mharj-jwt-util

 !Azure DevOps coverage 

Json Webtoken Utility to validate OpenID tokens against issuer public ssl keys

- Can build public PEM cert from modulus + exponent (i.e. Google)
- Caches issuer OpenID configuration 24h
- New Token "kid" forces reloading jwks_uri data.

Note: if running NodeJS less than 18.0.0 you need to install and use cross-fetch polyfill

Usage example

``javascript
// with Bearer header
try {
const {body, isCached} = await jwtBearerVerify(req.headers.authorization);
} catch (err) {
console.log(err);
}
// or Just token
try {
const {body, isCached} = await jwtVerify(process.env.GOOGLE_ID_TOKEN);
} catch (err) {
console.log(err);
}

// attach logger to see http requests (console and log4js should be working)
setJwtLogger(console);
`

Enable public cert file caching

`javascript
await useCache(new FileCertCache({fileName: './certCache.json'}));

// or with Tachyon storage driver
await useCache(new TachyonCertCache(new FileStorageDriver('FileCertCacheDriver', './certCache.json', certCacheBufferSerializer)));
`

Enable verified token persist caching (Tachyon storage driver with encryption)

`typescript
import {z} from 'zod';
import {TachyonExpireCache} from 'tachyon-expire-cache';
import {CryptoBufferProcessor, FileStorageDriver} from 'tachyon-drive-node-fs';
import {buildTokenCacheBufferSerializer, setTokenCache} from 'mharj-jwt-util';

const anyObjectSchema = z.object({}).passthrough(); // or build token payload schema
const bufferSerializer = buildTokenCacheBufferSerializer(anyObjectSchema);
// const stringSerializer = buildTokenCacheStringSerializer(anyObjectSchema); // if using string based Tachyon drivers
const processor = new CryptoBufferProcessor(Buffer.from('some-secret-key'));
const driver = new FileStorageDriver('TokenStorageDriver', {fileName: './tokenCache.aes'}, bufferSerializer, processor);
const cache = new TachyonExpireCache('TachyonExpireCache', driver);
setTokenCache(cache);
``