method. It is only really intended | ||
| * for test and vector validation purposes. | ||
| */ | ||
| setContentEncryptionKey(cek: Uint8Array): this; | ||
| /** | ||
| * Sets the JWE Initialization Vector to use for content encryption, by default | ||
| * a random suitable one is generated for the JWE enc" (Encryption Algorithm) | ||
| * Header Parameter. | ||
| * Sets the JWE Initialization Vector to use for content encryption, by default a random suitable | ||
| * one is generated for the JWE enc" (Encryption Algorithm) Header Parameter. | ||
| * | ||
| * @deprecated You should not use this method. It is only really intended for test and vector | ||
| * validation purposes. | ||
| * @param iv JWE Initialization Vector. | ||
| * | ||
| * @deprecated You should not use this method. It is only really intended | ||
| * for test and vector validation purposes. | ||
| */ | ||
@@ -92,0 +83,0 @@ setInitializationVector(iv: Uint8Array): this; |
| import type { KeyLike, DecryptOptions, JWEHeaderParameters, GetKeyFunction, FlattenedJWE, GeneralJWE, GeneralDecryptResult, ResolvedKey } from '../../types'; | ||
| /** | ||
| * Interface for General JWE Decryption dynamic key resolution. | ||
| * No token components have been verified at the time of this function call. | ||
| * Interface for General JWE Decryption dynamic key resolution. No token components have been | ||
| * verified at the time of this function call. | ||
| */ | ||
@@ -11,7 +11,4 @@ export interface GeneralDecryptGetKey extends GetKeyFunction<JWEHeaderParameters, FlattenedJWE> { | ||
| * | ||
| * @param jwe General JWE. | ||
| * @param key Private Key or Secret to decrypt the JWE with. | ||
| * @param options JWE Decryption options. | ||
| * @example Usage | ||
| * | ||
| * @example Usage | ||
| * ```js | ||
@@ -26,12 +23,10 @@ * const jwe = { | ||
| * { | ||
| * encrypted_key: 'Z6eD4UK_yFb5ZoKvKkGAdqywEG_m0e4IYo0x8Vf30LAMJcsc-_zSgIeiF82teZyYi2YYduHKoqImk7MRnoPZOlEs0Q5BNK1OgBmSOhCE8DFyqh9Zh48TCTP6lmBQ52naqoUJFMtHzu-0LwZH26hxos0GP3Dt19O379MJB837TdKKa87skq0zHaVLAquRHOBF77GI54Bc7O49d8aOrSu1VEFGMThlW2caspPRiTSePDMDPq7_WGk50izRhB3Asl9wmP9wEeaTrkJKRnQj5ips1SAZ1hDBsqEQKKukxP1HtdcopHV5_qgwU8Hjm5EwSLMluMQuiE6hwlkXGOujZLVizA' | ||
| * } | ||
| * ] | ||
| * encrypted_key: | ||
| * 'Z6eD4UK_yFb5ZoKvKkGAdqywEG_m0e4IYo0x8Vf30LAMJcsc-_zSgIeiF82teZyYi2YYduHKoqImk7MRnoPZOlEs0Q5BNK1OgBmSOhCE8DFyqh9Zh48TCTP6lmBQ52naqoUJFMtHzu-0LwZH26hxos0GP3Dt19O379MJB837TdKKa87skq0zHaVLAquRHOBF77GI54Bc7O49d8aOrSu1VEFGMThlW2caspPRiTSePDMDPq7_WGk50izRhB3Asl9wmP9wEeaTrkJKRnQj5ips1SAZ1hDBsqEQKKukxP1HtdcopHV5_qgwU8Hjm5EwSLMluMQuiE6hwlkXGOujZLVizA', | ||
| * }, | ||
| * ], | ||
| * } | ||
| * | ||
| * const { | ||
| * plaintext, | ||
| * protectedHeader, | ||
| * additionalAuthenticatedData | ||
| * } = await jose.generalDecrypt(jwe, privateKey) | ||
| * const { plaintext, protectedHeader, additionalAuthenticatedData } = | ||
| * await jose.generalDecrypt(jwe, privateKey) | ||
| * | ||
@@ -43,2 +38,6 @@ * console.log(protectedHeader) | ||
| * ``` | ||
| * | ||
| * @param jwe General JWE. | ||
| * @param key Private Key or Secret to decrypt the JWE with. | ||
| * @param options JWE Decryption options. | ||
| */ | ||
@@ -45,0 +44,0 @@ export declare function generalDecrypt(jwe: GeneralJWE, key: KeyLike | Uint8Array, options?: DecryptOptions): Promise<GeneralDecryptResult>; |
@@ -9,13 +9,7 @@ import type { KeyLike, GeneralJWE, JWEHeaderParameters, CritOption, DeflateOption } from '../../types'; | ||
| setUnprotectedHeader(unprotectedHeader: JWEHeaderParameters): Recipient; | ||
| /** | ||
| * A shorthand for calling addRecipient() on the enclosing GeneralEncrypt instance | ||
| */ | ||
| /** A shorthand for calling addRecipient() on the enclosing GeneralEncrypt instance */ | ||
| addRecipient(...args: Parameters<GeneralEncrypt['addRecipient']>): Recipient; | ||
| /** | ||
| * A shorthand for calling encrypt() on the enclosing GeneralEncrypt instance | ||
| */ | ||
| /** A shorthand for calling encrypt() on the enclosing GeneralEncrypt instance */ | ||
| encrypt(...args: Parameters<GeneralEncrypt['encrypt']>): Promise<GeneralJWE>; | ||
| /** | ||
| * Returns the enclosing GeneralEncrypt | ||
| */ | ||
| /** Returns the enclosing GeneralEncrypt */ | ||
| done(): GeneralEncrypt; | ||
@@ -27,7 +21,6 @@ } | ||
| * @example Usage | ||
| * | ||
| * ```js | ||
| * const jwe = await new jose.GeneralEncrypt( | ||
| * new TextEncoder().encode( | ||
| * 'It’s a dangerous business, Frodo, going out your door.' | ||
| * ) | ||
| * new TextEncoder().encode('It’s a dangerous business, Frodo, going out your door.'), | ||
| * ) | ||
@@ -50,5 +43,3 @@ * .setProtectedHeader({ enc: 'A256GCM' }) | ||
| private _aad; | ||
| /** | ||
| * @param plaintext Binary representation of the plaintext to encrypt. | ||
| */ | ||
| /** @param plaintext Binary representation of the plaintext to encrypt. */ | ||
| constructor(plaintext: Uint8Array); | ||
@@ -55,0 +46,0 @@ /** |
| import type { FlattenedJWSInput, JWSHeaderParameters } from '../types'; | ||
| /** | ||
| * EmbeddedJWK is an implementation of a GetKeyFunction intended to be used with the | ||
| * JWS/JWT verify operations whenever you need to opt-in to verify signatures with | ||
| * a public key embedded in the token's "jwk" (JSON Web Key) Header Parameter. | ||
| * It is recommended to combine this with the verify algorithms option to whitelist | ||
| * JWS algorithms to accept. | ||
| * EmbeddedJWK is an implementation of a GetKeyFunction intended to be used with the JWS/JWT verify | ||
| * operations whenever you need to opt-in to verify signatures with a public key embedded in the | ||
| * token's "jwk" (JSON Web Key) Header Parameter. It is recommended to combine this with the verify | ||
| * algorithms option to whitelist JWS algorithms to accept. | ||
| * | ||
| * @example Usage | ||
| * | ||
| * ```js | ||
| * const jwt = 'eyJqd2siOnsiY3J2IjoiUC0yNTYiLCJ4IjoiVU05ZzVuS25aWFlvdldBbE03NmNMejl2VG96UmpfX0NIVV9kT2wtZ09vRSIsInkiOiJkczhhZVF3MWwyY0RDQTdiQ2tPTnZ3REtwWEFidFhqdnFDbGVZSDhXc19VIiwia3R5IjoiRUMifSwiYWxnIjoiRVMyNTYifQ.eyJpc3MiOiJ1cm46ZXhhbXBsZTppc3N1ZXIiLCJhdWQiOiJ1cm46ZXhhbXBsZTphdWRpZW5jZSIsImlhdCI6MTYwNDU4MDc5NH0.60boak3_dErnW47ZPty1C0nrjeVq86EN_eK0GOq6K8w2OA0thKoBxFK4j-NuU9yZ_A9UKGxPT_G87DladBaV9g' | ||
| * const jwt = | ||
| * 'eyJqd2siOnsiY3J2IjoiUC0yNTYiLCJ4IjoiVU05ZzVuS25aWFlvdldBbE03NmNMejl2VG96UmpfX0NIVV9kT2wtZ09vRSIsInkiOiJkczhhZVF3MWwyY0RDQTdiQ2tPTnZ3REtwWEFidFhqdnFDbGVZSDhXc19VIiwia3R5IjoiRUMifSwiYWxnIjoiRVMyNTYifQ.eyJpc3MiOiJ1cm46ZXhhbXBsZTppc3N1ZXIiLCJhdWQiOiJ1cm46ZXhhbXBsZTphdWRpZW5jZSIsImlhdCI6MTYwNDU4MDc5NH0.60boak3_dErnW47ZPty1C0nrjeVq86EN_eK0GOq6K8w2OA0thKoBxFK4j-NuU9yZ_A9UKGxPT_G87DladBaV9g' | ||
| * | ||
| * const { payload, protectedHeader } = await jose.jwtVerify(jwt, jose.EmbeddedJWK, { | ||
| * issuer: 'urn:example:issuer', | ||
| * audience: 'urn:example:audience' | ||
| * audience: 'urn:example:audience', | ||
| * }) | ||
@@ -17,0 +18,0 @@ * |
@@ -6,17 +6,40 @@ import type { JWK } from '../types'; | ||
| * | ||
| * @example Usage | ||
| * | ||
| * ```js | ||
| * const thumbprint = await jose.calculateJwkThumbprint({ | ||
| * kty: 'EC', | ||
| * crv: 'P-256', | ||
| * x: 'jJ6Flys3zK9jUhnOHf6G49Dyp5hah6CNP84-gY-n9eo', | ||
| * y: 'nhI6iD5eFXgBTLt_1p3aip-5VbZeMhxeFSpjfEAf7Ww', | ||
| * }) | ||
| * | ||
| * console.log(thumbprint) | ||
| * // 'w9eYdC6_s_tLQ8lH6PUpc0mddazaqtPgeC2IgWDiqY8' | ||
| * ``` | ||
| * | ||
| * @param jwk JSON Web Key. | ||
| * @param digestAlgorithm Digest Algorithm to use for calculating the thumbprint. | ||
| * Default is sha256. Accepted is "sha256", "sha384", "sha512". | ||
| * @param digestAlgorithm Digest Algorithm to use for calculating the thumbprint. Default is "sha256". | ||
| */ | ||
| export declare function calculateJwkThumbprint(jwk: JWK, digestAlgorithm?: 'sha256' | 'sha384' | 'sha512'): Promise<string>; | ||
| /** | ||
| * Calculates a JSON Web Key (JWK) Thumbprint URI as per [RFC9278](https://www.rfc-editor.org/rfc/rfc9278). | ||
| * | ||
| * @example Usage | ||
| * | ||
| * ```js | ||
| * const thumbprint = await jose.calculateJwkThumbprint({ | ||
| * kty: 'RSA', | ||
| * e: 'AQAB', | ||
| * n: '12oBZRhCiZFJLcPg59LkZZ9mdhSMTKAQZYq32k_ti5SBB6jerkh-WzOMAO664r_qyLkqHUSp3u5SbXtseZEpN3XPWGKSxjsy-1JyEFTdLSYe6f9gfrmxkUF_7DTpq0gn6rntP05g2-wFW50YO7mosfdslfrTJYWHFhJALabAeYirYD7-9kqq9ebfFMF4sRRELbv9oi36As6Q9B3Qb5_C1rAzqfao_PCsf9EPsTZsVVVkA5qoIAr47lo1ipfiBPxUCCNSdvkmDTYgvvRm6ZoMjFbvOtgyts55fXKdMWv7I9HMD5HwE9uW839PWA514qhbcIsXEYSFMPMV6fnlsiZvQQ' | ||
| * const thumbprintUri = await jose.calculateJwkThumbprintUri({ | ||
| * kty: 'EC', | ||
| * crv: 'P-256', | ||
| * x: 'jJ6Flys3zK9jUhnOHf6G49Dyp5hah6CNP84-gY-n9eo', | ||
| * y: 'nhI6iD5eFXgBTLt_1p3aip-5VbZeMhxeFSpjfEAf7Ww', | ||
| * }) | ||
| * | ||
| * console.log(thumbprint) | ||
| * // 'urn:ietf:params:oauth:jwk-thumbprint:sha-256:w9eYdC6_s_tLQ8lH6PUpc0mddazaqtPgeC2IgWDiqY8' | ||
| * ``` | ||
| * | ||
| * @param jwk JSON Web Key. | ||
| * @param digestAlgorithm Digest Algorithm to use for calculating the thumbprint. Default is "sha256". | ||
| */ | ||
| export declare function calculateJwkThumbprint(jwk: JWK, digestAlgorithm?: 'sha256' | 'sha384' | 'sha512'): Promise<string>; | ||
| export declare function calculateJwkThumbprintUri(jwk: JWK, digestAlgorithm?: 'sha256' | 'sha384' | 'sha512'): Promise<string>; |
| import type { KeyLike, JWSHeaderParameters, JSONWebKeySet, FlattenedJWSInput, GetKeyFunction } from '../types'; | ||
| /** | ||
| * @private | ||
| */ | ||
| /** @private */ | ||
| export declare function isJWKSLike(jwks: unknown): jwks is JSONWebKeySet; | ||
| /** | ||
| * @private | ||
| */ | ||
| /** @private */ | ||
| export declare class LocalJWKSet { | ||
@@ -16,10 +12,9 @@ protected _jwks?: JSONWebKeySet; | ||
| /** | ||
| * Returns a function that resolves to a key object from a locally | ||
| * stored, or otherwise available, JSON Web Key Set. | ||
| * Returns a function that resolves to a key object from a locally stored, or otherwise available, | ||
| * JSON Web Key Set. | ||
| * | ||
| * Only a single public key must match the selection process. | ||
| * | ||
| * @param jwks JSON Web Key Set formatted object. | ||
| * @example Usage | ||
| * | ||
| * @example Usage | ||
| * ```js | ||
@@ -32,3 +27,3 @@ * const JWKS = jose.createLocalJWKSet({ | ||
| * n: '12oBZRhCiZFJLcPg59LkZZ9mdhSMTKAQZYq32k_ti5SBB6jerkh-WzOMAO664r_qyLkqHUSp3u5SbXtseZEpN3XPWGKSxjsy-1JyEFTdLSYe6f9gfrmxkUF_7DTpq0gn6rntP05g2-wFW50YO7mosfdslfrTJYWHFhJALabAeYirYD7-9kqq9ebfFMF4sRRELbv9oi36As6Q9B3Qb5_C1rAzqfao_PCsf9EPsTZsVVVkA5qoIAr47lo1ipfiBPxUCCNSdvkmDTYgvvRm6ZoMjFbvOtgyts55fXKdMWv7I9HMD5HwE9uW839PWA514qhbcIsXEYSFMPMV6fnlsiZvQQ', | ||
| * alg: 'PS256' | ||
| * alg: 'PS256', | ||
| * }, | ||
@@ -40,5 +35,5 @@ * { | ||
| * y: '_LeQBw07cf5t57Iavn4j-BqJsAD1dpoz8gokd3sBsOo', | ||
| * alg: 'ES256' | ||
| * } | ||
| * ] | ||
| * alg: 'ES256', | ||
| * }, | ||
| * ], | ||
| * }) | ||
@@ -48,3 +43,3 @@ * | ||
| * issuer: 'urn:example:issuer', | ||
| * audience: 'urn:example:audience' | ||
| * audience: 'urn:example:audience', | ||
| * }) | ||
@@ -54,3 +49,5 @@ * console.log(protectedHeader) | ||
| * ``` | ||
| * | ||
| * @param jwks JSON Web Key Set formatted object. | ||
| */ | ||
| export declare function createLocalJWKSet(jwks: JSONWebKeySet): GetKeyFunction<JWSHeaderParameters, FlattenedJWSInput>; |
| import type { JWSHeaderParameters, FlattenedJWSInput, GetKeyFunction } from '../types'; | ||
| /** | ||
| * Options for the remote JSON Web Key Set. | ||
| */ | ||
| /** Options for the remote JSON Web Key Set. */ | ||
