jwtwallet-jose
Advanced tools
JWTWallet Protocol extension for jose.
npm install jwtwallet-jose jose
import * as jose from 'jose';
import { createJwtWallet } from 'jwtwallet-jose';
const JWKS = createJwtWallet('https://abc123.jwtwallet.com');
const { payload } = await jose.jwtVerify(token, JWKS, {
issuer: 'https://abc123.jwtwallet.com',
audience: 'my-app'
});
createJwtWallet(issuer, options?)Creates a JWTWallet-aware remote JWKS verifier. Drop-in compatible with jose.jwtVerify().
Parameters:
issuer - The issuer URL (e.g., 'https://abc123.jwtwallet.com')options - Configuration options (see below)Options:
interface JWTWalletOptions {
timeoutDuration?: number; // HTTP timeout in ms (default: 5000)
cooldownDuration?: number; // Min time between fetches in ms (default: 30000)
cacheMaxAge?: number; // Max cache age in ms (default: 600000)
headers?: Record<string, string>; // Custom HTTP headers
[customFetch]?: FetchImplementation; // Custom fetch function
[jwksCache]?: JWKSCacheInput; // External cache for serverless
}
Returns:
A key set function with additional properties:
.coolingDown - Whether the cooldown period is active.fresh - Whether the cache is still fresh.reloading - Whether a fetch is in progress.reload() - Manually trigger a refresh.jwks() - Get the cached JWKS{issuer}/.well-known/jwks.jsonjwtwallet extension present:
jose.jwtVerify()import { createJwtWallet, customFetch } from 'jwtwallet-jose';
const JWKS = createJwtWallet('https://abc123.jwtwallet.com', {
[customFetch]: (url, options) => {
// Custom fetch logic (proxy, retry, logging, etc.)
return fetch(url, options);
}
});
import { createJwtWallet, jwksCache } from 'jwtwallet-jose';
// Load from KV store
const cache = await kv.get('jwks-cache') || {};
const JWKS = createJwtWallet('https://abc123.jwtwallet.com', {
[jwksCache]: cache
});
await jose.jwtVerify(token, JWKS);
// Save updated cache
if (cache.uat) {
await kv.set('jwks-cache', cache);
}
JWTWalletTrustError - JWKS trust verification failed (signature or account ID mismatch)JWTWalletRevokedError - Key has been revokedSee JWTWallet Protocol Specification.
MIT
FAQs
JWTWallet Protocol client - Trustless JWKS verification
We found that jwtwallet-jose demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub Actions checkout now blocks risky pull_request_target checkouts by default to help prevent pwn request supply chain attacks.
Product
Socket now supports Custom Roles and Repository Access Permissions so organizations can control who can access specific repositories and actions.
Product
Socket MCP now lets AI assistants review org alerts, investigate threats using the Socket threat feed, and inspect package files in addition to dependency scoring.