npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

node-jwk

v0.1.0

Published

JWK support

Downloads

19,252

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

hyperbrainhyperbrain

Keywords

jwkjwsjwtjwksetsecuritytokenconvertparse

Readme

node-jwk

Implementation of RFC-7517 (JSON Web Key) compliant key handling.

The module can be used to convert keys into buffers or other formats to enable the direct use of JWK formatted keys with other node modules like njwt and others.

Usage

The module offers the classes JWK and JWKSet to work with JWK encoded keys or key sets.

You can instantiate either of the objects from a stringified JSON or an object.

const njwk = require('node-jwk');

const myKey = njwk.JWK.fromJSON(myJSONString);
const myKeySet = njwk.JWKSet.fromObject(myKeySet);

Keysets (JWKSet)

Keysets can contain a number of different keys which are unique by their kid.

JWKSet.findKeyById(kid)

The JWKSet class offers the findKeyById method that will let you grab a key by its id and returns it wrapped in a JWK object.

JWKSet.findKeysByUse(use)

There might be cases where you want to use a key designated for encoding/decoding or signing/verification. With findKeysByUse you can retrieve an array of all contained keys that match the use given.

But remember that the use property is specified as OPTIONAL, so is the content of it. Be prepared that keys you get from 3rd party could miss it.

JWKSet.keys

Returns all keys as an array of JWK objects.

JWKSet.fromObject(object) JWKSet.fromJSON(string)

Factory to instantiate JWKSet objects. This method will throw on invalid keysets (the keyset structure or invalid JSON). According to the specification (RFC) invalid keys contained in a valid set are ignored.

Keys (JWK)

All standard JWK properties are exposed by the JWK object. Be aware that per specification all properties but kty and kid are optional. Here's a list:

	kid
	kty
	use
	key_ops
	alg

JWK.key

Through the key property you can access the key algorithm specific functionality.

JWK.key.hasPrivateKey

Returns true if the key contains a private key part.

JWK.key.toPublicKeyPEM() => String

Generates a PEM that contains the public key of the JWK. This can be used directly as key in OpenSSL or other node modules and works for EC as well as RSA keys.

JWK.key.toPrivateKeyPEM() => String

Generates a PEM that contains the private key of the JWK. This can be used directly as key in OpenSSL or other node modules and works for EC as well as RSA keys.

JWK.fromObject(object) JWK.fromJSON(string)

Factory to instantiate JWK objects. This method will throw on invalid keys (the keyset structure or invalid JSON). Normally you should use keysets to manage your keys instead of single keys.

Examples

Creating a signed token with node-jwk and njwt

The example uses bluebird promises to be able to catch exceptions thrown in the key retrieval and lodash for convenience.

const time = Math.floor(_.now() / 1000);

const claims = {
	iss: 'itsME',
	aud: 'myAudience',
	iat: time,
	exp: time + 3600
};

return BbPromise.try(() => {
	const keySet = nodeJWK.JWKSet.fromObject(myPrivateKeySet);
	const jwk = keySet.findKeyById(myKeyId);

	if (!jwk) {
		return BbPromise.reject(new Error('Huh, my key is not there...'));
	}

	const keyPEM = jwk.key.toPrivateKeyPEM();
	const jwt = njwt.create(claims, keyPEM, jwk.alg);

	return BbPromise.resolve(jwt.compact());
})
.catch(err => {
	return BbPromise.reject(err);
});

Supported key types

RSA, EC, oct

All keys but binary (oct) keys can be converted into PEM format for their public and private keys.

References

RFC-7517 JSON Web Key

RFC-7518 JSON Web Algorithms