jose - npm Package Compare versions

Comparing version 5.3.0 to 5.4.0

dist/browser/jwks/remote.js

@@ -12,3 +12,3 @@ import fetchJwks from '../runtime/fetch_jwks.js';
     const NAME = 'jose';
-    const VERSION = 'v5.3.0';
+    const VERSION = 'v5.4.0';
     USER_AGENT = `${NAME}/${VERSION}`;
@@ -15,0 +15,0 @@ }

dist/browser/jwt/decrypt.js

@@ -9,10 +9,10 @@ import { compactDecrypt } from '../jwe/compact/decrypt.js';
     if (protectedHeader.iss !== undefined && protectedHeader.iss !== payload.iss) {
-        throw new JWTClaimValidationFailed('replicated "iss" claim header parameter mismatch', 'iss', 'mismatch');
+        throw new JWTClaimValidationFailed('replicated "iss" claim header parameter mismatch', payload, 'iss', 'mismatch');
     }
     if (protectedHeader.sub !== undefined && protectedHeader.sub !== payload.sub) {
-        throw new JWTClaimValidationFailed('replicated "sub" claim header parameter mismatch', 'sub', 'mismatch');
+        throw new JWTClaimValidationFailed('replicated "sub" claim header parameter mismatch', payload, 'sub', 'mismatch');
     }
     if (protectedHeader.aud !== undefined &&
         JSON.stringify(protectedHeader.aud) !== JSON.stringify(payload.aud)) {
-        throw new JWTClaimValidationFailed('replicated "aud" claim header parameter mismatch', 'aud', 'mismatch');
+        throw new JWTClaimValidationFailed('replicated "aud" claim header parameter mismatch', payload, 'aud', 'mismatch');
     }
@@ -19,0 +19,0 @@ const result = { payload, protectedHeader };