| export interface RemoteJWKSetOptions { | ||
| /** | ||
| * Timeout (in milliseconds) for the HTTP request. When reached the request | ||
| * will be aborted and the verification will fail. Default is 5000 (5 | ||
| * seconds). | ||
| * Timeout (in milliseconds) for the HTTP request. When reached the request will be aborted and | ||
| * the verification will fail. Default is 5000 (5 seconds). | ||
| */ | ||
| timeoutDuration?: number; | ||
| /** | ||
| * Duration (in milliseconds) for which no more HTTP requests will be | ||
| * triggered after a previous successful fetch. Default is 30000 (30 seconds). | ||
| * Duration (in milliseconds) for which no more HTTP requests will be triggered after a previous | ||
| * successful fetch. Default is 30000 (30 seconds). | ||
| */ | ||
| cooldownDuration?: number; | ||
| /** | ||
| * Maximum time (in milliseconds) between successful HTTP requests. Default is | ||
| * 600000 (10 minutes). | ||
| */ | ||
| /** Maximum time (in milliseconds) between successful HTTP requests. Default is 600000 (10 minutes). */ | ||
| cacheMaxAge?: number | typeof Infinity; | ||
| /** | ||
| * An instance of | ||
| * [http.Agent](https://nodejs.org/api/http.html#http_class_http_agent) or | ||
| * [https.Agent](https://nodejs.org/api/https.html#https_class_https_agent) to | ||
| * pass to the | ||
| * [http.get](https://nodejs.org/api/http.html#http_http_get_options_callback) | ||
| * or | ||
| * [https.get](https://nodejs.org/api/https.html#https_https_get_options_callback) | ||
| * method's options. Use when behind an http(s) proxy. This is a Node.js | ||
| * runtime specific option, it is ignored when used outside of Node.js | ||
| * runtime. | ||
| * An instance of [http.Agent](https://nodejs.org/api/http.html#class-httpagent) or | ||
| * [https.Agent](https://nodejs.org/api/https.html#class-httpsagent) to pass to the | ||
| * [http.get](https://nodejs.org/api/http.html#httpgetoptions-callback) or | ||
| * [https.get](https://nodejs.org/api/https.html#httpsgetoptions-callback) method's options. Use | ||
| * when behind an http(s) proxy. This is a Node.js runtime specific option, it is ignored when | ||
| * used outside of Node.js runtime. | ||
| */ | ||
| agent?: any; | ||
| /** | ||
| * Optional headers to be sent with the HTTP request. | ||
| */ | ||
| /** Optional headers to be sent with the HTTP request. */ | ||
| headers?: Record<string, string>; | ||
@@ -44,14 +32,9 @@ } | ||
| /** | ||
| * Returns a function that resolves to a key object downloaded from a | ||
| * remote endpoint returning a JSON Web Key Set, that is, for example, | ||
| * an OAuth 2.0 or OIDC jwks_uri. Only a single public key must match | ||
| * the selection process. | ||
| * The JSON Web Key Set is fetched when no key matches the selection | ||
| * process but only as frequently as the `cooldownDuration` option allows, | ||
| * to prevent abuse. | ||
| * Returns a function that resolves to a key object downloaded from a remote endpoint returning a | ||
| * JSON Web Key Set, that is, for example, an OAuth 2.0 or OIDC jwks_uri. Only a single public key | ||
| * must match the selection process. The JSON Web Key Set is fetched when no key matches the | ||
| * selection process but only as frequently as the `cooldownDuration` option allows, to prevent abuse. | ||
| * | ||
| * @param url URL to fetch the JSON Web Key Set from. | ||
| * @param options Options for the remote JSON Web Key Set. | ||
| * @example Usage | ||
| * | ||
| * @example Usage | ||
| * ```js | ||
@@ -62,3 +45,3 @@ * const JWKS = jose.createRemoteJWKSet(new URL('https://www.googleapis.com/oauth2/v3/certs')) | ||
| * issuer: 'urn:example:issuer', | ||
| * audience: 'urn:example:audience' | ||
| * audience: 'urn:example:audience', | ||
| * }) | ||
@@ -68,4 +51,7 @@ * console.log(protectedHeader) | ||
| * ``` | ||
| * | ||
| * @param url URL to fetch the JSON Web Key Set from. | ||
| * @param options Options for the remote JSON Web Key Set. | ||
| */ | ||
| export declare function createRemoteJWKSet(url: URL, options?: RemoteJWKSetOptions): GetKeyFunction<JWSHeaderParameters, FlattenedJWSInput>; | ||
| export {}; |
@@ -6,7 +6,6 @@ import type { CompactJWSHeaderParameters, KeyLike, SignOptions } from '../../types'; | ||
| * @example Usage | ||
| * | ||
| * ```js | ||
| * const jws = await new jose.CompactSign( | ||
| * new TextEncoder().encode( | ||
| * 'It’s a dangerous business, Frodo, going out your door.' | ||
| * ) | ||
| * new TextEncoder().encode('It’s a dangerous business, Frodo, going out your door.'), | ||
| * ) | ||
@@ -21,5 +20,3 @@ * .setProtectedHeader({ alg: 'ES256' }) | ||
| private _flattened; | ||
| /** | ||
| * @param payload Binary representation of the payload to sign. | ||
| */ | ||
| /** @param payload Binary representation of the payload to sign. */ | ||
| constructor(payload: Uint8Array); | ||
@@ -26,0 +23,0 @@ /** |
| import type { CompactVerifyResult, FlattenedJWSInput, GetKeyFunction, CompactJWSHeaderParameters, KeyLike, VerifyOptions, ResolvedKey } from '../../types'; | ||
| /** | ||
| * Interface for Compact JWS Verification dynamic key resolution. | ||
| * No token components have been verified at the time of this function call. | ||
| * Interface for Compact JWS Verification dynamic key resolution. No token components have been | ||
| * verified at the time of this function call. | ||
| * | ||
| * See [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset) | ||
| * See | ||
| * [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset) | ||
| * to verify using a remote JSON Web Key Set. | ||
@@ -14,9 +15,7 @@ */ | ||
| * | ||
| * @param jws Compact JWS. | ||
| * @param key Key to verify the JWS with. | ||
| * @param options JWS Verify options. | ||
| * @example Usage | ||
| * | ||
| * @example Usage | ||
| * ```js | ||
| * const jws = 'eyJhbGciOiJFUzI1NiJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4.kkAs_gPPxWMI3rHuVlxHaTPfDWDoqdI8jSvuSmqV-8IHIWXg9mcAeC9ggV-45ZHRbiRJ3obUIFo1rHphPA5URg' | ||
| * const jws = | ||
| * 'eyJhbGciOiJFUzI1NiJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4.kkAs_gPPxWMI3rHuVlxHaTPfDWDoqdI8jSvuSmqV-8IHIWXg9mcAeC9ggV-45ZHRbiRJ3obUIFo1rHphPA5URg' | ||
| * | ||
@@ -28,2 +27,6 @@ * const { payload, protectedHeader } = await jose.compactVerify(jws, publicKey) | ||
| * ``` | ||
| * | ||
| * @param jws Compact JWS. | ||
| * @param key Key to verify the JWS with. | ||
| * @param options JWS Verify options. | ||
| */ | ||
@@ -30,0 +33,0 @@ export declare function compactVerify(jws: string | Uint8Array, key: KeyLike | Uint8Array, options?: VerifyOptions): Promise<CompactVerifyResult>; |
@@ -6,7 +6,6 @@ import type { KeyLike, FlattenedJWS, JWSHeaderParameters, SignOptions } from '../../types'; | ||
| * @example Usage | ||
| * | ||
| * ```js | ||
| * const jws = await new jose.FlattenedSign( | ||
| * new TextEncoder().encode( | ||
| * 'It’s a dangerous business, Frodo, going out your door.' | ||
| * ) | ||
| * new TextEncoder().encode('It’s a dangerous business, Frodo, going out your door.'), | ||
| * ) | ||
@@ -23,5 +22,3 @@ * .setProtectedHeader({ alg: 'ES256' }) | ||
| private _unprotectedHeader; | ||
| /** | ||
| * @param payload Binary representation of the payload to sign. | ||
| */ | ||
| /** @param payload Binary representation of the payload to sign. */ | ||
| constructor(payload: Uint8Array); | ||
@@ -28,0 +25,0 @@ /** |
| import type { FlattenedVerifyResult, KeyLike, FlattenedJWSInput, JWSHeaderParameters, VerifyOptions, GetKeyFunction, ResolvedKey } from '../../types'; | ||
| /** | ||
| * Interface for Flattened JWS Verification dynamic key resolution. | ||
| * No token components have been verified at the time of this function call. | ||
| * Interface for Flattened JWS Verification dynamic key resolution. No token components have been | ||
| * verified at the time of this function call. | ||
| * | ||
| * See [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset) | ||
| * See | ||
| * [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset) | ||
| * to verify using a remote JSON Web Key Set. | ||
@@ -14,13 +15,11 @@ */ | ||
| * | ||
| * @param jws Flattened JWS. | ||
| * @param key Key to verify the JWS with. | ||
| * @param options JWS Verify options. | ||
| * @example Usage | ||
| * | ||
| * @example Usage | ||
| * ```js | ||
| * const decoder = new TextDecoder() | ||
| * const jws = { | ||
| * signature: 'FVVOXwj6kD3DqdfD9yYqfT2W9jv-Nop4kOehp_DeDGNB5dQNSPRvntBY6xH3uxlCxE8na9d_kyhYOcanpDJ0EA', | ||
| * signature: | ||
| * 'FVVOXwj6kD3DqdfD9yYqfT2W9jv-Nop4kOehp_DeDGNB5dQNSPRvntBY6xH3uxlCxE8na9d_kyhYOcanpDJ0EA', | ||
| * payload: 'SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4', | ||
| * protected: 'eyJhbGciOiJFUzI1NiJ9' | ||
| * protected: 'eyJhbGciOiJFUzI1NiJ9', | ||
| * } | ||
@@ -33,2 +32,6 @@ * | ||
| * ``` | ||
| * | ||
| * @param jws Flattened JWS. | ||
| * @param key Key to verify the JWS with. | ||
| * @param options JWS Verify options. | ||
| */ | ||
@@ -35,0 +38,0 @@ export declare function flattenedVerify(jws: FlattenedJWSInput, key: KeyLike | Uint8Array, options?: VerifyOptions): Promise<FlattenedVerifyResult>; |
@@ -15,13 +15,7 @@ import type { KeyLike, GeneralJWS, JWSHeaderParameters, SignOptions } from '../../types'; | ||
| setUnprotectedHeader(unprotectedHeader: JWSHeaderParameters): Signature; | ||
| /** | ||
| * A shorthand for calling addSignature() on the enclosing GeneralSign instance | ||
| */ | ||
| /** A shorthand for calling addSignature() on the enclosing GeneralSign instance */ | ||
| addSignature(...args: Parameters<GeneralSign['addSignature']>): Signature; | ||
| /** | ||
| * A shorthand for calling encrypt() on the enclosing GeneralSign instance | ||
| */ | ||
| /** A shorthand for calling encrypt() on the enclosing GeneralSign instance */ | ||
| sign(...args: Parameters<GeneralSign['sign']>): Promise<GeneralJWS>; | ||
| /** | ||
| * Returns the enclosing GeneralSign | ||
| */ | ||
| /** Returns the enclosing GeneralSign */ | ||
| done(): GeneralSign; | ||
@@ -33,7 +27,6 @@ } | ||
| * @example Usage | ||
| * | ||
| * ```js | ||
| * const jws = await new jose.GeneralSign( | ||
| * new TextEncoder().encode( | ||
| * 'It’s a dangerous business, Frodo, going out your door.' | ||
| * ) | ||
| * new TextEncoder().encode('It’s a dangerous business, Frodo, going out your door.'), | ||
| * ) | ||
@@ -52,5 +45,3 @@ * .addSignature(ecPrivateKey) | ||
| private _signatures; | ||
| /** | ||
| * @param payload Binary representation of the payload to sign. | ||
| */ | ||
| /** @param payload Binary representation of the payload to sign. */ | ||
| constructor(payload: Uint8Array); | ||
@@ -64,6 +55,4 @@ /** | ||
| addSignature(key: KeyLike | Uint8Array, options?: SignOptions): Signature; | ||
| /** | ||
| * Signs and resolves the value of the General JWS object. | ||
| */ | ||
| /** Signs and resolves the value of the General JWS object. */ | ||
| sign(): Promise<GeneralJWS>; | ||
| } |
| import type { GeneralJWSInput, GeneralVerifyResult, FlattenedJWSInput, GetKeyFunction, JWSHeaderParameters, KeyLike, VerifyOptions, ResolvedKey } from '../../types'; | ||
| /** | ||
| * Interface for General JWS Verification dynamic key resolution. | ||
| * No token components have been verified at the time of this function call. | ||
| * Interface for General JWS Verification dynamic key resolution. No token components have been | ||
| * verified at the time of this function call. | ||
| * | ||
| * See [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset) | ||
