npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

dorongrinstein-jwtverifier-1

v1.0.3

Published

A JWT verification library with support for kid (keyid) JWT header

Downloads

6

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

dorongrinsteindorongrinstein

Keywords

jwtconcurdorongrinstein

Readme

dorongrinstein-jwtverifier-1 is a library for validating JWTs.

Why was this library developed?

Where a JWT needs to be validated, this library is utilized. When the JWT issuer can rotate the key used for signing, the key ID (kid) header is specified by the issuer in the JWT header section. This library fetches a document from a specified place (URL or explicitly supplied object) and caches the valid public keys with their corresponding IDs. When a JWT is validated whose public key ID (kid) is not in the cache, this library fetches a new public keys document from the supplied URL (if applicable) assuming a new public key (corresponding to a new private key) which was not previously known is now being used by the JWT issuer. This library makes it easy to simply validate a JWT without having to worry about the key rotation concern. It also supports validation of valid issuers and the valid age (in seconds) of a JWT. This version of the library does not care about the expiration attribute conveyed by the JWT issuer, it enforces the JWT expiration by applying the validLifetimeSeconds (default 24 hours) in options (passed as 2nd parameter to the constructor)

Installation

npm install dorongrinstein-jwt-verifier-1 [--save]

Usage

let jwt = 'jwt goes here...';  
let verifier = new (require('dorongrinstein-jwt-verifier-1'))('http://localhost:5000/publickey');  
verifier.verify(jwt).then(function(validJwt) {console.log(validJwt)}, function(err) {console.log(err)});

Constructor Parameters

  1. public keys URL. This endpoint must return a JSON in the format {"keyid": "utf-8 encoded public key", "other keyid": "other public key"}
  2. options (for overriding the default settings see below)
  3. fixed public keys object of the same format described in 1 above

NOTE: You can only set either parameter 1 OR parameter 3 but NOT both. If you wish to set parameter 3, set parameter 1 to null. If you wish to pass parameter 1 do not pass parameter 3.

Default Settings

In order for a JWT to be considered valid it has to be issued (iss) by 'concur' and the iat (issued at) must be within the last 24 hours

Overriding the default settings

In order to specify an alternative issuer (other than concur) and an alternative lifespan (other than 24 hours), pass an options object in the second construtor parameter:

{"validIssuer": "blabla", "validLifetimeSeconds": 60*60*1} // this would set valid issuer to blabla and make the lifespan 1 hour

Author

[email protected]