dist/browser/lib/jwt_claims_set.js

@@ -17,8 +17,2 @@ import { JWTClaimValidationFailed, JWTExpired, JWTInvalid } from '../util/errors.js';
 export default (protectedHeader, encodedPayload, options = {}) => {
-    const { typ } = options;
-    if (typ &&
-        (typeof protectedHeader.typ !== 'string' ||
-            normalizeTyp(protectedHeader.typ) !== normalizeTyp(typ))) {
-        throw new JWTClaimValidationFailed('unexpected "typ" JWT header value', 'typ', 'check_failed');
-    }
     let payload;
@@ -33,2 +27,8 @@ try {
     }
+    const { typ } = options;
+    if (typ &&
+        (typeof protectedHeader.typ !== 'string' ||
+            normalizeTyp(protectedHeader.typ) !== normalizeTyp(typ))) {
+        throw new JWTClaimValidationFailed('unexpected "typ" JWT header value', payload, 'typ', 'check_failed');
+    }
     const { requiredClaims = [], issuer, subject, audience, maxTokenAge } = options;
@@ -46,14 +46,14 @@ const presenceCheck = [...requiredClaims];
         if (!(claim in payload)) {
-            throw new JWTClaimValidationFailed(`missing required "${claim}" claim`, claim, 'missing');
+            throw new JWTClaimValidationFailed(`missing required "${claim}" claim`, payload, claim, 'missing');
         }
     }
     if (issuer && !(Array.isArray(issuer) ? issuer : [issuer]).includes(payload.iss)) {
-        throw new JWTClaimValidationFailed('unexpected "iss" claim value', 'iss', 'check_failed');
+        throw new JWTClaimValidationFailed('unexpected "iss" claim value', payload, 'iss', 'check_failed');
     }
     if (subject && payload.sub !== subject) {
-        throw new JWTClaimValidationFailed('unexpected "sub" claim value', 'sub', 'check_failed');
+        throw new JWTClaimValidationFailed('unexpected "sub" claim value', payload, 'sub', 'check_failed');
     }
     if (audience &&
         !checkAudiencePresence(payload.aud, typeof audience === 'string' ? [audience] : audience)) {
-        throw new JWTClaimValidationFailed('unexpected "aud" claim value', 'aud', 'check_failed');
+        throw new JWTClaimValidationFailed('unexpected "aud" claim value', payload, 'aud', 'check_failed');
     }
@@ -77,10 +77,10 @@ let tolerance;
     if ((payload.iat !== undefined || maxTokenAge) && typeof payload.iat !== 'number') {
-        throw new JWTClaimValidationFailed('"iat" claim must be a number', 'iat', 'invalid');
+        throw new JWTClaimValidationFailed('"iat" claim must be a number', payload, 'iat', 'invalid');
     }
     if (payload.nbf !== undefined) {
         if (typeof payload.nbf !== 'number') {
-            throw new JWTClaimValidationFailed('"nbf" claim must be a number', 'nbf', 'invalid');
+            throw new JWTClaimValidationFailed('"nbf" claim must be a number', payload, 'nbf', 'invalid');
         }
         if (payload.nbf > now + tolerance) {
-            throw new JWTClaimValidationFailed('"nbf" claim timestamp check failed', 'nbf', 'check_failed');
+            throw new JWTClaimValidationFailed('"nbf" claim timestamp check failed', payload, 'nbf', 'check_failed');
         }
@@ -90,6 +90,6 @@ }
         if (typeof payload.exp !== 'number') {
-            throw new JWTClaimValidationFailed('"exp" claim must be a number', 'exp', 'invalid');
+            throw new JWTClaimValidationFailed('"exp" claim must be a number', payload, 'exp', 'invalid');
         }
         if (payload.exp <= now - tolerance) {
-            throw new JWTExpired('"exp" claim timestamp check failed', 'exp', 'check_failed');
+            throw new JWTExpired('"exp" claim timestamp check failed', payload, 'exp', 'check_failed');
         }
@@ -101,6 +101,6 @@ }
         if (age - tolerance > max) {
-            throw new JWTExpired('"iat" claim timestamp check failed (too far in the past)', 'iat', 'check_failed');
+            throw new JWTExpired('"iat" claim timestamp check failed (too far in the past)', payload, 'iat', 'check_failed');
         }
         if (age < 0 - tolerance) {
-            throw new JWTClaimValidationFailed('"iat" claim timestamp check failed (it should be in the past)', 'iat', 'check_failed');
+            throw new JWTClaimValidationFailed('"iat" claim timestamp check failed (it should be in the past)', payload, 'iat', 'check_failed');
         }
@@ -107,0 +107,0 @@ }

dist/browser/util/errors.js

@@ -16,3 +16,3 @@ export class JOSEError extends Error {
     }
-    constructor(message, claim = 'unspecified', reason = 'unspecified') {
+    constructor(message, payload, claim = 'unspecified', reason = 'unspecified') {
         super(message);
@@ -22,2 +22,3 @@ this.code = 'ERR_JWT_CLAIM_VALIDATION_FAILED';
         this.reason = reason;
+        this.payload = payload;
     }
@@ -29,3 +30,3 @@ }
     }
-    constructor(message, claim = 'unspecified', reason = 'unspecified') {
+    constructor(message, payload, claim = 'unspecified', reason = 'unspecified') {
         super(message);
@@ -35,2 +36,3 @@ this.code = 'ERR_JWT_EXPIRED';
         this.reason = reason;
+        this.payload = payload;
     }
@@ -37,0 +39,0 @@ }

dist/node/cjs/jwks/remote.js

@@ -15,3 +15,3 @@ "use strict";
     const NAME = 'jose';
-    const VERSION = 'v5.3.0';
+    const VERSION = 'v5.4.0';
     USER_AGENT = `${NAME}/${VERSION}`;
@@ -18,0 +18,0 @@ }

