jsonwebtoken
Advanced tools
Comparing version 3.2.2 to 4.0.0
25
index.js
@@ -28,9 +28,13 @@ var jws = require('jws'); | ||
var timestamp = Math.floor(Date.now() / 1000); | ||
if (!options.noTimestamp) { | ||
payload.iat = Math.floor(Date.now() / 1000); | ||
payload.iat = timestamp; | ||
} | ||
if (options.expiresInMinutes) { | ||
var ms = options.expiresInMinutes * 60; | ||
payload.exp = payload.iat + ms; | ||
var expiresInSeconds = options.expiresInMinutes ? | ||
options.expiresInMinutes * 60 : | ||
options.expiresInSeconds; | ||
if (expiresInSeconds) { | ||
payload.exp = timestamp + expiresInSeconds; | ||
} | ||
@@ -47,4 +51,9 @@ | ||
var signed = jws.sign({header: header, payload: payload, secret: secretOrPrivateKey}); | ||
var encoding = 'utf8'; | ||
if (options.encoding) { | ||
encoding = options.encoding; | ||
} | ||
var signed = jws.sign({header: header, payload: payload, secret: secretOrPrivateKey, encoding: encoding}); | ||
return signed; | ||
@@ -110,3 +119,3 @@ }; | ||
if (typeof payload.exp !== 'undefined') { | ||
if (typeof payload.exp !== 'undefined' && !options.ignoreExpiration) { | ||
if (typeof payload.exp !== 'number') { | ||
@@ -126,3 +135,3 @@ return done(new JsonWebTokenError('invalid exp value')); | ||
if (!match) | ||
return done(new JsonWebTokenError('jwt audience invalid. expected: ' + payload.aud)); | ||
return done(new JsonWebTokenError('jwt audience invalid. expected: ' + audiences.join(' or '))); | ||
} | ||
@@ -132,3 +141,3 @@ | ||
if (payload.iss !== options.issuer) | ||
return done(new JsonWebTokenError('jwt issuer invalid. expected: ' + payload.iss)); | ||
return done(new JsonWebTokenError('jwt issuer invalid. expected: ' + options.issuer)); | ||
} | ||
@@ -135,0 +144,0 @@ |
{ | ||
"name": "jsonwebtoken", | ||
"version": "3.2.2", | ||
"version": "4.0.0", | ||
"description": "JSON Web Token implementation (symmetric and asymmetric)", | ||
@@ -22,3 +22,3 @@ "main": "index.js", | ||
"dependencies": { | ||
"jws": "~1.0.1" | ||
"jws": "~2.0.0" | ||
}, | ||
@@ -25,0 +25,0 @@ "devDependencies": { |
@@ -28,3 +28,3 @@ # jsonwebtoken [![Build Status](https://secure.travis-ci.org/auth0/node-jsonwebtoken.png)](http://travis-ci.org/auth0/node-jsonwebtoken) | ||
* `algorithm` (default: `HS256`) | ||
* `expiresInMinutes` | ||
* `expiresInMinutes` or `expiresInSeconds` | ||
* `audience` | ||
@@ -34,2 +34,3 @@ * `subject` | ||
* `noTimestamp` | ||
* `headers` | ||
@@ -39,6 +40,10 @@ If `payload` is not a buffer or a string, it will be coerced into a string | ||
If any `expiresInMinutes`, `audience`, `subject`, `issuer` are not provided, there is no default. The jwt generated won't include those properties in the payload. | ||
If any `expiresInMinutes`, `audience`, `subject`, `issuer` are not provided, there is no default. The jwt generated won't include those properties in the payload. | ||
Additional headers can be provided via the `headers` object. | ||
Generated jwts will include an `iat` claim by default unless `noTimestamp` is specified. | ||
Setting `ignoreExpiration` to `true` will prevent expired tokens from generating an error. | ||
Example | ||
@@ -58,2 +63,9 @@ | ||
`options`: | ||
* `ignoreExpiration` | ||
* `audience` | ||
* `issuer` | ||
