jsonwebtoken
Advanced tools
jsonwebtoken - npm Package Compare versions
Comparing version 8.0.1 to 8.1.0
@@ -7,2 +7,9 @@ # Change Log | ||
| ## 8.1.0 - 2017-10-09 | ||
| - #402: Don't fail if captureStackTrace is not a function (#410) ([77ee965d9081faaf21650f266399f203f69533c5](https://github.com/auth0/node-jsonwebtoken/commit/77ee965d9081faaf21650f266399f203f69533c5)) | ||
| - #403: Clarify error wording for "Expected object" error. (#409) ([bb27eb346f0ff675a320b2de16b391a7cfeadc58](https://github.com/auth0/node-jsonwebtoken/commit/bb27eb346f0ff675a320b2de16b391a7cfeadc58)) | ||
| - Enhance audience check to verify against regular expressions (#398) ([81501a17da230af7b74a3f7535ab5cd3a19c8315](https://github.com/auth0/node-jsonwebtoken/commit/81501a17da230af7b74a3f7535ab5cd3a19c8315)) | ||
| ## 8.0.1 - 2017-09-12 | ||
@@ -13,3 +20,3 @@ | ||
| ## 8.0.0 - 2017-09-06 | ||
| **Breaking changes: See [Migration notes from v7](https://github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v7-to-v8)** | ||
@@ -16,0 +23,0 @@ |
| var JsonWebTokenError = function (message, error) { | ||
| Error.call(this, message); | ||
| Error.captureStackTrace(this, this.constructor); | ||
| if(Error.captureStackTrace) { | ||
| Error.captureStackTrace(this, this.constructor); | ||
| } | ||
| this.name = 'JsonWebTokenError'; | ||
@@ -12,2 +14,2 @@ this.message = message; | ||
| module.exports = JsonWebTokenError; | ||
| module.exports = JsonWebTokenError; |
| { | ||
| "name": "jsonwebtoken", | ||
| "version": "8.0.1", | ||
| "version": "8.1.0", | ||
| "description": "JSON Web Token implementation (symmetric and asymmetric)", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -24,3 +24,3 @@ # jsonwebtoken | ||
| (Asynchronous) If a callback is supplied, callback is called with the `err` or the JWT. | ||
| (Asynchronous) If a callback is supplied, the callback is called with the `err` or the JWT. | ||
@@ -54,3 +54,3 @@ (Synchronous) Returns the JsonWebToken as string | ||
| The header can be customized via the `option.header` object. | ||
| The header can be customized via the `options.header` object. | ||
@@ -111,5 +111,5 @@ Generated jwts will include an `iat` (issued at) claim by default unless `noTimestamp` is specified. If `iat` is inserted in the payload, it will be used instead of the real timestamp for calculating other things like `exp` given a timespan in `options.expiresIn`. | ||
| (Asynchronous) If a callback is supplied, function acts asynchronously. Callback is passed the decoded payload if the signature and optional expiration, audience, or issuer are valid. If not, it will be passed the error. | ||
| (Asynchronous) If a callback is supplied, function acts asynchronously. The callback is called with the decoded payload if the signature is valid and optional expiration, audience, or issuer are valid. If not, it will be called with the error. | ||
| (Synchronous) If a callback is not supplied, function acts synchronously. Returns the payload decoded if the signature (and, optionally, expiration, audience, issuer) are valid. If not, it will throw the error. | ||
| (Synchronous) If a callback is not supplied, function acts synchronously. Returns the payload decoded if the signature is valid and optional expiration, audience, or issuer are valid. If not, it will throw the error. | ||
@@ -121,3 +121,3 @@ `token` is the JsonWebToken string | ||
| As mentioned in [this comment](https://github.com/auth0/node-jsonwebtoken/issues/208#issuecomment-231861138), there are other libraries that expect base64 encoded secrets (random bytes encoded using base64), if that is your case you can pass `new Buffer(secret, 'base64')`, by doing this the secret will be decoded using base64 and the token verification will use the original random bytes. | ||
| As mentioned in [this comment](https://github.com/auth0/node-jsonwebtoken/issues/208#issuecomment-231861138), there are other libraries that expect base64 encoded secrets (random bytes encoded using base64), if that is your case you can pass `Buffer.from(secret, 'base64')`, by doing this the secret will be decoded using base64 and the token verification will use the original random bytes. | ||
@@ -127,3 +127,3 @@ `options` | ||
| * `algorithms`: List of strings with the names of the allowed algorithms. For instance, `["HS256", "HS384"]`. | ||
| * `audience`: if you want to check audience (`aud`), provide a value here | ||
| * `audience`: if you want to check audience (`aud`), provide a value here. The audience can be checked against a string, a regular expression or a list of strings and/or regular expressions. Eg: `"urn:foo"`, `/urn:f[o]{2}/`, `[/urn:f[o]{2}/, "urn:bar"]` | ||
| * `issuer` (optional): string or array of strings of valid values for the `iss` field. | ||
@@ -130,0 +130,0 @@ * `ignoreExpiration`: if `true` do not validate the expiration of the token. |
22
sign.js
@@ -23,3 +23,3 @@ var timespan = require('./lib/timespan'); | ||
| noTimestamp: { isValid: isBoolean, message: '"noTimestamp" must be a boolean' }, | ||
| keyid: { isValid: isString, message: '"keyid" must be a string' }, | ||
| keyid: { isValid: isString, message: '"keyid" must be a string' } | ||
| }; | ||
@@ -33,5 +33,5 @@ | ||
| function validate(schema, unknown, object) { | ||
| function validate(schema, allowUnknown, object, parameterName) { | ||
| if (!isPlainObject(object)) { | ||
| throw new Error('Expected object'); | ||
| throw new Error('Expected "' + parameterName + '" to be a plain object.'); | ||
| } | ||
@@ -42,4 +42,4 @@ Object.keys(object) | ||
| if (!validator) { | ||
| if (!unknown) { | ||
| throw new Error('"' + key + '" is not allowed'); | ||
| if (!allowUnknown) { | ||
| throw new Error('"' + key + '" is not allowed in "' + parameterName + '"'); | ||
| } | ||
@@ -54,2 +54,10 @@ return; | ||
| function validateOptions(options) { | ||
| return validate(sign_options_schema, false, options, 'options'); | ||
| } | ||
| function validatePayload(payload) { | ||
| return validate(registered_claims_schema, true, payload, 'payload'); | ||
| } | ||
| var options_to_payload = { | ||
@@ -104,3 +112,3 @@ 'audience': 'aud', | ||
| try { | ||
| validate(registered_claims_schema, true, payload); | ||
| validatePayload(payload); | ||
| } | ||
@@ -130,3 +138,3 @@ catch (error) { | ||
| try { | ||
| validate(sign_options_schema, false, options); | ||
| validateOptions(options); | ||
| } | ||
@@ -133,0 +141,0 @@ catch (error) { |
@@ -134,3 +134,7 @@ var JsonWebTokenError = require('./lib/JsonWebTokenError'); | ||
| var match = target.some(function(aud) { return audiences.indexOf(aud) != -1; }); | ||
| var match = target.some(function(targetAudience) { | ||
| return audiences.some(function(audience) { | ||
| return audience instanceof RegExp ? audience.test(targetAudience) : audience === targetAudience; | ||
| }); | ||
| }); | ||
@@ -137,0 +141,0 @@ if (!match) |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by2.36%
56082
- Lines of code
- increased by3.5%
384