dist/node/cjs/jwt/decrypt.js

@@ -12,10 +12,10 @@ "use strict";
     if (protectedHeader.iss !== undefined && protectedHeader.iss !== payload.iss) {
-        throw new errors_js_1.JWTClaimValidationFailed('replicated "iss" claim header parameter mismatch', 'iss', 'mismatch');
+        throw new errors_js_1.JWTClaimValidationFailed('replicated "iss" claim header parameter mismatch', payload, 'iss', 'mismatch');
     }
     if (protectedHeader.sub !== undefined && protectedHeader.sub !== payload.sub) {
-        throw new errors_js_1.JWTClaimValidationFailed('replicated "sub" claim header parameter mismatch', 'sub', 'mismatch');
+        throw new errors_js_1.JWTClaimValidationFailed('replicated "sub" claim header parameter mismatch', payload, 'sub', 'mismatch');
     }
     if (protectedHeader.aud !== undefined &&
         JSON.stringify(protectedHeader.aud) !== JSON.stringify(payload.aud)) {
-        throw new errors_js_1.JWTClaimValidationFailed('replicated "aud" claim header parameter mismatch', 'aud', 'mismatch');
+        throw new errors_js_1.JWTClaimValidationFailed('replicated "aud" claim header parameter mismatch', payload, 'aud', 'mismatch');
     }
@@ -22,0 +22,0 @@ const result = { payload, protectedHeader };

