jsonwebtoken
Advanced tools
jsonwebtoken - npm Package Compare versions
Comparing version 3.2.2 to 4.0.0
25
index.js
@@ -28,9 +28,13 @@ var jws = require('jws'); | ||
| var timestamp = Math.floor(Date.now() / 1000); | ||
| if (!options.noTimestamp) { | ||
| payload.iat = Math.floor(Date.now() / 1000); | ||
| payload.iat = timestamp; | ||
| } | ||
| if (options.expiresInMinutes) { | ||
| var ms = options.expiresInMinutes * 60; | ||
| payload.exp = payload.iat + ms; | ||
| var expiresInSeconds = options.expiresInMinutes ? | ||
| options.expiresInMinutes * 60 : | ||
| options.expiresInSeconds; | ||
| if (expiresInSeconds) { | ||
| payload.exp = timestamp + expiresInSeconds; | ||
| } | ||
@@ -47,4 +51,9 @@ | ||
| var signed = jws.sign({header: header, payload: payload, secret: secretOrPrivateKey}); | ||
| var encoding = 'utf8'; | ||
| if (options.encoding) { | ||
| encoding = options.encoding; | ||
| } | ||
| var signed = jws.sign({header: header, payload: payload, secret: secretOrPrivateKey, encoding: encoding}); | ||
| return signed; | ||
@@ -110,3 +119,3 @@ }; | ||
| if (typeof payload.exp !== 'undefined') { | ||
| if (typeof payload.exp !== 'undefined' && !options.ignoreExpiration) { | ||
| if (typeof payload.exp !== 'number') { | ||
@@ -126,3 +135,3 @@ return done(new JsonWebTokenError('invalid exp value')); | ||
| if (!match) | ||
| return done(new JsonWebTokenError('jwt audience invalid. expected: ' + payload.aud)); | ||
| return done(new JsonWebTokenError('jwt audience invalid. expected: ' + audiences.join(' or '))); | ||
| } | ||
@@ -132,3 +141,3 @@ | ||
| if (payload.iss !== options.issuer) | ||
| return done(new JsonWebTokenError('jwt issuer invalid. expected: ' + payload.iss)); | ||
| return done(new JsonWebTokenError('jwt issuer invalid. expected: ' + options.issuer)); | ||
| } | ||
@@ -135,0 +144,0 @@ |
| { | ||
| "name": "jsonwebtoken", | ||
| "version": "3.2.2", | ||
| "version": "4.0.0", | ||
| "description": "JSON Web Token implementation (symmetric and asymmetric)", | ||
@@ -22,3 +22,3 @@ "main": "index.js", | ||
| "dependencies": { | ||
| "jws": "~1.0.1" | ||
| "jws": "~2.0.0" | ||
| }, | ||
@@ -25,0 +25,0 @@ "devDependencies": { |
@@ -28,3 +28,3 @@ # jsonwebtoken [](http://travis-ci.org/auth0/node-jsonwebtoken) | ||
| * `algorithm` (default: `HS256`) | ||
| * `expiresInMinutes` | ||
| * `expiresInMinutes` or `expiresInSeconds` | ||
| * `audience` | ||
@@ -34,2 +34,3 @@ * `subject` | ||
| * `noTimestamp` | ||
| * `headers` | ||
@@ -39,6 +40,10 @@ If `payload` is not a buffer or a string, it will be coerced into a string | ||
| If any `expiresInMinutes`, `audience`, `subject`, `issuer` are not provided, there is no default. The jwt generated won't include those properties in the payload. | ||
| If any `expiresInMinutes`, `audience`, `subject`, `issuer` are not provided, there is no default. The jwt generated won't include those properties in the payload. | ||
| Additional headers can be provided via the `headers` object. | ||
| Generated jwts will include an `iat` claim by default unless `noTimestamp` is specified. | ||
| Setting `ignoreExpiration` to `true` will prevent expired tokens from generating an error. | ||
| Example | ||
@@ -58,2 +63,9 @@ | ||
| `options`: | ||
| * `ignoreExpiration` | ||
| * `audience` | ||
| * `issuer` | ||
| (Asynchronous) If a callback is supplied, function acts asynchronously. Callback passed the payload decoded if the signature (and optionally expiration, audience, issuer) are valid. If not, it will be passed the error. | ||
