npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@curity/jwt-validation

v1.2.0

Published

Curity JWT Validation library

Downloads

11

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

slunkerslunkerd.lindaud.lindauparasjoshi24parasjoshi24surencuritysurencurityanestosanestosmtrojanowskimtrojanowskiideskogideskog

Keywords

curityjwtvalidationoauthid tokenjwt validation library

Readme

JWT Validation

Simple JWT validation library without any external dependencies.

NOTE: if you plan to use the library in an environment without the browser you will need to use at least node version 15.0.0.

Add to project

Add to your project using npm

npm install @curity/jwt-validation

or yarn

yarn add @curity/jwt-validation

How to use in your project

Initialize the JWT Validator.

import JWTValidator from "@curity/jwt-validation";
// OR using require 
// const JWTValidator = require("@curity/jwt-validation");

const allowed_jwt_algorithms= ['RS256', 'ES384'];

const jwt_sig_public_key= {   // allowed formats are jwk | jwks_uri | pem | issuer | metadata_url | raw
    format: 'issuer',   // in case of issuer, the issuer value will be taken from jwt payload
    value: null
};

const jwtValidator = new JWTValidator(
            issuer,
            audience,  // audience is the client_id
            allowed_jwt_algorithms,
            jwt_sig_public_key,
        );

Verify JWT using jwtValidator instance that you initialized as described above.

const options= {
   accessToken     : accessTokenValue,     // optional, pass it if you want to validate at_hash
   state           : stateValue,           // optional, pass it if you want to validate s_hash
   nonce           : nonceValue,           // optional, pass it if you want to validate nonce
   ignoreExpiration: true,                 // optional, default false
   ignoreNotBefore : true,                 // optional, default false
   clockTolerance  : 0,                    // optional, default 0 seconds
   subject         : 'test',               // optional, if provided, then jwt.sub should match it
   jti             : 'jti-value',          // optional, if provided, then jwt.jti should match it
   code            : 'authorize-code'      // optional, pass it if you want to validate c_hash
};

jwtValidator.verifyJWT(jwtString, options)
        .then((payload) => {
           // validation is successful, payload is parsed json payload of jwt.
           // do the stuff here to save or use jwt.
        }).catch(err => {
            // validation failed, err.message contain the reason for failure
        })

Allowed public key formats

  • jwk
    A jwk can directly be passed as an object (and not a string), when format specified is jwk.

  • jwks_uri
    A list of jwks can be retrieved from a specified jwks_uri.

  • pem
    A pem key string can be provided using public key format pem.

  • issuer
    If the format specified is issuer, then jwt issuer is used to retrieve metadata which in turn, is resolved to retrieve jwk from corresponding jwks_uri.

  • metadata_url
    If the format specified is metadata_url, then jwk is retrieved from corresponding jwks_uri of resolved metadata.

  • raw
    You can also provide the raw public key using format raw e.g: HMAC secret.

Supported Algorithms

Following is the list of supported algorithms.

HS256: {name: 'HMAC', hash: 'SHA-256'},
HS384: {name: 'HMAC', hash: 'SHA-384'},
HS512: {name: 'HMAC', hash: 'SHA-512'},
RS256: {name: 'RSASSA-PKCS1-v1_5', hash: 'SHA-256'},
RS384: {name: 'RSASSA-PKCS1-v1_5', hash: 'SHA-384'},
RS512: {name: 'RSASSA-PKCS1-v1_5', hash: 'SHA-512'},
ES256: {name: 'ECDSA', namedCurve: "P-256", hash: 'SHA-256'},
ES384: {name: 'ECDSA', namedCurve: "P-384", hash: 'SHA-384'},
ES512: {name: 'ECDSA', namedCurve: "P-521", hash: 'SHA-512'},
PS256: {name: 'RSA-PSS', saltLength: 256 / 8, hash: 'SHA-256'},
PS384: {name: 'RSA-PSS', saltLength: 384 / 8, hash: 'SHA-384'},
PS512: {name: 'RSA-PSS', saltLength: 512 / 8, hash: 'SHA-512'}