dist/node/cjs/lib/jwt_claims_set.js

@@ -19,8 +19,2 @@ "use strict";
 exports.default = (protectedHeader, encodedPayload, options = {}) => {
-    const { typ } = options;
-    if (typ &&
-        (typeof protectedHeader.typ !== 'string' ||
-            normalizeTyp(protectedHeader.typ) !== normalizeTyp(typ))) {
-        throw new errors_js_1.JWTClaimValidationFailed('unexpected "typ" JWT header value', 'typ', 'check_failed');
-    }
     let payload;
@@ -35,2 +29,8 @@ try {
     }
+    const { typ } = options;
+    if (typ &&
+        (typeof protectedHeader.typ !== 'string' ||
+            normalizeTyp(protectedHeader.typ) !== normalizeTyp(typ))) {
+        throw new errors_js_1.JWTClaimValidationFailed('unexpected "typ" JWT header value', payload, 'typ', 'check_failed');
+    }
     const { requiredClaims = [], issuer, subject, audience, maxTokenAge } = options;
@@ -48,14 +48,14 @@ const presenceCheck = [...requiredClaims];
         if (!(claim in payload)) {
-            throw new errors_js_1.JWTClaimValidationFailed(`missing required "${claim}" claim`, claim, 'missing');
+            throw new errors_js_1.JWTClaimValidationFailed(`missing required "${claim}" claim`, payload, claim, 'missing');
         }
     }
     if (issuer && !(Array.isArray(issuer) ? issuer : [issuer]).includes(payload.iss)) {
-        throw new errors_js_1.JWTClaimValidationFailed('unexpected "iss" claim value', 'iss', 'check_failed');
+        throw new errors_js_1.JWTClaimValidationFailed('unexpected "iss" claim value', payload, 'iss', 'check_failed');
     }
     if (subject && payload.sub !== subject) {
-        throw new errors_js_1.JWTClaimValidationFailed('unexpected "sub" claim value', 'sub', 'check_failed');
+        throw new errors_js_1.JWTClaimValidationFailed('unexpected "sub" claim value', payload, 'sub', 'check_failed');
     }
     if (audience &&
         !checkAudiencePresence(payload.aud, typeof audience === 'string' ? [audience] : audience)) {
-        throw new errors_js_1.JWTClaimValidationFailed('unexpected "aud" claim value', 'aud', 'check_failed');
+        throw new errors_js_1.JWTClaimValidationFailed('unexpected "aud" claim value', payload, 'aud', 'check_failed');
     }
@@ -79,10 +79,10 @@ let tolerance;
     if ((payload.iat !== undefined || maxTokenAge) && typeof payload.iat !== 'number') {
-        throw new errors_js_1.JWTClaimValidationFailed('"iat" claim must be a number', 'iat', 'invalid');
+        throw new errors_js_1.JWTClaimValidationFailed('"iat" claim must be a number', payload, 'iat', 'invalid');
     }
     if (payload.nbf !== undefined) {
         if (typeof payload.nbf !== 'number') {
-            throw new errors_js_1.JWTClaimValidationFailed('"nbf" claim must be a number', 'nbf', 'invalid');
+            throw new errors_js_1.JWTClaimValidationFailed('"nbf" claim must be a number', payload, 'nbf', 'invalid');
         }
         if (payload.nbf > now + tolerance) {
-            throw new errors_js_1.JWTClaimValidationFailed('"nbf" claim timestamp check failed', 'nbf', 'check_failed');
+            throw new errors_js_1.JWTClaimValidationFailed('"nbf" claim timestamp check failed', payload, 'nbf', 'check_failed');
         }
@@ -92,6 +92,6 @@ }
         if (typeof payload.exp !== 'number') {
-            throw new errors_js_1.JWTClaimValidationFailed('"exp" claim must be a number', 'exp', 'invalid');
+            throw new errors_js_1.JWTClaimValidationFailed('"exp" claim must be a number', payload, 'exp', 'invalid');
         }
         if (payload.exp <= now - tolerance) {
-            throw new errors_js_1.JWTExpired('"exp" claim timestamp check failed', 'exp', 'check_failed');
+            throw new errors_js_1.JWTExpired('"exp" claim timestamp check failed', payload, 'exp', 'check_failed');
         }
@@ -103,6 +103,6 @@ }
         if (age - tolerance > max) {
-            throw new errors_js_1.JWTExpired('"iat" claim timestamp check failed (too far in the past)', 'iat', 'check_failed');
+            throw new errors_js_1.JWTExpired('"iat" claim timestamp check failed (too far in the past)', payload, 'iat', 'check_failed');
         }
         if (age < 0 - tolerance) {
-            throw new errors_js_1.JWTClaimValidationFailed('"iat" claim timestamp check failed (it should be in the past)', 'iat', 'check_failed');
+            throw new errors_js_1.JWTClaimValidationFailed('"iat" claim timestamp check failed (it should be in the past)', payload, 'iat', 'check_failed');
         }
@@ -109,0 +109,0 @@ }

dist/node/cjs/util/errors.js

@@ -23,6 +23,8 @@ "use strict";
     reason;
-    constructor(message, claim = 'unspecified', reason = 'unspecified') {
+    payload;
+    constructor(message, payload, claim = 'unspecified', reason = 'unspecified') {
         super(message);
         this.claim = claim;
         this.reason = reason;
+        this.payload = payload;
     }
@@ -38,6 +40,8 @@ }
     reason;
-    constructor(message, claim = 'unspecified', reason = 'unspecified') {
+    payload;
+    constructor(message, payload, claim = 'unspecified', reason = 'unspecified') {
         super(message);
         this.claim = claim;
         this.reason = reason;
+        this.payload = payload;
     }
@@ -44,0 +48,0 @@ }

dist/node/esm/jwks/remote.js

@@ -12,3 +12,3 @@ import fetchJwks from '../runtime/fetch_jwks.js';
     const NAME = 'jose';
-    const VERSION = 'v5.3.0';
+    const VERSION = 'v5.4.0';
     USER_AGENT = `${NAME}/${VERSION}`;
@@ -15,0 +15,0 @@ }