| * See | ||
| * [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset) | ||
| * to verify using a remote JSON Web Key Set. | ||
@@ -14,7 +15,4 @@ */ | ||
| * | ||
| * @param jws General JWS. | ||
| * @param key Key to verify the JWS with. | ||
| * @param options JWS Verify options. | ||
| * @example Usage | ||
| * | ||
| * @example Usage | ||
| * ```js | ||
@@ -25,6 +23,7 @@ * const jws = { | ||
| * { | ||
| * signature: 'FVVOXwj6kD3DqdfD9yYqfT2W9jv-Nop4kOehp_DeDGNB5dQNSPRvntBY6xH3uxlCxE8na9d_kyhYOcanpDJ0EA', | ||
| * protected: 'eyJhbGciOiJFUzI1NiJ9' | ||
| * } | ||
| * ] | ||
| * signature: | ||
| * 'FVVOXwj6kD3DqdfD9yYqfT2W9jv-Nop4kOehp_DeDGNB5dQNSPRvntBY6xH3uxlCxE8na9d_kyhYOcanpDJ0EA', | ||
| * protected: 'eyJhbGciOiJFUzI1NiJ9', | ||
| * }, | ||
| * ], | ||
| * } | ||
@@ -37,2 +36,6 @@ * | ||
| * ``` | ||
| * | ||
| * @param jws General JWS. | ||
| * @param key Key to verify the JWS with. | ||
| * @param options JWS Verify options. | ||
| */ | ||
@@ -39,0 +42,0 @@ export declare function generalVerify(jws: GeneralJWSInput, key: KeyLike | Uint8Array, options?: VerifyOptions): Promise<GeneralVerifyResult>; |
| import type { KeyLike, DecryptOptions, JWTClaimVerificationOptions, GetKeyFunction, CompactJWEHeaderParameters, FlattenedJWE, JWTDecryptResult, ResolvedKey } from '../types'; | ||
| /** | ||
| * Combination of JWE Decryption options and JWT Claims Set verification options. | ||
| */ | ||
| /** Combination of JWE Decryption options and JWT Claims Set verification options. */ | ||
| export interface JWTDecryptOptions extends DecryptOptions, JWTClaimVerificationOptions { | ||
| } | ||
| /** | ||
| * Interface for JWT Decryption dynamic key resolution. | ||
| * No token components have been verified at the time of this function call. | ||
| * Interface for JWT Decryption dynamic key resolution. No token components have been verified at | ||
| * the time of this function call. | ||
| */ | ||
@@ -14,15 +12,14 @@ export interface JWTDecryptGetKey extends GetKeyFunction<CompactJWEHeaderParameters, FlattenedJWE> { | ||
| /** | ||
| * Verifies the JWT format (to be a JWE Compact format), decrypts the ciphertext, validates the JWT Claims Set. | ||
| * Verifies the JWT format (to be a JWE Compact format), decrypts the ciphertext, validates the JWT | ||
| * Claims Set. | ||
| * | ||
| * @param jwt JSON Web Token value (encoded as JWE). | ||
| * @param key Private Key or Secret to decrypt and verify the JWT with. | ||
| * @param options JWT Decryption and JWT Claims Set validation options. | ||
| * @example Usage | ||
| * | ||
| * @example Usage | ||
| * ```js | ||
| * const jwt = 'eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0..KVcNLqK-3-8ZkYIC.xSwF4VxO0kUMUD2W-cifsNUxnr-swyBq-nADBptyt6y9n79-iNc5b0AALJpRwc0wwDkJw8hNOMjApNUTMsK9b-asToZ3DXFMvwfJ6n1aWefvd7RsoZ2LInWFfVAuttJDzoGB.uuexQoWHwrLMEYRElT8pBQ' | ||
| * const jwt = | ||
| * 'eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0..KVcNLqK-3-8ZkYIC.xSwF4VxO0kUMUD2W-cifsNUxnr-swyBq-nADBptyt6y9n79-iNc5b0AALJpRwc0wwDkJw8hNOMjApNUTMsK9b-asToZ3DXFMvwfJ6n1aWefvd7RsoZ2LInWFfVAuttJDzoGB.uuexQoWHwrLMEYRElT8pBQ' | ||
| * | ||
| * const { payload, protectedHeader } = await jose.jwtDecrypt(jwt, secretKey, { | ||
| * issuer: 'urn:example:issuer', | ||
| * audience: 'urn:example:audience' | ||
| * audience: 'urn:example:audience', | ||
| * }) | ||
@@ -33,2 +30,6 @@ * | ||
| * ``` | ||
| * | ||
| * @param jwt JSON Web Token value (encoded as JWE). | ||
| * @param key Private Key or Secret to decrypt and verify the JWT with. | ||
| * @param options JWT Decryption and JWT Claims Set validation options. | ||
| */ | ||
@@ -35,0 +36,0 @@ export declare function jwtDecrypt(jwt: string | Uint8Array, key: KeyLike | Uint8Array, options?: JWTDecryptOptions): Promise<JWTDecryptResult>; |
@@ -7,2 +7,3 @@ import type { EncryptOptions, CompactJWEHeaderParameters, JWEKeyManagementHeaderParameters, KeyLike } from '../types'; | ||
| * @example Usage | ||
| * | ||
| * ```js | ||
@@ -31,12 +32,11 @@ * const jwt = await new jose.EncryptJWT({ 'urn:example:claim': true }) | ||
| * | ||
| * @param protectedHeader JWE Protected Header. | ||
| * Must contain an "alg" (JWE Algorithm) and "enc" (JWE | ||
| * Encryption Algorithm) properties. | ||
| * @param protectedHeader JWE Protected Header. Must contain an "alg" (JWE Algorithm) and "enc" | ||
| * (JWE Encryption Algorithm) properties. | ||
| */ | ||
| setProtectedHeader(protectedHeader: CompactJWEHeaderParameters): this; | ||
| /** | ||
| * Sets the JWE Key Management parameters to be used when encrypting. | ||
| * Use of this is method is really only needed for ECDH based algorithms | ||
| * when utilizing the Agreement PartyUInfo or Agreement PartyVInfo parameters. | ||
| * Other parameters will always be randomly generated when needed and missing. | ||
| * Sets the JWE Key Management parameters to be used when encrypting. Use of this is method is | ||
| * really only needed for ECDH based algorithms when utilizing the Agreement PartyUInfo or | ||
| * Agreement PartyVInfo parameters. Other parameters will always be randomly generated when needed | ||
| * and missing. | ||
| * | ||
@@ -47,20 +47,17 @@ * @param parameters JWE Key Management parameters. | ||
| /** | ||
| * Sets a content encryption key to use, by default a random suitable one | ||
| * is generated for the JWE enc" (Encryption Algorithm) Header Parameter. | ||
| * Sets a content encryption key to use, by default a random suitable one is generated for the JWE | ||
| * enc" (Encryption Algorithm) Header Parameter. | ||
| * | ||
| * @deprecated You should not use this method. It is only really intended for test and vector | ||
| * validation purposes. | ||
| * @param cek JWE Content Encryption Key. | ||
| * | ||
| * @deprecated You should not use this method. It is only really intended | ||
| * for test and vector validation purposes. | ||
| */ | ||
| setContentEncryptionKey(cek: Uint8Array): this; | ||
| /** | ||
| * Sets the JWE Initialization Vector to use for content encryption, by default | ||
| * a random suitable one is generated for the JWE enc" (Encryption Algorithm) | ||
| * Header Parameter. | ||
| * Sets the JWE Initialization Vector to use for content encryption, by default a random suitable | ||
| * one is generated for the JWE enc" (Encryption Algorithm) Header Parameter. | ||
| * | ||
| * @deprecated You should not use this method. It is only really intended for test and vector | ||
| * validation purposes. | ||
| * @param iv JWE Initialization Vector. | ||
| * | ||
| * @deprecated You should not use this method. It is only really intended | ||
| * for test and vector validation purposes. | ||
| */ | ||
@@ -67,0 +64,0 @@ setInitializationVector(iv: Uint8Array): this; |
| import type { JWTPayload } from '../types'; | ||
| /** | ||
| * Generic class for JWT producing. | ||
| */ | ||
| /** Generic class for JWT producing. */ | ||
| export declare class ProduceJWT { | ||
| protected _payload: JWTPayload; | ||
| /** | ||
| * @param payload The JWT Claims Set object. | ||
| */ | ||
| /** @param payload The JWT Claims Set object. */ | ||
| constructor(payload: JWTPayload); | ||
@@ -38,5 +34,5 @@ /** | ||
| * | ||
| * @param input "nbf" (Not Before) Claim value to set on the JWT Claims Set. | ||
| * When number is passed that is used as a value, when string is passed | ||
| * it is resolved to a time span and added to the current timestamp. | ||
| * @param input "nbf" (Not Before) Claim value to set on the JWT Claims Set. When number is passed | ||
| * that is used as a value, when string is passed it is resolved to a time span and added to the | ||
| * current timestamp. | ||
| */ | ||
@@ -47,5 +43,5 @@ setNotBefore(input: number | string): this; | ||
| * | ||
| * @param input "exp" (Expiration Time) Claim value to set on the JWT Claims Set. | ||
| * When number is passed that is used as a value, when string is passed | ||
| * it is resolved to a time span and added to the current timestamp. | ||
| * @param input "exp" (Expiration Time) Claim value to set on the JWT Claims Set. When number is | ||
| * passed that is used as a value, when string is passed it is resolved to a time span and added | ||
| * to the current timestamp. | ||
| */ | ||
@@ -56,6 +52,5 @@ setExpirationTime(input: number | string): this; | ||
| * | ||
| * @param input "iat" (Issued At) Claim value to set on the JWT Claims Set. | ||
| * Default is current timestamp. | ||
| * @param input "iat" (Issued At) Claim value to set on the JWT Claims Set. Default is current timestamp. | ||
| */ | ||
| setIssuedAt(input?: number): this; | ||
| } |
@@ -7,2 +7,3 @@ import type { JWTHeaderParameters, KeyLike, SignOptions } from '../types'; | ||
| * @example Usage | ||
| * | ||
| * ```js | ||
@@ -25,4 +26,3 @@ * const jwt = await new jose.SignJWT({ 'urn:example:claim': true }) | ||
| * | ||
| * @param protectedHeader JWS Protected Header. | ||
| * Must contain an "alg" (JWS Algorithm) property. | ||
| * @param protectedHeader JWS Protected Header. Must contain an "alg" (JWS Algorithm) property. | ||
| */ | ||
@@ -29,0 +29,0 @@ setProtectedHeader(protectedHeader: JWTHeaderParameters): this; |
@@ -11,2 +11,3 @@ import type { JWSHeaderParameters, JWTClaimVerificationOptions, JWTPayload } from '../types'; | ||
| * @example Encoding | ||
| * | ||
| * ```js | ||
@@ -24,6 +25,7 @@ * const unsecuredJwt = new jose.UnsecuredJWT({ 'urn:example:claim': true }) | ||
| * @example Decoding | ||
| * | ||
| * ```js | ||
| * const payload = jose.UnsecuredJWT.decode(jwt, { | ||
| * issuer: 'urn:example:issuer', | ||
| * audience: 'urn:example:audience' | ||
| * audience: 'urn:example:audience', | ||
| * }) | ||
@@ -35,5 +37,3 @@ * | ||
| export declare class UnsecuredJWT extends ProduceJWT { | ||
| /** | ||
| * Encodes the Unsecured JWT. | ||
| */ | ||
| /** Encodes the Unsecured JWT. */ | ||
| encode(): string; | ||
@@ -40,0 +40,0 @@ /** |
| import type { KeyLike, VerifyOptions, JWTClaimVerificationOptions, JWTHeaderParameters, GetKeyFunction, FlattenedJWSInput, JWTVerifyResult, ResolvedKey } from '../types'; | ||
| /** | ||
| * Combination of JWS Verification options and JWT Claims Set verification options. | ||
| */ | ||
| /** Combination of JWS Verification options and JWT Claims Set verification options. */ | ||
| export interface JWTVerifyOptions extends VerifyOptions, JWTClaimVerificationOptions { | ||
| } | ||
| /** | ||
| * Interface for JWT Verification dynamic key resolution. | ||
| * No token components have been verified at the time of this function call. | ||
| * Interface for JWT Verification dynamic key resolution. No token components have been verified at | ||
| * the time of this function call. | ||
| * | ||
| * See [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset) | ||
| * See | ||
| * [createRemoteJWKSet](../functions/jwks_remote.createRemoteJWKSet.md#function-createremotejwkset) | ||
| * to verify using a remote JSON Web Key Set. | ||
@@ -17,15 +16,14 @@ */ | ||
| /** | ||
| * Verifies the JWT format (to be a JWS Compact format), verifies the JWS signature, validates the JWT Claims Set. | ||
| * Verifies the JWT format (to be a JWS Compact format), verifies the JWS signature, validates the | ||
| * JWT Claims Set. | ||
| * | ||
| * @param jwt JSON Web Token value (encoded as JWS). | ||
| * @param key Key to verify the JWT with. | ||
| * @param options JWT Decryption and JWT Claims Set validation options. | ||
| * @example Usage | ||
| * | ||
| * @example Usage | ||
| * ```js | ||