@@ -169,4 +181,4 @@ | ||
| * 'invalid signature' | ||
| * 'jwt audience invalid. expected: [PAYLOAD AUDIENCE]' | ||
| * 'jwt issuer invalid. expected: [PAYLOAD ISSUER]' | ||
| * 'jwt audience invalid. expected: [OPTIONS AUDIENCE]' | ||
| * 'jwt issuer invalid. expected: [OPTIONS ISSUER]' | ||
@@ -211,5 +223,8 @@ ```js | ||
| # License | ||
| ## Author | ||
| MIT | ||
| [Auth0](auth0.com) | ||
| ## License | ||
| This project is licensed under the MIT license. See the [LICENSE](LICENSE) file for more info. |
@@ -7,5 +7,16 @@ var jwt = require('../index'); | ||
| it('should properly encode the token', function () { | ||
| function b64_to_utf8 (str) { | ||
| return decodeURIComponent(escape(atob( str ))); | ||
| } | ||
| it('should properly encode the token (utf8)', function () { | ||
| var expected = 'José'; | ||
| var token = jwt.sign({ name: expected }, 'shhhhh'); | ||
| var decoded_name = JSON.parse(b64_to_utf8(token.split('.')[1])).name; | ||
| expect(decoded_name).to.equal(expected); | ||
| }); | ||
| it('should properly encode the token (binary)', function () { | ||
| var expected = 'José'; | ||
| var token = jwt.sign({ name: expected }, 'shhhhh', { encoding: 'binary' }); | ||
| var decoded_name = JSON.parse(atob(token.split('.')[1])).name; | ||
@@ -15,2 +26,14 @@ expect(decoded_name).to.equal(expected); | ||
| it('should return the same result when decoding', function () { | ||
| var username = '測試'; | ||
| var token = jwt.sign({ | ||
| username: username | ||
| }, 'test'); | ||
| var payload = jwt.verify(token, 'test'); | ||
| expect(payload.username).to.equal(username); | ||
| }); | ||
| }); |
@@ -20,3 +20,3 @@ var jwt = require('../index'); | ||
| var callback = function(err, decoded) { | ||
| assert.ok(decoded.foo); | ||
| assert.ok(decoded.foo); | ||
| assert.equal('bar', decoded.foo); | ||
@@ -63,3 +63,22 @@ done(); | ||
| it('should return an error when the token is expired', function(done) { | ||
| var token = jwt.sign({ exp: 1 }, secret, { algorithm: 'HS256' }); | ||
| jwt.verify(token, secret, { algorithm: 'HS256' }, function(err, decoded) { | ||
| assert.isUndefined(decoded); | ||
| assert.isNotNull(err); | ||
| done(); | ||
| }); | ||
| }); | ||
| it('should NOT return an error when the token is expired with "ignoreExpiration"', function(done) { | ||
| var token = jwt.sign({ exp: 1, foo: 'bar' }, secret, { algorithm: 'HS256' }); | ||
| jwt.verify(token, secret, { algorithm: 'HS256', ignoreExpiration: true }, function(err, decoded) { | ||
| assert.ok(decoded.foo); | ||
| assert.equal('bar', decoded.foo); | ||
| assert.isNull(err); | ||
| done(); | ||
| }); | ||
| }); | ||
| }); | ||
| }); |
@@ -78,2 +78,13 @@ var jwt = require('../index'); | ||
| }); | ||
| it('should NOT be invalid', function(done) { | ||
| // expired token | ||
| token = jwt.sign({ foo: 'bar' }, priv, { algorithm: 'RS256', expiresInMinutes: -10 }); | ||
| jwt.verify(token, pub, { ignoreExpiration: true }, function(err, decoded) { | ||
| assert.ok(decoded.foo); | ||
| assert.equal('bar', decoded.foo); | ||
| done(); | ||
| }); | ||
| }); | ||
| }); | ||
@@ -80,0 +91,0 @@ |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by12.05%
32613
- Number of package files
- increased by18.75%
19
- Lines of code
- increased by14.41%
524
- Number of lines in readme file
- increased by7.14%
225
- Number of medium supply chain risk alerts
- decreased by-100%
0
Dependency changes
+ Addedjws@2.0.0(transitive)
- Removedjws@1.0.1(transitive)
Updatedjws@~2.0.0