dist/node/esm/jwt/decrypt.js

@@ -9,10 +9,10 @@ import { compactDecrypt } from '../jwe/compact/decrypt.js';
     if (protectedHeader.iss !== undefined && protectedHeader.iss !== payload.iss) {
-        throw new JWTClaimValidationFailed('replicated "iss" claim header parameter mismatch', 'iss', 'mismatch');
+        throw new JWTClaimValidationFailed('replicated "iss" claim header parameter mismatch', payload, 'iss', 'mismatch');
     }
     if (protectedHeader.sub !== undefined && protectedHeader.sub !== payload.sub) {
-        throw new JWTClaimValidationFailed('replicated "sub" claim header parameter mismatch', 'sub', 'mismatch');
+        throw new JWTClaimValidationFailed('replicated "sub" claim header parameter mismatch', payload, 'sub', 'mismatch');
     }
     if (protectedHeader.aud !== undefined &&
         JSON.stringify(protectedHeader.aud) !== JSON.stringify(payload.aud)) {
-        throw new JWTClaimValidationFailed('replicated "aud" claim header parameter mismatch', 'aud', 'mismatch');
+        throw new JWTClaimValidationFailed('replicated "aud" claim header parameter mismatch', payload, 'aud', 'mismatch');
     }
@@ -19,0 +19,0 @@ const result = { payload, protectedHeader };

dist/node/esm/lib/jwt_claims_set.js

@@ -17,8 +17,2 @@ import { JWTClaimValidationFailed, JWTExpired, JWTInvalid } from '../util/errors.js';
 export default (protectedHeader, encodedPayload, options = {}) => {
-    const { typ } = options;
-    if (typ &&
-        (typeof protectedHeader.typ !== 'string' ||
-            normalizeTyp(protectedHeader.typ) !== normalizeTyp(typ))) {
-        throw new JWTClaimValidationFailed('unexpected "typ" JWT header value', 'typ', 'check_failed');
-    }
     let payload;
@@ -33,2 +27,8 @@ try {
     }
+    const { typ } = options;
+    if (typ &&
+        (typeof protectedHeader.typ !== 'string' ||
+            normalizeTyp(protectedHeader.typ) !== normalizeTyp(typ))) {
+        throw new JWTClaimValidationFailed('unexpected "typ" JWT header value', payload, 'typ', 'check_failed');
+    }
     const { requiredClaims = [], issuer, subject, audience, maxTokenAge } = options;
@@ -46,14 +46,14 @@ const presenceCheck = [...requiredClaims];
         if (!(claim in payload)) {
-            throw new JWTClaimValidationFailed(`missing required "${claim}" claim`, claim, 'missing');
+            throw new JWTClaimValidationFailed(`missing required "${claim}" claim`, payload, claim, 'missing');
         }
     }
     if (issuer && !(Array.isArray(issuer) ? issuer : [issuer]).includes(payload.iss)) {
-        throw new JWTClaimValidationFailed('unexpected "iss" claim value', 'iss', 'check_failed');
+        throw new JWTClaimValidationFailed('unexpected "iss" claim value', payload, 'iss', 'check_failed');
     }
     if (subject && payload.sub !== subject) {
-        throw new JWTClaimValidationFailed('unexpected "sub" claim value', 'sub', 'check_failed');
+        throw new JWTClaimValidationFailed('unexpected "sub" claim value', payload, 'sub', 'check_failed');
     }
     if (audience &&
         !checkAudiencePresence(payload.aud, typeof audience === 'string' ? [audience] : audience)) {
-        throw new JWTClaimValidationFailed('unexpected "aud" claim value', 'aud', 'check_failed');
+        throw new JWTClaimValidationFailed('unexpected "aud" claim value', payload, 'aud', 'check_failed');
     }
@@ -77,10 +77,10 @@ let tolerance;
     if ((payload.iat !== undefined || maxTokenAge) && typeof payload.iat !== 'number') {
-        throw new JWTClaimValidationFailed('"iat" claim must be a number', 'iat', 'invalid');
+        throw new JWTClaimValidationFailed('"iat" claim must be a number', payload, 'iat', 'invalid');
     }
     if (payload.nbf !== undefined) {
         if (typeof payload.nbf !== 'number') {
-            throw new JWTClaimValidationFailed('"nbf" claim must be a number', 'nbf', 'invalid');
+            throw new JWTClaimValidationFailed('"nbf" claim must be a number', payload, 'nbf', 'invalid');
         }
         if (payload.nbf > now + tolerance) {
-            throw new JWTClaimValidationFailed('"nbf" claim timestamp check failed', 'nbf', 'check_failed');
+            throw new JWTClaimValidationFailed('"nbf" claim timestamp check failed', payload, 'nbf', 'check_failed');
         }
@@ -90,6 +90,6 @@ }
         if (typeof payload.exp !== 'number') {
-            throw new JWTClaimValidationFailed('"exp" claim must be a number', 'exp', 'invalid');
+            throw new JWTClaimValidationFailed('"exp" claim must be a number', payload, 'exp', 'invalid');
         }
         if (payload.exp <= now - tolerance) {
-            throw new JWTExpired('"exp" claim timestamp check failed', 'exp', 'check_failed');
+            throw new JWTExpired('"exp" claim timestamp check failed', payload, 'exp', 'check_failed');
         }
@@ -101,6 +101,6 @@ }
         if (age - tolerance > max) {
-            throw new JWTExpired('"iat" claim timestamp check failed (too far in the past)', 'iat', 'check_failed');
+            throw new JWTExpired('"iat" claim timestamp check failed (too far in the past)', payload, 'iat', 'check_failed');
         }
         if (age < 0 - tolerance) {
-            throw new JWTClaimValidationFailed('"iat" claim timestamp check failed (it should be in the past)', 'iat', 'check_failed');
+            throw new JWTClaimValidationFailed('"iat" claim timestamp check failed (it should be in the past)', payload, 'iat', 'check_failed');
         }
@@ -107,0 +107,0 @@ }