| * const jwt = 'eyJhbGciOiJFUzI1NiJ9.eyJ1cm46ZXhhbXBsZTpjbGFpbSI6dHJ1ZSwiaWF0IjoxNjA0MzE1MDc0LCJpc3MiOiJ1cm46ZXhhbXBsZTppc3N1ZXIiLCJhdWQiOiJ1cm46ZXhhbXBsZTphdWRpZW5jZSJ9.hx1nOfAT5LlXuzu8O-bhjXBGpklWDt2EsHw7-MDn49NrnwvVsstNhEnkW2ddauB7eSikFtUNeumLpFI9CWDBsg' | ||
| * const jwt = | ||
| * 'eyJhbGciOiJFUzI1NiJ9.eyJ1cm46ZXhhbXBsZTpjbGFpbSI6dHJ1ZSwiaWF0IjoxNjA0MzE1MDc0LCJpc3MiOiJ1cm46ZXhhbXBsZTppc3N1ZXIiLCJhdWQiOiJ1cm46ZXhhbXBsZTphdWRpZW5jZSJ9.hx1nOfAT5LlXuzu8O-bhjXBGpklWDt2EsHw7-MDn49NrnwvVsstNhEnkW2ddauB7eSikFtUNeumLpFI9CWDBsg' | ||
| * | ||
| * const { payload, protectedHeader } = await jose.jwtVerify(jwt, publicKey, { | ||
| * issuer: 'urn:example:issuer', | ||
| * audience: 'urn:example:audience' | ||
| * audience: 'urn:example:audience', | ||
| * }) | ||
@@ -36,2 +34,6 @@ * | ||
| * ``` | ||
| * | ||
| * @param jwt JSON Web Token value (encoded as JWS). | ||
| * @param key Key to verify the JWT with. | ||
| * @param options JWT Decryption and JWT Claims Set validation options. | ||
| */ | ||
@@ -38,0 +40,0 @@ export declare function jwtVerify(jwt: string | Uint8Array, key: KeyLike | Uint8Array, options?: JWTVerifyOptions): Promise<JWTVerifyResult>; |
| import type { JWK, KeyLike } from '../types'; | ||
| /** | ||
| * Exports a runtime-specific public key representation (KeyObject or CryptoKey) to a PEM-encoded SPKI string format. | ||
| * Exports a runtime-specific public key representation (KeyObject or CryptoKey) to a PEM-encoded | ||
| * SPKI string format. | ||
| * | ||
| * @param key Key representation to transform to a PEM-encoded SPKI string format. | ||
| * @example Usage | ||
| * | ||
| * @example Usage | ||
| * ```js | ||
@@ -13,10 +13,12 @@ * const spkiPem = await jose.exportSPKI(publicKey) | ||
| * ``` | ||
| * | ||
| * @param key Key representation to transform to a PEM-encoded SPKI string format. | ||
| */ | ||
| export declare function exportSPKI(key: KeyLike): Promise<string>; | ||
| /** | ||
| * Exports a runtime-specific private key representation (KeyObject or CryptoKey) to a PEM-encoded PKCS8 string format. | ||
| * Exports a runtime-specific private key representation (KeyObject or CryptoKey) to a PEM-encoded | ||
| * PKCS8 string format. | ||
| * | ||
| * @param key Key representation to transform to a PEM-encoded PKCS8 string format. | ||
| * @example Usage | ||
| * | ||
| * @example Usage | ||
| * ```js | ||
@@ -27,2 +29,4 @@ * const pkcs8Pem = await jose.exportPKCS8(privateKey) | ||
| * ``` | ||
| * | ||
| * @param key Key representation to transform to a PEM-encoded PKCS8 string format. | ||
| */ | ||
@@ -33,5 +37,4 @@ export declare function exportPKCS8(key: KeyLike): Promise<string>; | ||
| * | ||
| * @param key Key representation to export as JWK. | ||
| * @example Usage | ||
| * | ||
| * @example Usage | ||
| * ```js | ||
@@ -44,3 +47,5 @@ * const privateJwk = await jose.exportJWK(privateKey) | ||
| * ``` | ||
| * | ||
| * @param key Key representation to export as JWK. | ||
| */ | ||
| export declare function exportJWK(key: KeyLike | Uint8Array): Promise<JWK>; |
| import type { KeyLike } from '../types'; | ||
| export interface GenerateKeyPairResult { | ||
| /** | ||
| * The generated Private Key. | ||
| */ | ||
| /** The generated Private Key. */ | ||
| privateKey: KeyLike; | ||
| /** | ||
| * Public Key corresponding to the generated Private Key. | ||
| */ | ||
| /** Public Key corresponding to the generated Private Key. */ | ||
| publicKey: KeyLike; | ||
@@ -14,10 +10,9 @@ } | ||
| /** | ||
| * The EC "crv" (Curve) or OKP "crv" (Subtype of Key Pair) value to generate. | ||
| * The curve must be both supported on the runtime as well as applicable for | ||
| * the given JWA algorithm identifier. | ||
| * The EC "crv" (Curve) or OKP "crv" (Subtype of Key Pair) value to generate. The curve must be | ||
| * both supported on the runtime as well as applicable for the given JWA algorithm identifier. | ||
| */ | ||
| crv?: string; | ||
| /** | ||
| * A hint for RSA algorithms to generate an RSA key of a given `modulusLength` | ||
| * (Key size in bits). JOSE requires 2048 bits or larger. Default is 2048. | ||
| * A hint for RSA algorithms to generate an RSA key of a given `modulusLength` (Key size in bits). | ||
| * JOSE requires 2048 bits or larger. Default is 2048. | ||
| */ | ||
@@ -33,13 +28,10 @@ modulusLength?: number; | ||
| /** | ||
| * Generates a private and a public key for a given JWA algorithm identifier. | ||
| * This can only generate asymmetric key pairs. For symmetric secrets use the | ||
| * `generateSecret` function. | ||
| * Generates a private and a public key for a given JWA algorithm identifier. This can only generate | ||
| * asymmetric key pairs. For symmetric secrets use the `generateSecret` function. | ||
| * | ||
| * Note: Under Web Cryptography API runtime the `privateKey` is generated with | ||
| * `extractable` set to `false` by default. | ||
| * Note: Under Web Cryptography API runtime the `privateKey` is generated with `extractable` set to | ||
| * `false` by default. | ||
| * | ||
| * @param alg JWA Algorithm Identifier to be used with the generated key pair. | ||
| * @param options Additional options passed down to the key pair generation. | ||
| * @example Usage | ||
| * | ||
| * @example Usage | ||
| * ```js | ||
@@ -50,3 +42,6 @@ * const { publicKey, privateKey } = await jose.generateKeyPair('PS256') | ||
| * ``` | ||
| * | ||
| * @param alg JWA Algorithm Identifier to be used with the generated key pair. | ||
| * @param options Additional options passed down to the key pair generation. | ||
| */ | ||
| export declare function generateKeyPair(alg: string, options?: GenerateKeyPairOptions): Promise<GenerateKeyPairResult>; |
@@ -13,6 +13,7 @@ import type { KeyLike } from '../types'; | ||
| * | ||
| * Note: Under Web Cryptography API runtime the secret key is generated with | ||
| * `extractable` set to `false` by default. | ||
| * Note: Under Web Cryptography API runtime the secret key is generated with `extractable` set to | ||
| * `false` by default. | ||
| * | ||
| * @example Usage | ||
| * | ||
| * ```js | ||
@@ -19,0 +20,0 @@ * const secret = await jose.generateSecret('HS256') |
@@ -11,10 +11,8 @@ import type { JWK, KeyLike } from '../types'; | ||
| /** | ||
| * Imports a PEM-encoded SPKI string as a runtime-specific public key representation (KeyObject or CryptoKey). | ||
| * See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210) to learn about key to algorithm | ||
| * requirements and mapping. | ||
| * Imports a PEM-encoded SPKI string as a runtime-specific public key representation (KeyObject or | ||
| * CryptoKey). See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210) to learn | ||
| * about key to algorithm requirements and mapping. | ||
| * | ||
| * @param pem PEM-encoded SPKI string | ||
| * @param alg JSON Web Algorithm identifier to be used with the imported key. | ||
| * @example Usage | ||
| * | ||
| * @example Usage | ||
| * ```js | ||
@@ -28,13 +26,15 @@ * const algorithm = 'ES256' | ||
| * ``` | ||
| * | ||
| * @param pem PEM-encoded SPKI string | ||
| * @param alg JSON Web Algorithm identifier to be used with the imported key. | ||
| */ | ||
| export declare function importSPKI(spki: string, alg: string, options?: PEMImportOptions): Promise<KeyLike>; | ||
| /** | ||
| * Imports the SPKI from an X.509 string certificate as a runtime-specific public key representation (KeyObject or CryptoKey). | ||
| * See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210) to learn about key to algorithm | ||
| * Imports the SPKI from an X.509 string certificate as a runtime-specific public key representation | ||
| * (KeyObject or CryptoKey). See [Algorithm Key | ||
| * Requirements](https://github.com/panva/jose/issues/210) to learn about key to algorithm | ||
| * requirements and mapping. | ||
| * | ||
| * @param pem X.509 certificate string | ||
| * @param alg JSON Web Algorithm identifier to be used with the imported key. | ||
| * @example Usage | ||
| * | ||
| * @example Usage | ||
| * ```js | ||
@@ -54,13 +54,14 @@ * const algorithm = 'ES256' | ||
| * ``` | ||
| * | ||
| * @param pem X.509 certificate string | ||
| * @param alg JSON Web Algorithm identifier to be used with the imported key. | ||
| */ | ||
| export declare function importX509(x509: string, alg: string, options?: PEMImportOptions): Promise<KeyLike>; | ||
| /** | ||
| * Imports a PEM-encoded PKCS8 string as a runtime-specific private key representation (KeyObject or CryptoKey). | ||
| * See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210) to learn about key to algorithm | ||
| * requirements and mapping. Encrypted keys are not supported. | ||
| * Imports a PEM-encoded PKCS8 string as a runtime-specific private key representation (KeyObject or | ||
| * CryptoKey). See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210) to learn | ||
| * about key to algorithm requirements and mapping. Encrypted keys are not supported. | ||
| * | ||
| * @param pem PEM-encoded PKCS8 string | ||
| * @param alg JSON Web Algorithm identifier to be used with the imported key. | ||
| * @example Usage | ||
| * | ||
| * @example Usage | ||
| * ```js | ||
@@ -75,34 +76,44 @@ * const algorithm = 'ES256' | ||
| * ``` | ||
| * | ||
| * @param pem PEM-encoded PKCS8 string | ||
| * @param alg JSON Web Algorithm identifier to be used with the imported key. | ||
| */ | ||
| export declare function importPKCS8(pkcs8: string, alg: string, options?: PEMImportOptions): Promise<KeyLike>; | ||
| /** | ||
| * Imports a JWK to a runtime-specific key representation (KeyLike). Either | ||
| * JWK "alg" (Algorithm) Parameter must be present or the optional "alg" argument. When | ||
| * running on a runtime using [Web Cryptography API](https://www.w3.org/TR/WebCryptoAPI/) | ||
| * the jwk parameters "use", "key_ops", and "ext" are also used in the resulting `CryptoKey`. | ||
| * See [Algorithm Key Requirements](https://github.com/panva/jose/issues/210) to learn about key to algorithm | ||
| * Imports a JWK to a runtime-specific key representation (KeyLike). Either JWK "alg" (Algorithm) | ||
| * Parameter must be present or the optional "alg" argument. When running on a runtime using [Web | ||
| * Cryptography API](https://www.w3.org/TR/WebCryptoAPI/) the jwk parameters "use", "key_ops", and | ||
| * "ext" are also used in the resulting `CryptoKey`. See [Algorithm Key | ||
| * Requirements](https://github.com/panva/jose/issues/210) to learn about key to algorithm | ||
| * requirements and mapping. | ||
| * | ||
| * @param jwk JSON Web Key. | ||
| * @param alg JSON Web Algorithm identifier to be used with the imported key. | ||
| * Default is the "alg" property on the JWK. | ||
| * @param octAsKeyObject Forces a symmetric key to be imported to a KeyObject or | ||
| * CryptoKey. Default is true unless JWK "ext" (Extractable) is true. | ||
| * @example Usage | ||
| * | ||
| * @example Usage | ||
| * ```js | ||
| * const ecPublicKey = await jose.importJWK({ | ||
| * crv: 'P-256', | ||
| * kty: 'EC', | ||
| * x: 'ySK38C1jBdLwDsNWKzzBHqKYEE5Cgv-qjWvorUXk9fw', | ||
| * y: '_LeQBw07cf5t57Iavn4j-BqJsAD1dpoz8gokd3sBsOo' | ||
| * }, 'ES256') | ||
| * const ecPublicKey = await jose.importJWK( | ||
| * { | ||
| * crv: 'P-256', | ||
| * kty: 'EC', | ||
| * x: 'ySK38C1jBdLwDsNWKzzBHqKYEE5Cgv-qjWvorUXk9fw', | ||
| * y: '_LeQBw07cf5t57Iavn4j-BqJsAD1dpoz8gokd3sBsOo', | ||
| * }, | ||
| * 'ES256', | ||
| * ) | ||
| * | ||
| * const rsaPublicKey = await jose.importJWK({ | ||
| * kty: 'RSA', | ||
| * e: 'AQAB', | ||