(Asynchronous) If a callback is supplied, function acts asynchronously. Callback passed the payload decoded if the signature (and optionally expiration, audience, issuer) are valid. If not, it will be passed the error. | ||
@@ -169,4 +181,4 @@ | ||
* 'invalid signature' | ||
* 'jwt audience invalid. expected: [PAYLOAD AUDIENCE]' | ||
* 'jwt issuer invalid. expected: [PAYLOAD ISSUER]' | ||
* 'jwt audience invalid. expected: [OPTIONS AUDIENCE]' | ||
* 'jwt issuer invalid. expected: [OPTIONS ISSUER]' | ||
@@ -211,5 +223,8 @@ ```js | ||
# License | ||
## Author | ||
MIT | ||
[Auth0](auth0.com) | ||
## License | ||
This project is licensed under the MIT license. See the [LICENSE](LICENSE) file for more info. |
@@ -7,5 +7,16 @@ var jwt = require('../index'); | ||
it('should properly encode the token', function () { | ||
function b64_to_utf8 (str) { | ||
return decodeURIComponent(escape(atob( str ))); | ||
} | ||
it('should properly encode the token (utf8)', function () { | ||
var expected = 'José'; | ||
var token = jwt.sign({ name: expected }, 'shhhhh'); | ||
var decoded_name = JSON.parse(b64_to_utf8(token.split('.')[1])).name; | ||
expect(decoded_name).to.equal(expected); | ||
}); | ||
it('should properly encode the token (binary)', function () { | ||
var expected = 'José'; | ||
var token = jwt.sign({ name: expected }, 'shhhhh', { encoding: 'binary' }); | ||
var decoded_name = JSON.parse(atob(token.split('.')[1])).name; | ||
@@ -15,2 +26,14 @@ expect(decoded_name).to.equal(expected); | ||
it('should return the same result when decoding', function () { | ||
var username = '測試'; | ||
var token = jwt.sign({ | ||
username: username | ||
}, 'test'); | ||
var payload = jwt.verify(token, 'test'); | ||
expect(payload.username).to.equal(username); | ||
}); | ||
}); |
@@ -20,3 +20,3 @@ var jwt = require('../index'); | ||
var callback = function(err, decoded) { | ||
assert.ok(decoded.foo); | ||
assert.ok(decoded.foo); | ||
assert.equal('bar', decoded.foo); | ||
@@ -63,3 +63,22 @@ done(); | ||
it('should return an error when the token is expired', function(done) { | ||
var token = jwt.sign({ exp: 1 }, secret, { algorithm: 'HS256' }); | ||
jwt.verify(token, secret, { algorithm: 'HS256' }, function(err, decoded) { | ||
assert.isUndefined(decoded); | ||
assert.isNotNull(err); | ||
done(); | ||
}); | ||
}); | ||
it('should NOT return an error when the token is expired with "ignoreExpiration"', function(done) { | ||
var token = jwt.sign({ exp: 1, foo: 'bar' }, secret, { algorithm: 'HS256' }); | ||
jwt.verify(token, secret, { algorithm: 'HS256', ignoreExpiration: true }, function(err, decoded) { | ||
assert.ok(decoded.foo); | ||
assert.equal('bar', decoded.foo); | ||
assert.isNull(err); | ||
done(); | ||
}); | ||
}); | ||
}); | ||
}); |
@@ -78,2 +78,13 @@ var jwt = require('../index'); | ||
}); | ||
it('should NOT be invalid', function(done) { | ||
// expired token | ||
token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256', expiresInMinutes: -10 }); | ||
jwt.verify(token, pub, { ignoreExpiration: true }, function(err, decoded) { | ||
assert.ok(decoded.foo); | ||
assert.equal('bar', decoded.foo); | ||
done(); | ||
}); | ||
}); | ||
}); | ||
@@ -80,0 +91,0 @@ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
32613
19
524
225
0
+ Addedjws@2.0.0(transitive)
- Removedjws@1.0.1(transitive)
Updatedjws@~2.0.0