dist/node/esm/util/errors.js

@@ -19,6 +19,8 @@ export class JOSEError extends Error {
     reason;
-    constructor(message, claim = 'unspecified', reason = 'unspecified') {
+    payload;
+    constructor(message, payload, claim = 'unspecified', reason = 'unspecified') {
         super(message);
         this.claim = claim;
         this.reason = reason;
+        this.payload = payload;
     }
@@ -33,6 +35,8 @@ }
     reason;
-    constructor(message, claim = 'unspecified', reason = 'unspecified') {
+    payload;
+    constructor(message, payload, claim = 'unspecified', reason = 'unspecified') {
         super(message);
         this.claim = claim;
         this.reason = reason;
+        this.payload = payload;
     }
@@ -39,0 +43,0 @@ }

dist/types/util/errors.d.ts

@@ -1,2 +0,2 @@
-import type { KeyLike } from '../types';
+import type { JWTPayload, KeyLike } from '../types';
 /**
@@ -30,4 +30,6 @@ * A generic Error that all other JOSE specific Error subclasses extend.
     reason: string;
+    /** The parsed JWT payload. */
+    payload: JWTPayload;
     /** @ignore */
-    constructor(message: string, claim?: string, reason?: string);
+    constructor(message: string, payload: JWTPayload, claim?: string, reason?: string);
 }
@@ -46,4 +48,6 @@ /**
     reason: string;
+    /** The parsed JWT payload. */
+    payload: JWTPayload;
     /** @ignore */
-    constructor(message: string, claim?: string, reason?: string);
+    constructor(message: string, payload: JWTPayload, claim?: string, reason?: string);
 }
@@ -50,0 +54,0 @@ /**

package.json

 {
   "name": "jose",
-  "version": "5.3.0",
+  "version": "5.4.0",
   "description": "JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes",
@@ -5,0 +5,0 @@ "keywords": [

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

508122

increased by0.17%

Lines of code

12623

increased by0.11%

No dependency changes