-
-
Notifications
You must be signed in to change notification settings - Fork 137
/
get-rsa-public-key-from-jwks.ts
55 lines (49 loc) 路 1.84 KB
/
get-rsa-public-key-from-jwks.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
import { InvalidTokenError } from '@foal/jwt';
// tslint:disable-next-line:no-var-requires
const jwksClient = require('jwks-rsa');
// The below interfaces comes from here: https://github.com/auth0/node-jwks-rsa/blob/master/index.d.ts
// We cannot simply use "import { JwksRsa } from 'jwks-rsa';" because it requires to install express-jwt...
export interface Headers {
[key: string]: string;
}
export interface Options {
jwksUri: string;
rateLimit?: boolean;
cache?: boolean;
cacheMaxEntries?: number;
cacheMaxAge?: number;
jwksRequestsPerMinute?: number;
strictSsl?: boolean;
requestHeaders?: Headers;
handleSigningKeyError?(err: Error, cb: (err: Error) => void): any;
}
/**
* Create a function to retreive the RSA public key from a JWKS endpoint based on the kid of
* the given JWT header.
*
* @export
* @param {Options} options - Options of the jwks-rsa package.
* @returns {(header: any, payload: any) => Promise<string>} The returned function.
*/
export function getRSAPublicKeyFromJWKS(options: Options): (header: any, payload: any) => Promise<string> {
return async ({ alg, kid }) => {
if (alg !== 'RS256') {
throw new InvalidTokenError('invalid algorithm');
}
if (kid === undefined) {
throw new InvalidTokenError('missing kid');
}
const client = jwksClient(options);
return new Promise<string>((resolve, reject) => {
client.getSigningKey(kid, (err, key) => {
if (err) {
return reject(err.name === 'SigningKeyNotFoundError' ? new InvalidTokenError('invalid kid') : err);
}
// "key.publicKey || key.rsaPublicKey" because of
// https://github.com/auth0/node-jwks-rsa/blob/master/src/integrations/express.js#L36
// The " || key.rsaPublicKey" part is currently not tested.
resolve(key.publicKey || key.rsaPublicKey);
});
});
};
}