Launch Week Day 5: Introducing Reachability for PHP.Learn More
Socket
Book a DemoSign in
Socket
Book a DemoSign in

jsonwebtoken

Package Overview
Dependencies
Maintainers
2
Versions
82
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

jsonwebtoken - npm Package Compare versions

Comparing version
0.2.0
 to
0.3.0
+10
-10
index.js
var jws = require('jws');
var moment = require('moment');

@@ -12,5 +11,10 @@ module.exports.decode = function (jwt) {

var header = {typ: 'JWT', alg: options.algorithm || 'HS256'};
if (options.expiresInMinutes)
payload.exp = moment().add('minutes', options.expiresInMinutes).utc().unix();
payload.iat = Date.now();
if (options.expiresInMinutes) {
var ms = options.expiresInMinutes * 60 * 1000;
payload.exp = payload.iat + ms;
}
if (options.audience)

@@ -25,4 +29,2 @@ payload.aud = options.audience;

payload.iat = moment().utc().unix();
var signed = jws.sign({header: header, payload: payload, secret: secretOrPrivateKey});

@@ -51,7 +53,7 @@

if (payload.exp) {
if (moment().utc().unix() >= payload.exp)
if (Date.now() >= payload.exp)
return callback(new Error('jwt expired'));
}
if (payload.aud && options.audience) {
if (options.audience) {
if (payload.aud !== options.audience)

@@ -61,3 +63,3 @@ return callback(new Error('jwt audience invalid. expected: ' + payload.aud));

if (payload.iss && options.issuer) {
if (options.issuer) {
if (payload.iss !== options.issuer)

@@ -69,3 +71,1 @@ return callback(new Error('jwt issuer invalid. expected: ' + payload.iss));

};
+2
-3
package.json
{
"name": "jsonwebtoken",
"version": "0.2.0",
"version": "0.3.0",
"description": "JSON Web Token implementation (symmetric and asymmetric)",

@@ -22,4 +22,3 @@ "main": "index.js",

"dependencies": {
"jws": "~0.2.2",
"moment": "~2.0.0"
"jws": "~0.2.2"
},

@@ -26,0 +25,0 @@ "devDependencies": {

+1
-0
README.md

@@ -42,2 +42,3 @@ # jsonwebtoken [![Build Status](https://secure.travis-ci.org/auth0/node-jsonwebtoken.png)](http://travis-ci.org/auth0/node-jsonwebtoken)

// sign with default (HMAC SHA256)
var jwt = require('jsonwebtoken');
var token = jwt.sign({ foo: 'bar' }, 'shhhhh');

@@ -44,0 +45,0 @@ 

+30
-6
test/jwt.rs.tests.js

@@ -15,3 +15,3 @@ var jwt = require('../index');

var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256' });
it('should be syntactically valid', function() {

@@ -44,3 +44,3 @@ expect(token).to.be.a('string');

var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256', expiresInMinutes: 10 });
it('should be valid expiration', function(done) {

@@ -69,5 +69,5 @@ jwt.verify(token, pub, function(err, decoded) {

var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256', audience: 'urn:foo' });
it('should check audience', function(done) {
jwt.verify(token, pub, function(err, decoded) {
jwt.verify(token, pub, { audience: 'urn:foo' }, function(err, decoded) {
assert.isNotNull(decoded);

@@ -89,5 +89,18 @@ assert.isNull(err);

describe('when signing a token without audience', function() {
var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256' });
it('should check audience', function(done) {
jwt.verify(token, pub, { audience: 'urn:wrong' }, function(err, decoded) {
assert.isUndefined(decoded);
assert.isNotNull(err);
done();
});
});
});
describe('when signing a token with issuer', function() {
var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256', issuer: 'urn:foo' });
it('should check issuer', function() {

@@ -108,2 +121,13 @@ jwt.verify(token, pub, { issuer: 'urn:foo' }, function(err, decoded) {

describe('when signing a token without issuer', function() {
var token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256' });
it('should check issuer', function() {
jwt.verify(token, pub, { issuer: 'urn:foo' }, function(err, decoded) {
assert.isUndefined(decoded);
assert.isNotNull(err);
});
});
});
describe('when verifying a malformed token', function() {

@@ -120,2 +144,2 @@ it('should throw', function(done) {

});
});