| * n: '12oBZRhCiZFJLcPg59LkZZ9mdhSMTKAQZYq32k_ti5SBB6jerkh-WzOMAO664r_qyLkqHUSp3u5SbXtseZEpN3XPWGKSxjsy-1JyEFTdLSYe6f9gfrmxkUF_7DTpq0gn6rntP05g2-wFW50YO7mosfdslfrTJYWHFhJALabAeYirYD7-9kqq9ebfFMF4sRRELbv9oi36As6Q9B3Qb5_C1rAzqfao_PCsf9EPsTZsVVVkA5qoIAr47lo1ipfiBPxUCCNSdvkmDTYgvvRm6ZoMjFbvOtgyts55fXKdMWv7I9HMD5HwE9uW839PWA514qhbcIsXEYSFMPMV6fnlsiZvQQ' | ||
| * }, 'PS256') | ||
| * const rsaPublicKey = await jose.importJWK( | ||
| * { | ||
| * kty: 'RSA', | ||
| * e: 'AQAB', | ||
| * n: '12oBZRhCiZFJLcPg59LkZZ9mdhSMTKAQZYq32k_ti5SBB6jerkh-WzOMAO664r_qyLkqHUSp3u5SbXtseZEpN3XPWGKSxjsy-1JyEFTdLSYe6f9gfrmxkUF_7DTpq0gn6rntP05g2-wFW50YO7mosfdslfrTJYWHFhJALabAeYirYD7-9kqq9ebfFMF4sRRELbv9oi36As6Q9B3Qb5_C1rAzqfao_PCsf9EPsTZsVVVkA5qoIAr47lo1ipfiBPxUCCNSdvkmDTYgvvRm6ZoMjFbvOtgyts55fXKdMWv7I9HMD5HwE9uW839PWA514qhbcIsXEYSFMPMV6fnlsiZvQQ', | ||
| * }, | ||
| * 'PS256', | ||
| * ) | ||
| * ``` | ||
| * | ||
| * @param jwk JSON Web Key. | ||
| * @param alg JSON Web Algorithm identifier to be used with the imported key. Default is the "alg" | ||
| * property on the JWK. | ||
| * @param octAsKeyObject Forces a symmetric key to be imported to a KeyObject or CryptoKey. Default | ||
| * is true unless JWK "ext" (Extractable) is true. | ||
| */ | ||
| export declare function importJWK(jwk: JWK, alg?: string, octAsKeyObject?: boolean): Promise<KeyLike | Uint8Array>; |
| /** | ||
| * KeyLike are runtime-specific classes representing asymmetric keys or symmetric secrets. | ||
| * These are instances of | ||
| * [CryptoKey](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey) and additionally | ||
| * [KeyObject](https://nodejs.org/api/crypto.html#crypto_class_keyobject) | ||
| * in Node.js runtime. | ||
| * KeyLike are runtime-specific classes representing asymmetric keys or symmetric secrets. These are | ||
| * instances of [CryptoKey](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey) and | ||
| * additionally [KeyObject](https://nodejs.org/api/crypto.html#class-keyobject) in Node.js runtime. | ||
| * [Uint8Array](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array) | ||
| * instances are also accepted as symmetric secret representation only. | ||
| * | ||
| * [Key Import Functions](../modules/key_import.md#readme) can be used to import PEM, | ||
| * or JWK formatted asymmetric keys and certificates to these runtime-specific representations. | ||
| * [Key Import Functions](../modules/key_import.md#readme) can be used to import PEM, or JWK | ||
| * formatted asymmetric keys and certificates to these runtime-specific representations. | ||
| * | ||
| * In Node.js the | ||
| * [Buffer](https://nodejs.org/api/buffer.html#buffer_buffer) class is a subclass of Uint8Array | ||
| * and so Buffer can be provided for symmetric secrets as well. | ||
| * In Node.js the [Buffer](https://nodejs.org/api/buffer.html#buffer) class is a subclass of | ||
| * Uint8Array and so Buffer can be provided for symmetric secrets as well. | ||
| * | ||
| * --- | ||
| * [KeyObject](https://nodejs.org/api/crypto.html#class-keyobject) is a representation of a | ||
| * key/secret available in the Node.js runtime. In addition to the import functions of this library | ||
| * you may use the runtime APIs | ||
| * [crypto.createPublicKey](https://nodejs.org/api/crypto.html#cryptocreatepublickeykey), | ||
| * [crypto.createPrivateKey](https://nodejs.org/api/crypto.html#cryptocreateprivatekeykey), and | ||
| * [crypto.createSecretKey](https://nodejs.org/api/crypto.html#cryptocreatesecretkeykey-encoding) to | ||
| * obtain a KeyObject from your existing key material. | ||
| * | ||
| * [KeyObject](https://nodejs.org/api/crypto.html#crypto_class_keyobject) is a representation of a | ||
| * key/secret available in the Node.js runtime. | ||
| * In addition to the import functions of this library you may use the | ||
| * runtime APIs | ||
| * [crypto.createPublicKey](https://nodejs.org/api/crypto.html#crypto_crypto_createpublickey_key), | ||
| * [crypto.createPrivateKey](https://nodejs.org/api/crypto.html#crypto_crypto_createprivatekey_key), and | ||
| * [crypto.createSecretKey](https://nodejs.org/api/crypto.html#crypto_crypto_createsecretkey_key_encoding) | ||
| * to obtain a KeyObject from your existing key material. | ||
| * | ||
| * [CryptoKey](https://developer.mozilla.org/en-US/docs/Web/API/CryptoKey) is a representation of a | ||
| * key/secret available in the Browser and Deno runtimes. | ||
| * In addition to the import functions of this library you may use the | ||
| * [SubtleCrypto.importKey](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey) API | ||
| * to obtain a CryptoKey from your existing key material. | ||
| * key/secret available in the Browser and Deno runtimes. In addition to the import functions of | ||
| * this library you may use the | ||
| * [SubtleCrypto.importKey](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey) | ||
| * API to obtain a CryptoKey from your existing key material. | ||
| * | ||
| * --- | ||
| * @example Import a PEM-encoded SPKI Public Key | ||
| * | ||
| * @example Import a PEM-encoded SPKI Public Key | ||
| * ```js | ||
@@ -47,2 +40,3 @@ * const algorithm = 'ES256' | ||
| * @example Import a X.509 Certificate | ||
| * | ||
| * ```js | ||
@@ -64,2 +58,3 @@ * const algorithm = 'ES256' | ||
| * @example Import a PEM-encoded PKCS8 Private Key | ||
| * | ||
| * ```js | ||
@@ -76,15 +71,22 @@ * const algorithm = 'ES256' | ||
| * @example Import a JSON Web Key (JWK) | ||
| * | ||
| * ```js | ||
| * const ecPublicKey = await jose.importJWK({ | ||
| * crv: 'P-256', | ||
| * kty: 'EC', | ||
| * x: 'ySK38C1jBdLwDsNWKzzBHqKYEE5Cgv-qjWvorUXk9fw', | ||
| * y: '_LeQBw07cf5t57Iavn4j-BqJsAD1dpoz8gokd3sBsOo' | ||
| * }, 'ES256') | ||
| * const ecPublicKey = await jose.importJWK( | ||
| * { | ||
| * crv: 'P-256', | ||
| * kty: 'EC', | ||
| * x: 'ySK38C1jBdLwDsNWKzzBHqKYEE5Cgv-qjWvorUXk9fw', | ||
| * y: '_LeQBw07cf5t57Iavn4j-BqJsAD1dpoz8gokd3sBsOo', | ||
| * }, | ||
| * 'ES256', | ||
| * ) | ||
| * | ||
| * const rsaPublicKey = await jose.importJWK({ | ||
| * kty: 'RSA', | ||
| * e: 'AQAB', | ||
| * n: '12oBZRhCiZFJLcPg59LkZZ9mdhSMTKAQZYq32k_ti5SBB6jerkh-WzOMAO664r_qyLkqHUSp3u5SbXtseZEpN3XPWGKSxjsy-1JyEFTdLSYe6f9gfrmxkUF_7DTpq0gn6rntP05g2-wFW50YO7mosfdslfrTJYWHFhJALabAeYirYD7-9kqq9ebfFMF4sRRELbv9oi36As6Q9B3Qb5_C1rAzqfao_PCsf9EPsTZsVVVkA5qoIAr47lo1ipfiBPxUCCNSdvkmDTYgvvRm6ZoMjFbvOtgyts55fXKdMWv7I9HMD5HwE9uW839PWA514qhbcIsXEYSFMPMV6fnlsiZvQQ' | ||
| * }, 'PS256') | ||
| * const rsaPublicKey = await jose.importJWK( | ||
| * { | ||
| * kty: 'RSA', | ||
| * e: 'AQAB', | ||
| * n: '12oBZRhCiZFJLcPg59LkZZ9mdhSMTKAQZYq32k_ti5SBB6jerkh-WzOMAO664r_qyLkqHUSp3u5SbXtseZEpN3XPWGKSxjsy-1JyEFTdLSYe6f9gfrmxkUF_7DTpq0gn6rntP05g2-wFW50YO7mosfdslfrTJYWHFhJALabAeYirYD7-9kqq9ebfFMF4sRRELbv9oi36As6Q9B3Qb5_C1rAzqfao_PCsf9EPsTZsVVVkA5qoIAr47lo1ipfiBPxUCCNSdvkmDTYgvvRm6ZoMjFbvOtgyts55fXKdMWv7I9HMD5HwE9uW839PWA514qhbcIsXEYSFMPMV6fnlsiZvQQ', | ||
| * }, | ||
| * 'PS256', | ||
| * ) | ||
| * ``` | ||
@@ -95,9 +97,7 @@ */ | ||
| /** | ||
| * JSON Web Key ([JWK](https://www.rfc-editor.org/rfc/rfc7517)). | ||
| * "RSA", "EC", "OKP", and "oct" key types are supported. | ||
| * JSON Web Key ([JWK](https://www.rfc-editor.org/rfc/rfc7517)). "RSA", "EC", "OKP", and "oct" key | ||
| * types are supported. | ||
| */ | ||
| export interface JWK { | ||
| /** | ||
| * JWK "alg" (Algorithm) Parameter. | ||
| */ | ||
| /** JWK "alg" (Algorithm) Parameter. */ | ||
| alg?: string | ||
@@ -109,18 +109,10 @@ crv?: string | ||
| e?: string | ||
| /** | ||
| * JWK "ext" (Extractable) Parameter. | ||
| */ | ||
| /** JWK "ext" (Extractable) Parameter. */ | ||
| ext?: boolean | ||
| k?: string | ||
| /** | ||
| * JWK "key_ops" (Key Operations) Parameter. | ||
| */ | ||
| /** JWK "key_ops" (Key Operations) Parameter. */ | ||
| key_ops?: string[] | ||
| /** | ||
| * JWK "kid" (Key ID) Parameter. | ||
| */ | ||
| /** JWK "kid" (Key ID) Parameter. */ | ||
| kid?: string | ||
| /** | ||
| * JWK "kty" (Key Type) Parameter. | ||
| */ | ||
| /** JWK "kty" (Key Type) Parameter. */ | ||
| kty?: string | ||
@@ -136,23 +128,13 @@ n?: string | ||
| qi?: string | ||
| /** | ||
| * JWK "use" (Public Key Use) Parameter. | ||
| */ | ||
| /** JWK "use" (Public Key Use) Parameter. */ | ||
| use?: string | ||
| x?: string | ||
| y?: string | ||
| /** | ||
| * JWK "x5c" (X.509 Certificate Chain) Parameter. | ||
| */ | ||
| /** JWK "x5c" (X.509 Certificate Chain) Parameter. */ | ||
| x5c?: string[] | ||
| /** | ||
| * JWK "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter. | ||
| */ | ||
| /** JWK "x5t" (X.509 Certificate SHA-1 Thumbprint) Parameter. */ | ||
| x5t?: string | ||
| /** | ||
| * "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter. | ||
| */ | ||
| /** "x5t#S256" (X.509 Certificate SHA-256 Thumbprint) Parameter. */ | ||
| 'x5t#S256'?: string | ||
| /** | ||
| * JWK "x5u" (X.509 URL) Parameter. | ||
| */ | ||
| /** JWK "x5u" (X.509 URL) Parameter. */ | ||
| x5u?: string | ||
@@ -164,4 +146,4 @@ | ||
| /** | ||
| * Generic Interface for consuming operations dynamic key resolution. | ||
| * No token components have been verified at the time of this function call. | ||
| * Generic Interface for consuming operations dynamic key resolution. No token components have been | ||
| * verified at the time of this function call. | ||
| * | ||
@@ -178,12 +160,11 @@ * If you cannot match a key suitable for the token, throw an error instead. | ||
| /** | ||
| * Flattened JWS definition for verify function inputs, allows payload as | ||
| * Uint8Array for detached signature validation. | ||
| * Flattened JWS definition for verify function inputs, allows payload as Uint8Array for detached | ||
| * signature validation. | ||
| */ | ||
| export interface FlattenedJWSInput { | ||
| /** | ||
| * The "header" member MUST be present and contain the value JWS | ||
| * Unprotected Header when the JWS Unprotected Header value is non- | ||
| * empty; otherwise, it MUST be absent. This value is represented as | ||
| * an unencoded JSON object, rather than as a string. These Header | ||
| * Parameter values are not integrity protected. | ||
| * The "header" member MUST be present and contain the value JWS Unprotected Header when the JWS | ||
| * Unprotected Header value is non- empty; otherwise, it MUST be absent. This value is represented | ||
| * as an unencoded JSON object, rather than as a string. These Header Parameter values are not | ||
| * integrity protected. | ||
| */ | ||
@@ -193,5 +174,4 @@ header?: JWSHeaderParameters | ||
| /** | ||
| * The "payload" member MUST be present and contain the value | ||
| * BASE64URL(JWS Payload). When RFC7797 "b64": false is used | ||
| * the value passed may also be a Uint8Array. | ||
| * The "payload" member MUST be present and contain the value BASE64URL(JWS Payload). When RFC7797 | ||
| * "b64": false is used the value passed may also be a Uint8Array. | ||
| */ | ||
@@ -201,5 +181,4 @@ payload: string | Uint8Array | ||
| /** | ||
| * The "protected" member MUST be present and contain the value | ||
| * BASE64URL(UTF8(JWS Protected Header)) when the JWS Protected | ||
| * Header value is non-empty; otherwise, it MUST be absent. These | ||
| * The "protected" member MUST be present and contain the value BASE64URL(UTF8(JWS Protected | ||
| * Header)) when the JWS Protected Header value is non-empty; otherwise, it MUST be absent. These | ||
| * Header Parameter values are integrity protected. | ||
@@ -209,6 +188,3 @@ */ | ||
| /** | ||
| * The "signature" member MUST be present and contain the value | ||
| * BASE64URL(JWS Signature). | ||
