New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
jwt-identity
Advanced tools
jwt-identity - npm Package Compare versions
Comparing version 2.0.1 to 2.1.0
| # Change Log | ||
| ## [2.1.0] - 2017-07-26 | ||
| ### New features | ||
| * Add enforcement of the use of the algorithm, provided with configuration options, at token verification. | ||
| ## [2.0.1] - 2016-07-19 | ||
| Fix the situation when rememberMe field in `x-www-form-urlencoded` is the string `false` instaed of the boolean value. | ||
| Fix the situation when rememberMe field in `x-www-form-urlencoded` is the string `false` instead of the boolean value. | ||
@@ -7,0 +13,0 @@ ## [2.0.0] - 2016-07-03 |
@@ -27,3 +27,7 @@ 'use strict'; | ||
| verifyToken(grantToken, req.identity.config.security.key) | ||
| verifyToken( | ||
| grantToken, | ||
| req.identity.config.security.key, | ||
| req.identity.config.security.algorithm | ||
| ) | ||
| .then(tokenClaims => { | ||
@@ -30,0 +34,0 @@ if (!tokenClaims || !tokenClaims.userId) { |
@@ -24,3 +24,3 @@ 'use strict'; | ||
| verifyToken(token, config.security.key) | ||
| verifyToken(token, config.security.key, config.security.algorithm) | ||
| .then(claims => { | ||
@@ -27,0 +27,0 @@ if (!claims) { |
@@ -7,11 +7,17 @@ 'use strict'; | ||
| * Verify a token | ||
| * @param {String} token | ||
| * @param {String} secret | ||
| * @param {String} algorithm | ||
| * | ||
| * @return {Promise<Object | null>} - Claims if token is valid, otherwise - null. | ||
| * The Promise never rejects. | ||
| * @public | ||
| */ | ||
| module.exports = function (token, secret) { | ||
| module.exports = function (token, secret, algorithm) { | ||
| return new Promise(resolve => { | ||
| jwt.verify(token, secret, (err, claims) => { | ||
| const opts = { | ||
| algorithms: [algorithm] | ||
| }; | ||
| jwt.verify(token, secret, opts, (err, claims) => { | ||
| if (err) { | ||
@@ -18,0 +24,0 @@ resolve(null); |
| { | ||
| "name": "jwt-identity", | ||
| "version": "2.0.1", | ||
| "version": "2.1.0", | ||
| "description": "JSON Web Token Authentication Middleware for Express.js", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -15,2 +15,4 @@ # jwt-identity | ||
| * Jwt-identity enforces use of the algorithm, provided with configuration options, at token verification. For more information, refer to [Critical vulnerabilities in JSON Web Token libraries](https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/). | ||
| ## Installation | ||
@@ -17,0 +19,0 @@ |
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Total package byte prevSize
- increased by2.96%
22054
- Lines of code
- increased by1.69%
482
- Number of lines in readme file
- increased by0.99%
204
No dependency changes