Merge pull request #7 from anvilresearch/vsimonian-fix-jsrsasign-veri…

…fication Use new jsrsasign/jsjws API for JWK verification
anvilresearch · Oct 14, 2015 · 1bd3a82 · 1bd3a82
2 parents 319313f + bbc1121
commit 1bd3a82
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/lib/JWT.js b/lib/JWT.js
@@ -413,11 +413,11 @@ JWT.decode = function (token, secret) {
         // exposed in the node version of jsrsasign so we can't access it.
         //
         // Using jsjws is stopgap until there's a cleaner way.
-        var jws = new jsrsasign.jws.JWS()
         var hN = base64url.decode(secret.n, 'hex')
         var hE = base64url.decode(secret.e, 'hex')
+        var pubkey = jsrsasign.KEYUTIL.getKey({ n: hN, e: hE })
 
-        verified = jws.verifyJWSByNE(token, hN, hE)
+        verified = jsrsasign.jws.JWS.verify(token, pubkey)
       }
 
       if (!verified) {

diff --git a/package.json b/package.json
@@ -44,7 +44,7 @@
   "dependencies": {
     "lodash": "^3.10.1",
     "base64url": "^1.0.4",
-    "jsrsasign": "^4.8.3",
+    "jsrsasign": "^5.0.0",
     "jwa": "^1.0.0",
     "valid-url": "^1.0.9"
   }