| */ | ||
| /** The "signature" member MUST be present and contain the value BASE64URL(JWS Signature). */ | ||
| signature: string | ||
@@ -218,10 +194,9 @@ } | ||
| /** | ||
| * General JWS definition for verify function inputs, allows payload as | ||
| * Uint8Array for detached signature validation. | ||
| * General JWS definition for verify function inputs, allows payload as Uint8Array for detached | ||
| * signature validation. | ||
| */ | ||
| export interface GeneralJWSInput { | ||
| /** | ||
| * The "payload" member MUST be present and contain the value | ||
| * BASE64URL(JWS Payload). When RFC7797 "b64": false is used | ||
| * the value passed may also be a Uint8Array. | ||
| * The "payload" member MUST be present and contain the value BASE64URL(JWS Payload). When RFC7797 | ||
| * "b64": false is used the value passed may also be a Uint8Array. | ||
| */ | ||
@@ -231,5 +206,4 @@ payload: string | Uint8Array | ||
| /** | ||
| * The "signatures" member value MUST be an array of JSON objects. | ||
| * Each object represents a signature or MAC over the JWS Payload and | ||
| * the JWS Protected Header. | ||
| * The "signatures" member value MUST be an array of JSON objects. Each object represents a | ||
| * signature or MAC over the JWS Payload and the JWS Protected Header. | ||
| */ | ||
@@ -240,5 +214,4 @@ signatures: Omit<FlattenedJWSInput, 'payload'>[] | ||
| /** | ||
| * Flattened JWS definition. Payload is returned as an empty | ||
| * string when JWS Unencoded Payload Option | ||
| * [RFC7797](https://www.rfc-editor.org/rfc/rfc7797) is used. | ||
| * Flattened JWS definition. Payload is returned as an empty string when JWS Unencoded Payload | ||
| * Option [RFC7797](https://www.rfc-editor.org/rfc/rfc7797) is used. | ||
| */ | ||
@@ -251,4 +224,3 @@ export interface FlattenedJWS extends Partial<FlattenedJWSInput> { | ||
| /** | ||
| * General JWS definition. Payload is returned as an empty | ||
| * string when JWS Unencoded Payload Option | ||
| * General JWS definition. Payload is returned as an empty string when JWS Unencoded Payload Option | ||
| * [RFC7797](https://www.rfc-editor.org/rfc/rfc7797) is used. | ||
@@ -262,74 +234,46 @@ */ | ||
| export interface JoseHeaderParameters { | ||
| /** | ||
| * "kid" (Key ID) Header Parameter. | ||
| */ | ||
| /** "kid" (Key ID) Header Parameter. */ | ||
| kid?: string | ||
| /** | ||
| * "x5t" (X.509 Certificate SHA-1 Thumbprint) Header Parameter. | ||
| */ | ||
| /** "x5t" (X.509 Certificate SHA-1 Thumbprint) Header Parameter. */ | ||
| x5t?: string | ||
| /** | ||
| * "x5c" (X.509 Certificate Chain) Header Parameter. | ||
| */ | ||
| /** "x5c" (X.509 Certificate Chain) Header Parameter. */ | ||
| x5c?: string[] | ||
| /** | ||
| * "x5u" (X.509 URL) Header Parameter. | ||
| */ | ||
| /** "x5u" (X.509 URL) Header Parameter. */ | ||
| x5u?: string | ||
| /** | ||
| * "jku" (JWK Set URL) Header Parameter. | ||
| */ | ||
| /** "jku" (JWK Set URL) Header Parameter. */ | ||
| jku?: string | ||
| /** | ||
| * "jwk" (JSON Web Key) Header Parameter. | ||
| */ | ||
| /** "jwk" (JSON Web Key) Header Parameter. */ | ||
| jwk?: Pick<JWK, 'kty' | 'crv' | 'x' | 'y' | 'e' | 'n'> | ||
| /** | ||
| * "typ" (Type) Header Parameter. | ||
| */ | ||
| /** "typ" (Type) Header Parameter. */ | ||
| typ?: string | ||
| /** | ||
| * "cty" (Content Type) Header Parameter. | ||
| */ | ||
| /** "cty" (Content Type) Header Parameter. */ | ||
| cty?: string | ||
| } | ||
| /** | ||
| * Recognized JWS Header Parameters, any other Header Members | ||
| * may also be present. | ||
| */ | ||
| /** Recognized JWS Header Parameters, any other Header Members may also be present. */ | ||
| export interface JWSHeaderParameters extends JoseHeaderParameters { | ||
| /** | ||
| * JWS "alg" (Algorithm) Header Parameter. | ||
| */ | ||
| /** JWS "alg" (Algorithm) Header Parameter. */ | ||
| alg?: string | ||
| /** | ||
| * This JWS Extension Header Parameter modifies the JWS Payload | ||
| * representation and the JWS Signing Input computation as per | ||
| * [RFC7797](https://www.rfc-editor.org/rfc/rfc7797). | ||
| * This JWS Extension Header Parameter modifies the JWS Payload representation and the JWS Signing | ||
| * Input computation as per [RFC7797](https://www.rfc-editor.org/rfc/rfc7797). | ||
| */ | ||
| b64?: boolean | ||
| /** | ||
| * JWS "crit" (Critical) Header Parameter. | ||
| */ | ||
| /** JWS "crit" (Critical) Header Parameter. */ | ||
| crit?: string[] | ||
| /** | ||
| * Any other JWS Header member. | ||
| */ | ||
| /** Any other JWS Header member. */ | ||
| [propName: string]: unknown | ||
| } | ||
| /** | ||
| * Recognized JWE Key Management-related Header Parameters. | ||
| */ | ||
| /** Recognized JWE Key Management-related Header Parameters. */ | ||
| export interface JWEKeyManagementHeaderParameters { | ||
@@ -339,19 +283,19 @@ apu?: Uint8Array | ||
| /** | ||
| * @deprecated You should not use this parameter. It is only really intended | ||
| * for test and vector validation purposes. | ||
| * @deprecated You should not use this parameter. It is only really intended for test and vector | ||
| * validation purposes. | ||
| */ | ||
| p2c?: number | ||
| /** | ||
| * @deprecated You should not use this parameter. It is only really intended | ||
| * for test and vector validation purposes. | ||
| * @deprecated You should not use this parameter. It is only really intended for test and vector | ||
| * validation purposes. | ||
| */ | ||
| p2s?: Uint8Array | ||
| /** | ||
| * @deprecated You should not use this parameter. It is only really intended | ||
| * for test and vector validation purposes. | ||
| * @deprecated You should not use this parameter. It is only really intended for test and vector | ||
| * validation purposes. | ||
| */ | ||
| iv?: Uint8Array | ||
| /** | ||
| * @deprecated You should not use this parameter. It is only really intended | ||
| * for test and vector validation purposes. | ||
| * @deprecated You should not use this parameter. It is only really intended for test and vector | ||
| * validation purposes. | ||
| */ | ||
@@ -361,25 +305,17 @@ epk?: KeyLike | ||
| /** | ||
| * Flattened JWE definition. | ||
| */ | ||
| /** Flattened JWE definition. */ | ||
| export interface FlattenedJWE { | ||
| /** | ||
| * The "aad" member MUST be present and contain the value | ||
| * BASE64URL(JWE AAD)) when the JWE AAD value is non-empty; | ||
| * otherwise, it MUST be absent. A JWE AAD value can be included to | ||
| * supply a base64url-encoded value to be integrity protected but not | ||
| * encrypted. | ||
| * The "aad" member MUST be present and contain the value BASE64URL(JWE AAD)) when the JWE AAD | ||
| * value is non-empty; otherwise, it MUST be absent. A JWE AAD value can be included to supply a | ||
| * base64url-encoded value to be integrity protected but not encrypted. | ||
| */ | ||
| aad?: string | ||
| /** | ||
| * The "ciphertext" member MUST be present and contain the value | ||
| * BASE64URL(JWE Ciphertext). | ||
| */ | ||
| /** The "ciphertext" member MUST be present and contain the value BASE64URL(JWE Ciphertext). */ | ||
| ciphertext: string | ||
| /** | ||
| * The "encrypted_key" member MUST be present and contain the value | ||
| * BASE64URL(JWE Encrypted Key) when the JWE Encrypted Key value is | ||
| * non-empty; otherwise, it MUST be absent. | ||
| * The "encrypted_key" member MUST be present and contain the value BASE64URL(JWE Encrypted Key) | ||
| * when the JWE Encrypted Key value is non-empty; otherwise, it MUST be absent. | ||
| */ | ||
@@ -389,8 +325,6 @@ encrypted_key?: string | ||
| /** | ||
| * The "header" member MUST be present and contain the value JWE Per- | ||
| * Recipient Unprotected Header when the JWE Per-Recipient | ||
| * Unprotected Header value is non-empty; otherwise, it MUST be | ||
| * absent. This value is represented as an unencoded JSON object, | ||
| * rather than as a string. These Header Parameter values are not | ||
| * integrity protected. | ||
| * The "header" member MUST be present and contain the value JWE Per- Recipient Unprotected Header | ||
| * when the JWE Per-Recipient Unprotected Header value is non-empty; otherwise, it MUST be absent. | ||
| * This value is represented as an unencoded JSON object, rather than as a string. These Header | ||
| * Parameter values are not integrity protected. | ||
| */ | ||
@@ -400,5 +334,4 @@ header?: JWEHeaderParameters | ||
| /** | ||
| * The "iv" member MUST be present and contain the value | ||
| * BASE64URL(JWE Initialization Vector) when the JWE Initialization | ||
| * Vector value is non-empty; otherwise, it MUST be absent. | ||
| * The "iv" member MUST be present and contain the value BASE64URL(JWE Initialization Vector) when | ||
| * the JWE Initialization Vector value is non-empty; otherwise, it MUST be absent. | ||
| */ | ||
@@ -408,5 +341,4 @@ iv: string | ||
| /** | ||
| * The "protected" member MUST be present and contain the value | ||
| * BASE64URL(UTF8(JWE Protected Header)) when the JWE Protected | ||
| * Header value is non-empty; otherwise, it MUST be absent. These | ||
| * The "protected" member MUST be present and contain the value BASE64URL(UTF8(JWE Protected | ||
| * Header)) when the JWE Protected Header value is non-empty; otherwise, it MUST be absent. These | ||
| * Header Parameter values are integrity protected. | ||
@@ -417,5 +349,4 @@ */ | ||
| /** | ||
| * The "tag" member MUST be present and contain the value | ||
| * BASE64URL(JWE Authentication Tag) when the JWE Authentication Tag | ||
| * value is non-empty; otherwise, it MUST be absent. | ||
| * The "tag" member MUST be present and contain the value BASE64URL(JWE Authentication Tag) when | ||
| * the JWE Authentication Tag value is non-empty; otherwise, it MUST be absent. | ||
| */ | ||
@@ -425,7 +356,6 @@ tag: string | ||
| /** | ||
| * The "unprotected" member MUST be present and contain the value JWE | ||
| * Shared Unprotected Header when the JWE Shared Unprotected Header | ||
| * value is non-empty; otherwise, it MUST be absent. This value is | ||
| * represented as an unencoded JSON object, rather than as a string. | ||
| * These Header Parameter values are not integrity protected. | ||
| * The "unprotected" member MUST be present and contain the value JWE Shared Unprotected Header | ||
| * when the JWE Shared Unprotected Header value is non-empty; otherwise, it MUST be absent. This | ||
| * value is represented as an unencoded JSON object, rather than as a string. These Header | ||
| * Parameter values are not integrity protected. | ||
| */ | ||
@@ -439,57 +369,38 @@ unprotected?: JWEHeaderParameters | ||
| /** | ||
| * Recognized JWE Header Parameters, any other Header members | ||
| * may also be present. | ||
| */ | ||
| /** Recognized JWE Header Parameters, any other Header members may also be present. */ | ||
| export interface JWEHeaderParameters extends JoseHeaderParameters { | ||
| /** | ||
| * JWE "alg" (Algorithm) Header Parameter. | ||
| */ | ||
| /** JWE "alg" (Algorithm) Header Parameter. */ | ||
| alg?: string | ||
| /** | ||
| * JWE "enc" (Encryption Algorithm) Header Parameter. | ||
| */ | ||
| /** JWE "enc" (Encryption Algorithm) Header Parameter. */ | ||
| enc?: string | ||
| /** | ||
| * JWE "crit" (Critical) Header Parameter. | ||
| */ | ||
| /** JWE "crit" (Critical) Header Parameter. */ | ||
| crit?: string[] | ||
| /** | ||
| * JWE "zip" (Compression Algorithm) Header Parameter. | ||
| */ | ||
| /** JWE "zip" (Compression Algorithm) Header Parameter. */ | ||
