@gburnett/io-react-native-jwt
v1.4.1
Published
Native support for JWT
Downloads
215
Readme
⚡️ @pagopa/io-react-native-jwt
A fast implementation of jwt
module.
Provides much greater performance for decoding, signing and verifying JWTs!
🚀 Use only native functions via the following libraries:
- 🤖 nimbus-jose-jwt on Android
- 📱 JOSESwift on iOS
Installation
npm install @pagopa/io-react-native-jwt
Usage
For detailed documentation go here
Decode a JWT
import { decode } from '@pagopa/io-react-native-jwt';
// ...
const jwt = 'eyJ0eXAiOiJlbnRpdHktc3.....';
const result = await decode(jwt);
console.log(result);
Verify JWT
import { verify } from '@pagopa/io-react-native-jwt';
// ...
const pubJwk = {
crv: 'P-256',
kty: 'EC',
x: 'qrJrj.....',
y: '1H0cW.....',
};
const jwt = 'eyJ0eXAiOiJlbnRpdHktc3.....';
const options = {
typ: 'jwt',
requiredClaims: ['iss', 'sub'],
};
const { protectedHeader, payload } = await verify(jwt, pubJwk, options);
console.log(protectedHeader, payload);
Verify JWT with JWKS fetched from remote URL
import { verify, getRemoteJWKSet } from '@pagopa/io-react-native-jwt';
// ...
const wellKnownUrl = 'https://example.com/.well-known/openid-federation';
const jwks = await getRemoteJWKSet(wellKnownUrl);
const jwt = 'eyJ0eXAiOiJlbnRpdHktc3.....';
const { protectedHeader, payload } = await verify(jwt, jwks);
console.log(protectedHeader, payload);
Verify a JWT signature (JWS)
import { isSignatureValid } from '@pagopa/io-react-native-jwt';
// ...
const pubJwk = {
crv: 'P-256',
kty: 'EC',
x: 'qrJrj.....',
y: '1H0cW.....',
};
const jwt = "eyJ0eXAiOiJlbnRpdHktc3.....";
const isValid = await isSignatureValid(jwt, pubJwk);
if isValid {
console.log("Signature of JWT is valid!");
} else {
console.log("Signature of JWT is NOT valid!");
}
Create and sign a JWT with a JWS
// Define a cryptographic context suitable for the application needs
const crypto: CryptoContext = userDefinedCryptoContext();
// Create jwt
const jwt = new SignJWT(crypto)
.setPayload({ metadata: 'demo' })
.setProtectedHeader({ typ: 'JWT' })
.setAudience('demo')
.setExpirationTime('1h')
.setIssuedAt();
// get signed jwt
const signedJwt = jwt.sign();
JWK thumbprint
import { thumbprint } from '@pagopa/io-react-native-jwt';
// ...
const pubJwk = {
crv: 'P-256',
kty: 'EC',
x: 'qrJrj.....',
y: '1H0cW.....',
};
const thumbprint = await thumbprint(pubJwk);
console.log(thumbprint);
Signature format
For an ECDSA signature it is required that this is in ASN.1/DER encoded format. The same format supported by Secure Enclave (TEE). Transcoding is done automatically via the following function:
derToJose = async (
asn1Signature: string,
alg: string
): Promise<string>
Refs: RFC7515
Example
You can use the sample app to test and understand how to use the library.
cd example
yarn install
# To use iOS
yarn ios
# To use Android
yarn android