Wrap functions of JOSE in steady interface
npm install ts-jose!Node Version
Wrap functions of JOSE in steady interface.
> [!Note]
>
> This package's version will follow the version of JOSE but should not
> provide any breaking changes.
- JWT
- verify
- sign
- decrypt
- encrypt
- JWS
- verify
- sign
- JWE
- decrypt
- encrypt
- JWK
- JWKS
Additional options
| name | Description |
| ---- | ---------------------------- |
| kid | Using specific key in JWKS |
| jti | Verify payload jti |
``tskey
// must be JWK or JWKS.`
await JWT.verify(token, key, options);
// Use embedded key instead given one.
await JWT.verify(token, undefined, options);
- JOSE ref
Using JOSE options
| name | Referrer |
| --------- | ----------------- |
| issuer | setIssuer |
| audience | setAudience |
| subject | setSubject |
| exp | setExpirationTime |
| jti | setJti |
| notBefore | setNotBefore |
| iat | setIssuedAt |
| typ | Header |
| kid | Header |
| alg | Header |
Additional options
| name | type | default | description |
| ---- | --------- | ------- | ------------------------------ |
| jwk | _boolean_ | false | Whether embedded key to header |
`ts`
await JWT.sign(payload, key, options); // key must be JWK or JWKS
Additional options
| name | Description |
| ---- | ---------------------------- |
| kid | Using specific key in JWKS |
| enc | Encrypt algorithm |
| alg | Key management algorithm |
`ts`
await JWT.decrypt(cypher, key, options);
Using JOSE options
| name | Referrer |
| --------- | ----------------- |
| issuer | setIssuer |
| audience | setAudience |
| subject | setSubject |
| exp | setExpirationTime |
| jti | setJti |
| notBefore | setNotBefore |
| iat | setIssuedAt |
| typ | Header |
| kid | Header |
| enc | Header |
| alg | Header |
`ts`
await JWT.encrypt(payload, key, options);
You can sign pure string.
`ts`
await JWS.verify(data, key, options);
Only using below JWT.sign's options:
- typ
-
-
-
`ts`
await JWS.sign('some-data', key, options);
You can encrypt pure string.
Additional options
Same as JWT.decrypt
`ts`
await JWE.decrypt(cypher, key, options);
Only using below JWT.encrypt's options:
- kid
-
-
`ts`
await JWE.encrypt('some-data', key, options);
`ts
// generate key
const key: JWK = await JWK.generate('ES256', {
kid: 'some-id',
use: 'sig',
// crv: string, some algorithms need to add curve - EdDSA
// modulusLength: number, some algorithms need to add length - RSA
});
// object to JWK
const key: JWK = await JWK.fromObject({
kid: 'some-id',
alg: 'ES256',
kty: 'EC',
crv: 'P-256',
x: '123',
y: '456',
d: '789',
});
// JWK to object
const keyObject: JWKObject = key.toObject(false); // true to output private object, default: false
// private JWK to public JWK
const newKey: JWK = await key.toPublic();
// get key's status
key.isPrivate;
// check key "id", "use", "alg"
try {
// return this if all pass`
key.getKey({ kid: 'some-id', use: 'sig', alg: 'ES256' });
} catch (err) {
// throw error if this key has different metadata from options
}
`ts
// object to JWKS
const keys = await JWKS.fromObject({
keys: [
{
alg: 'ES256',
kty: 'EC',
x: '123',
y: '456',
},
],
});
// get key from store in specific options
try {
const key: JWK = keys.getKey({ kid: 'some-id', use: 'sig', alg: 'ES256' });
} catch (err) {
// throw error if not found
}
const key: JWK = keys.getKeyByKid('some-id');
const key: JWK = keys.getKeyByUse('sig');
const key: JWK = keys.getKeyByAlg('ES256');
const publicKeys = await keys.toPublic();
``