| zip?: string | ||
| /** | ||
| * Any other JWE Header member. | ||
| */ | ||
| /** Any other JWE Header member. */ | ||
| [propName: string]: unknown | ||
| } | ||
| /** | ||
| * Shared Interface with a "crit" property for all sign, verify, encrypt and decrypt | ||
| * operations. | ||
| */ | ||
| /** Shared Interface with a "crit" property for all sign, verify, encrypt and decrypt operations. */ | ||
| export interface CritOption { | ||
| /** | ||
| * An object with keys representing recognized "crit" (Critical) Header Parameter | ||
| * names. The value for those is either `true` or `false`. `true` when the | ||
| * Header Parameter MUST be integrity protected, `false` when it's irrelevant. | ||
| * An object with keys representing recognized "crit" (Critical) Header Parameter names. The value | ||
| * for those is either `true` or `false`. `true` when the Header Parameter MUST be integrity | ||
| * protected, `false` when it's irrelevant. | ||
| * | ||
| * This makes the "Extension Header Parameter "${parameter}" is not recognized" | ||
| * error go away. | ||
| * This makes the "Extension Header Parameter "${parameter}" is not recognized" error go away. | ||
| * | ||
| * Use this when a given JWS/JWT/JWE profile requires the use of proprietary | ||
| * non-registered "crit" (Critical) Header Parameters. This will only make sure | ||
| * the Header Parameter is syntactically correct when provided and that it is | ||
| * optionally integrity protected. It will not process the Header Parameter in | ||
| * any way or reject the operation if it is missing. You MUST still | ||
| * verify the Header Parameter was present and process it according to the | ||
| * profile's validation steps after the operation succeeds. | ||
| * Use this when a given JWS/JWT/JWE profile requires the use of proprietary non-registered "crit" | ||
| * (Critical) Header Parameters. This will only make sure the Header Parameter is syntactically | ||
| * correct when provided and that it is optionally integrity protected. It will not process the | ||
| * Header Parameter in any way or reject the operation if it is missing. You MUST still verify the | ||
| * Header Parameter was present and process it according to the profile's validation steps after | ||
| * the operation succeeds. | ||
| * | ||
| * The JWS extension Header Parameter `b64` is always recognized and processed | ||
| * properly. No other registered Header Parameters that need this kind of | ||
| * default built-in treatment are currently available. | ||
| * The JWS extension Header Parameter `b64` is always recognized and processed properly. No other | ||
| * registered Header Parameters that need this kind of default built-in treatment are currently available. | ||
| */ | ||
@@ -501,15 +412,10 @@ crit?: { | ||
| /** | ||
| * JWE Decryption options. | ||
| */ | ||
| /** JWE Decryption options. */ | ||
| export interface DecryptOptions extends CritOption { | ||
| /** | ||
| * A list of accepted JWE "alg" (Algorithm) Header Parameter values. | ||
| */ | ||
| /** A list of accepted JWE "alg" (Algorithm) Header Parameter values. */ | ||
| keyManagementAlgorithms?: string[] | ||
| /** | ||
| * A list of accepted JWE "enc" (Encryption Algorithm) Header Parameter values. | ||
| * By default all "enc" (Encryption Algorithm) values applicable for the used | ||
| * key/secret are allowed. | ||
| * A list of accepted JWE "enc" (Encryption Algorithm) Header Parameter values. By default all | ||
| * "enc" (Encryption Algorithm) values applicable for the used key/secret are allowed. | ||
| */ | ||
@@ -519,4 +425,4 @@ contentEncryptionAlgorithms?: string[] | ||
| /** | ||
| * In a browser runtime you have to provide an implementation for Inflate Raw | ||
| * when you expect JWEs with compressed plaintext. | ||
| * In a browser runtime you have to provide an implementation for Inflate Raw when you expect JWEs | ||
| * with compressed plaintext. | ||
| */ | ||
@@ -526,9 +432,7 @@ inflateRaw?: InflateFunction | ||
| /** | ||
| * JWE Deflate option. | ||
| */ | ||
| /** JWE Deflate option. */ | ||
| export interface DeflateOption { | ||
| /** | ||
| * In a browser runtime you have to provide an implementation for Deflate Raw | ||
| * when you will be producing JWEs with compressed plaintext. | ||
| * In a browser runtime you have to provide an implementation for Deflate Raw when you will be | ||
| * producing JWEs with compressed plaintext. | ||
| */ | ||
@@ -538,14 +442,8 @@ deflateRaw?: DeflateFunction | ||
| /** | ||
| * JWE Encryption options. | ||
| */ | ||
| /** JWE Encryption options. */ | ||
| export interface EncryptOptions extends CritOption, DeflateOption {} | ||
| /** | ||
| * JWT Claims Set verification options. | ||
| */ | ||
| /** JWT Claims Set verification options. */ | ||
| export interface JWTClaimVerificationOptions { | ||
| /** | ||
| * Expected JWT "aud" (Audience) Claim value(s). | ||
| */ | ||
| /** Expected JWT "aud" (Audience) Claim value(s). */ | ||
| audience?: string | string[] | ||
@@ -555,10 +453,9 @@ | ||
| * Expected clock tolerance | ||
| * - in seconds when number (e.g. 5) | ||
| * - parsed as seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours"). | ||
| * | ||
| * - In seconds when number (e.g. 5) | ||
| * - Parsed as seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours"). | ||
| */ | ||
| clockTolerance?: string | number | ||
| /** | ||
| * Expected JWT "iss" (Issuer) Claim value(s). | ||
| */ | ||
| /** Expected JWT "iss" (Issuer) Claim value(s). */ | ||
| issuer?: string | string[] | ||
@@ -568,31 +465,23 @@ | ||
| * Maximum time elapsed (in seconds) from the JWT "iat" (Issued At) Claim value. | ||
| * - in seconds when number (e.g. 5) | ||
| * - parsed as seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours"). | ||
| * | ||
| * - In seconds when number (e.g. 5) | ||
| * - Parsed as seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours"). | ||
| */ | ||
| maxTokenAge?: string | number | ||
| /** | ||
| * Expected JWT "sub" (Subject) Claim value. | ||
| */ | ||
| /** Expected JWT "sub" (Subject) Claim value. */ | ||
| subject?: string | ||
| /** | ||
| * Expected JWT "typ" (Type) Header Parameter value. | ||
| */ | ||
| /** Expected JWT "typ" (Type) Header Parameter value. */ | ||
| typ?: string | ||
| /** | ||
| * Date to use when comparing NumericDate claims, defaults to `new Date()`. | ||
| */ | ||
| /** Date to use when comparing NumericDate claims, defaults to `new Date()`. */ | ||
| currentDate?: Date | ||
| } | ||
| /** | ||
| * JWS Verification options. | ||
| */ | ||
| /** JWS Verification options. */ | ||
| export interface VerifyOptions extends CritOption { | ||
| /** | ||
| * A list of accepted JWS "alg" (Algorithm) Header Parameter values. | ||
| * By default all "alg" (Algorithm) values applicable for the used | ||
| * key/secret are allowed. Note: "none" is never accepted. | ||
| * A list of accepted JWS "alg" (Algorithm) Header Parameter values. By default all "alg" | ||
| * (Algorithm) values applicable for the used key/secret are allowed. Note: "none" is never accepted. | ||
| */ | ||
@@ -602,50 +491,29 @@ algorithms?: string[] | ||
| /** | ||
| * JWS Signing options. | ||
| */ | ||
| /** JWS Signing options. */ | ||
| export interface SignOptions extends CritOption {} | ||
| /** | ||
| * Recognized JWT Claims Set members, any other members | ||
| * may also be present. | ||
| */ | ||
| /** Recognized JWT Claims Set members, any other members may also be present. */ | ||
| export interface JWTPayload { | ||
| /** | ||
| * JWT Issuer - [RFC7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1). | ||
| */ | ||
| /** JWT Issuer - [RFC7519#section-4.1.1](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1). */ | ||
| iss?: string | ||
| /** | ||
| * JWT Subject - [RFC7519#section-4.1.2](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.2). | ||
| */ | ||
| /** JWT Subject - [RFC7519#section-4.1.2](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.2). */ | ||
| sub?: string | ||
| /** | ||
| * JWT Audience [RFC7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3). | ||
| */ | ||
| /** JWT Audience [RFC7519#section-4.1.3](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.3). */ | ||
| aud?: string | string[] | ||
| /** | ||
| * JWT ID - [RFC7519#section-4.1.7](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.7). | ||
| */ | ||
| /** JWT ID - [RFC7519#section-4.1.7](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.7). */ | ||
| jti?: string | ||
| /** | ||
| * JWT Not Before - [RFC7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5). | ||
| */ | ||
| /** JWT Not Before - [RFC7519#section-4.1.5](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.5). */ | ||
| nbf?: number | ||
| /** | ||
| * JWT Expiration Time - [RFC7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4). | ||
| */ | ||
| /** JWT Expiration Time - [RFC7519#section-4.1.4](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.4). */ | ||
| exp?: number | ||
| /** | ||
| * JWT Issued At - [RFC7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6). | ||
| */ | ||
| /** JWT Issued At - [RFC7519#section-4.1.6](https://www.rfc-editor.org/rfc/rfc7519#section-4.1.6). */ | ||
| iat?: number | ||
| /** | ||
| * Any other JWT Claim Set member. | ||
| */ | ||
| /** Any other JWT Claim Set member. */ | ||
| [propName: string]: unknown | ||
@@ -655,3 +523,4 @@ } | ||
| /** | ||
| * Deflate Raw implementation, e.g. promisified [zlib.deflateRaw](https://nodejs.org/api/zlib.html#zlib_zlib_deflateraw_buffer_options_callback). | ||
| * Deflate Raw implementation, e.g. promisified | ||
| * [zlib.deflateRaw](https://nodejs.org/api/zlib.html#zlibdeflaterawbuffer-options-callback). | ||
| */ | ||
@@ -663,3 +532,4 @@ export interface DeflateFunction { | ||
| /** | ||
| * Inflate Raw implementation, e.g. promisified [zlib.inflateRaw](https://nodejs.org/api/zlib.html#zlib_zlib_inflateraw_buffer_options_callback). | ||
| * Inflate Raw implementation, e.g. promisified | ||
| * [zlib.inflateRaw](https://nodejs.org/api/zlib.html#zlibinflaterawbuffer-options-callback). | ||
| */ | ||
@@ -671,25 +541,15 @@ export interface InflateFunction { | ||
| export interface FlattenedDecryptResult { | ||
| /** | ||
| * JWE AAD. | ||
| */ | ||
| /** JWE AAD. */ | ||
| additionalAuthenticatedData?: Uint8Array | ||
| /** | ||
| * Plaintext. | ||
| */ | ||
| /** Plaintext. */ | ||
| plaintext: Uint8Array | ||
| /** | ||
| * JWE Protected Header. | ||
| */ | ||
| /** JWE Protected Header. */ | ||
| protectedHeader?: JWEHeaderParameters | ||
| /** | ||
| * JWE Shared Unprotected Header. | ||
| */ | ||
| /** JWE Shared Unprotected Header. */ | ||
| sharedUnprotectedHeader?: JWEHeaderParameters | ||
| /** | ||
| * JWE Per-Recipient Unprotected Header. | ||
| */ | ||
| /** JWE Per-Recipient Unprotected Header. */ | ||
| unprotectedHeader?: JWEHeaderParameters | ||
@@ -701,10 +561,6 @@ } | ||
| export interface CompactDecryptResult { | ||
| /** | ||
| * Plaintext. | ||
| */ | ||
| /** Plaintext. */ | ||
| plaintext: Uint8Array | ||
| /** | ||
| * JWE Protected Header. | ||
| */ | ||
| /** JWE Protected Header. */ | ||
| protectedHeader: CompactJWEHeaderParameters | ||
@@ -714,15 +570,9 @@ } | ||
| export interface FlattenedVerifyResult { | ||
| /** | ||
| * JWS Payload. | ||
| */ | ||
| /** JWS Payload. */ | ||
| payload: Uint8Array | ||
| /** | ||
| * JWS Protected Header. | ||
| */ | ||
| /** JWS Protected Header. */ | ||
| protectedHeader?: JWSHeaderParameters | ||
| /** | ||
| * JWS Unprotected Header. | ||
| */ | ||
| /** JWS Unprotected Header. */ | ||
| unprotectedHeader?: JWSHeaderParameters | ||
@@ -734,10 +584,6 @@ } | ||
| export interface CompactVerifyResult { | ||
| /** | ||
| * JWS Payload. | ||
| */ | ||
| /** JWS Payload. */ | ||
| payload: Uint8Array | ||
| /** | ||
| * JWS Protected Header. | ||
| */ | ||
| /** JWS Protected Header. */ | ||
| protectedHeader: CompactJWSHeaderParameters | ||
@@ -747,10 +593,6 @@ } | ||
| export interface JWTVerifyResult { | ||
| /** | ||
| * JWT Claims Set. | ||
| */ | ||
| /** JWT Claims Set. */ | ||
| payload: JWTPayload | ||
| /** | ||
| * JWS Protected Header. | ||
| */ | ||
| /** JWS Protected Header. */ | ||
| protectedHeader: JWTHeaderParameters | ||
@@ -760,10 +602,6 @@ } | ||
| export interface JWTDecryptResult { | ||
| /** | ||
| * JWT Claims Set. | ||
| */ | ||
| /** JWT Claims Set. */ | ||
| payload: JWTPayload | ||
| /** | ||
| * JWE Protected Header. | ||
| */ | ||
| /** JWE Protected Header. */ | ||
| protectedHeader: CompactJWEHeaderParameters | ||
@@ -773,12 +611,7 @@ } | ||
| export interface ResolvedKey { | ||
| /** | ||
| * Key resolved from the key resolver function. | ||
| */ | ||
| /** Key resolved from the key resolver function. */ | ||
| key: KeyLike | Uint8Array | ||
| } | ||
| /** | ||
| * Recognized Compact JWS Header Parameters, any other Header Members | ||
| * may also be present. | ||
| */ | ||
| /** Recognized Compact JWS Header Parameters, any other Header Members may also be present. */ | ||
| export interface CompactJWSHeaderParameters extends JWSHeaderParameters { | ||
@@ -788,6 +621,3 @@ alg: string | ||
| /** | ||
| * Recognized Signed JWT Header Parameters, any other Header Members | ||
| * may also be present. | ||
| */ | ||
| /** Recognized Signed JWT Header Parameters, any other Header Members may also be present. */ | ||
| export interface JWTHeaderParameters extends CompactJWSHeaderParameters { | ||
@@ -797,6 +627,3 @@ b64?: true | ||
| /** | ||
| * Recognized Compact JWE Header Parameters, any other Header Members | ||
| * may also be present. | ||
| */ | ||
| /** Recognized Compact JWE Header Parameters, any other Header Members may also be present. */ | ||
| export interface CompactJWEHeaderParameters extends JWEHeaderParameters { | ||
@@ -807,7 +634,5 @@ alg: string | ||
| /** | ||
| * JSON Web Key Set | ||
| */ | ||
| /** JSON Web Key Set */ | ||
| export interface JSONWebKeySet { | ||
| keys: JWK[] | ||
| } |
| import type { JWTPayload } from '../types'; | ||
| /** | ||
| * Decodes a signed JSON Web Token payload. This does not validate the JWT Claims Set | ||
| * types or values. This does not validate the JWS Signature. For a proper | ||
| * Signed JWT Claims Set validation and JWS signature verification use `jose.jwtVerify()`. | ||
| * For an encrypted JWT Claims Set validation and JWE decryption use `jose.jwtDecrypt()`. | ||
| * Decodes a signed JSON Web Token payload. This does not validate the JWT Claims Set types or | ||
| * values. This does not validate the JWS Signature. For a proper Signed JWT Claims Set validation | ||
| * and JWS signature verification use `jose.jwtVerify()`. For an encrypted JWT Claims Set validation | ||
| * and JWE decryption use `jose.jwtDecrypt()`. | ||
| * | ||
| * @param jwt JWT token in compact JWS serialization. | ||
| * @example Usage | ||
| * | ||
| * @example Usage | ||
| * ```js | ||
@@ -15,3 +14,5 @@ * const claims = jose.decodeJwt(token) | ||
| * ``` | ||
| * | ||
| * @param jwt JWT token in compact JWS serialization. | ||
| */ | ||
| export declare function decodeJwt(jwt: string): JWTPayload; |
@@ -6,5 +6,4 @@ import type { JWSHeaderParameters, JWEHeaderParameters } from '../types'; | ||
| * | ||
| * @param token JWE/JWS/JWT token in any JOSE serialization. | ||
| * @example Usage | ||
| * | ||
| * @example Usage | ||
| * ```js | ||
@@ -14,3 +13,5 @@ * const protectedHeader = jose.decodeProtectedHeader(token) | ||
| * ``` | ||
| * | ||
| * @param token JWE/JWS/JWT token in any JOSE serialization. | ||
| */ | ||
| export declare function decodeProtectedHeader(token: string | object): ProtectedHeaderParameters; |
@@ -1,51 +0,30 @@ | ||
| /** | ||
| * A generic Error subclass that all other specific | ||
| * JOSE Error subclasses inherit from. | ||
| */ | ||
| /** A generic Error subclass that all other specific JOSE Error subclasses inherit from. */ | ||
| export declare class JOSEError extends Error { | ||
| /** | ||
| * A unique error code for the particular error subclass. | ||
| */ | ||
| /** A unique error code for the particular error subclass. */ | ||
| static get code(): string; | ||
| /** | ||
| * A unique error code for the particular error subclass. | ||
| */ | ||
| /** A unique error code for the particular error subclass. */ | ||
| code: string; | ||
| constructor(message?: string); | ||
| } | ||
| /** | ||
| * An error subclass thrown when a JWT Claim Set member validation fails. | ||
| */ | ||
| /** An error subclass thrown when a JWT Claim Set member validation fails. */ | ||
| export declare class JWTClaimValidationFailed extends JOSEError { | ||
| static get code(): 'ERR_JWT_CLAIM_VALIDATION_FAILED'; | ||
| code: string; | ||
| /** | ||
| * The Claim for which the validation failed. | ||
| */ | ||
| /** The Claim for which the validation failed. */ | ||
| claim: string; | ||
| /** | ||
| * Reason code for the validation failure. | ||
| */ | ||
| /** Reason code for the validation failure. */ | ||
| reason: string; | ||
| constructor(message: string, claim?: string, reason?: string); | ||
| } | ||
| /** | ||
| * An error subclass thrown when a JWT is expired. | ||
| */ | ||
| /** An error subclass thrown when a JWT is expired. */ | ||
| export declare class JWTExpired extends JOSEError implements JWTClaimValidationFailed { | ||
| static get code(): 'ERR_JWT_EXPIRED'; | ||
| code: string; | ||
| /** | ||
| * The Claim for which the validation failed. | ||
| */ | ||
| /** The Claim for which the validation failed. */ | ||
| claim: string; | ||
| /** | ||
| * Reason code for the validation failure. | ||
| */ | ||
| /** Reason code for the validation failure. */ | ||
| reason: string; | ||
| constructor(message: string, claim?: string, reason?: string); | ||
| } | ||
| /** | ||
| * An error subclass thrown when a JOSE Algorithm is not allowed per developer preference. | ||
| */ | ||
| /** An error subclass thrown when a JOSE Algorithm is not allowed per developer preference. */ | ||
| export declare class JOSEAlgNotAllowed extends JOSEError { | ||
@@ -63,5 +42,3 @@ static get code(): 'ERR_JOSE_ALG_NOT_ALLOWED'; | ||
| } | ||
| /** | ||
| * An error subclass thrown when a JWE ciphertext decryption fails. | ||
| */ | ||
| /** An error subclass thrown when a JWE ciphertext decryption fails. */ | ||
| export declare class JWEDecryptionFailed extends JOSEError { | ||
@@ -72,5 +49,3 @@ static get code(): 'ERR_JWE_DECRYPTION_FAILED'; | ||
| } | ||
| /** | ||
| * An error subclass thrown when a JWE is invalid. | ||
| */ | ||
| /** An error subclass thrown when a JWE is invalid. */ | ||
| export declare class JWEInvalid extends JOSEError { | ||
@@ -80,5 +55,3 @@ static get code(): 'ERR_JWE_INVALID'; | ||
| } | ||
| /** | ||
| * An error subclass thrown when a JWS is invalid. | ||
| */ | ||
| /** An error subclass thrown when a JWS is invalid. */ | ||
| export declare class JWSInvalid extends JOSEError { | ||
@@ -88,5 +61,3 @@ static get code(): 'ERR_JWS_INVALID'; | ||
| } | ||
| /** | ||
| * An error subclass thrown when a JWT is invalid. | ||
| */ | ||
| /** An error subclass thrown when a JWT is invalid. */ | ||
| export declare class JWTInvalid extends JOSEError { | ||
@@ -96,5 +67,3 @@ static get code(): 'ERR_JWT_INVALID'; | ||
| } | ||
| /** | ||
| * An error subclass thrown when a JWK is invalid. | ||
| */ | ||
| /** An error subclass thrown when a JWK is invalid. */ | ||
| export declare class JWKInvalid extends JOSEError { | ||
@@ -104,5 +73,3 @@ static get code(): 'ERR_JWK_INVALID'; | ||
| } | ||
| /** | ||
| * An error subclass thrown when a JWKS is invalid. | ||
| */ | ||
| /** An error subclass thrown when a JWKS is invalid. */ | ||
| export declare class JWKSInvalid extends JOSEError { | ||
@@ -112,5 +79,3 @@ static get code(): 'ERR_JWKS_INVALID'; | ||
| } | ||
| /** | ||
| * An error subclass thrown when no keys match from a JWKS. | ||
| */ | ||
| /** An error subclass thrown when no keys match from a JWKS. */ | ||
| export declare class JWKSNoMatchingKey extends JOSEError { | ||
@@ -121,5 +86,3 @@ static get code(): 'ERR_JWKS_NO_MATCHING_KEY'; | ||
| } | ||
| /** | ||
| * An error subclass thrown when multiple keys match from a JWKS. | ||
| */ | ||
| /** An error subclass thrown when multiple keys match from a JWKS. */ | ||
| export declare class JWKSMultipleMatchingKeys extends JOSEError { | ||
@@ -130,5 +93,3 @@ static get code(): 'ERR_JWKS_MULTIPLE_MATCHING_KEYS'; | ||
| } | ||
| /** | ||
| * Timeout was reached when retrieving the JWKS response. | ||
| */ | ||
| /** Timeout was reached when retrieving the JWKS response. */ | ||
| export declare class JWKSTimeout extends JOSEError { | ||
@@ -139,5 +100,3 @@ static get code(): 'ERR_JWKS_TIMEOUT'; | ||
| } | ||
| /** | ||
| * An error subclass thrown when JWS signature verification fails. | ||
| */ | ||
| /** An error subclass thrown when JWS signature verification fails. */ | ||
| export declare class JWSSignatureVerificationFailed extends JOSEError { | ||
@@ -144,0 +103,0 @@ static get code(): 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED'; |
| { | ||
| "name": "jose", | ||
| "version": "4.8.3", | ||
| "version": "4.9.0", | ||
| "description": "'JSON Web Almost Everything' - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
@@ -15,2 +15,3 @@ # jose | ||
| - JSON Web Key Thumbprint - [RFC7638][spec-thumbprint] | ||
| - JSON Web Key Thumbprint URI - [RFC9278][spec-thumbprint-uri] | ||
| - JWS Unencoded Payload Option - [RFC7797][spec-b64] | ||
@@ -60,4 +61,5 @@ - CFRG Elliptic Curve ECDH and Signatures - [RFC8037][spec-okp] | ||
| - JSON Web Key (JWK) | ||
| - [Thumbprints](docs/functions/jwk_thumbprint.calculateJwkThumbprint.md#readme) | ||
| - [EmbeddedJWK](docs/functions/jwk_embedded.EmbeddedJWK.md#readme) | ||
| - [Calculating JWK Thumbprint](docs/functions/jwk_thumbprint.calculateJwkThumbprint.md#readme) | ||
| - [Calculating JWK Thumbprint URI](docs/functions/jwk_thumbprint.calculateJwkThumbprintUri.md#readme) | ||
| - [Verification using a JWK Embedded in a JWS Header](docs/functions/jwk_embedded.EmbeddedJWK.md#readme) | ||
| - JSON Web Key Set (JWKS) | ||
@@ -109,3 +111,3 @@ - [Verify using a local JWKSet](docs/functions/jwks_local.createLocalJWKSet.md#readme) | ||
| - there is JSON Web Encryption support | ||
| - it supports the flattened JWS / JWE Serialization Syntaxes | ||
| - it supports the General and Flattened JSON Serialization Syntaxes | ||
| - it supports the "crit" member validations to make sure extensions are handled correctly | ||
@@ -148,2 +150,3 @@ | ||
| [spec-thumbprint]: https://www.rfc-editor.org/rfc/rfc7638 | ||
| [spec-thumbprint-uri]: https://www.rfc-editor.org/rfc/rfc9278 | ||
| [support-sponsor]: https://github.com/sponsors/panva | ||
@@ -150,0 +153,0 @@ [conditional-exports]: https://nodejs.org/api/packages.html#packages_conditional_exports |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.36%
548919
- Number of lines in readme file
- increased by1.91%
160
Worsened metrics
- Lines of code
- decreased by-1.48%
13572
No dependency changes