Skip to content
Browse files

Cleanup for an alpha release supporting just JWS HMAC and RSA

  • Loading branch information...
1 parent 3237d20 commit 3eeca6e24d54b119b4bcf187069df1354d997be7 Bernardo Gomez Palacio committed Jul 5, 2012
Showing with 73 additions and 38 deletions.
  1. +16 −3 History.md
  2. +27 −7 Readme.md
  3. +1 −1 index.js
  4. 0 src/jws.coffee
  5. +25 −23 src/jwt.coffee
  6. +4 −4 test/jwt.coffee
View
19 History.md
@@ -1,5 +1,18 @@
-0.0.1 / 2010-01-03
-==================
+# 0.0.1 / 2010-01-03
+
+## Initial release
+
+0. Support for the following **JWS** and **JWA**:
+
+ * NONE
+ * HMAC
+ * HS256
+ * HS384
+ * HS512
+ * RSA
+ * RS256
+ * RS384
+ * RS512
+
- * Initial release
View
34 Readme.md
@@ -8,16 +8,36 @@
The suggested pronunciation of JWT is the same as the English word "jot".
- This package implements the following IETF drafts:
+ This package is aimed to implements the following IETF drafts:
-* [JWT](http://tools.ietf.org/html/draft-jones-json-web-token-10) draft-jones-json-web-token-10
-* [JWA](https://www.ietf.org/id/draft-ietf-jose-json-web-algorithms-02.txt) draft-ietf-jose-json-web-algorithms-02
-* [JWS](http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-02) draft-ietf-jose-json-web-signature-02
-* [JWE](http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-02) draft-ietf-jose-json-web-encryption-02
-* [JWK](http://tools.ietf.org/html/draft-ietf-jose-json-web-key-02) draft-ietf-jose-json-web-key-02
+ * [JWT](http://tools.ietf.org/html/draft-jones-json-web-token-10) draft-jones-json-web-token-10
+ * [JWA](https://www.ietf.org/id/draft-ietf-jose-json-web-algorithms-02.txt) draft-ietf-jose-json-web-algorithms-02
+ * [JWS](http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-02) draft-ietf-jose-json-web-signature-02
+ * [JWE](http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-02) draft-ietf-jose-json-web-encryption-02
+ * [JWK](http://tools.ietf.org/html/draft-ietf-jose-json-web-key-02) draft-ietf-jose-json-web-key-02
+
+
+ But currently we only support **JWT** with **JWS** and the following **JWA** signing algorithms
+
+ * NONE
+ * HMAC
+ * HS256
+ * HS384
+ * HS512
+ * RSA
+ * RS256
+ * RS384
+ * RS512
+
+
+ As we move forward we will add additional **JWA** algorithms and support for **JWE**. Please submit any comments and suggestions.
+
+
+## Build Tools & Development Dependencies
+The code is implemented using [CoffeeScript](http://jashkenas.github.com/coffee-script)
## Dependencies
-Pleae review the `pacagke.json` for the full set of dependencies.
+We try to keep dependencies to a minimum but pleae refer to the [pacagke.json](blob/master/package.json) for the full set of dependencies.
## License
View
2 index.js
@@ -1,2 +1,2 @@
-module.exports = require('./lib/jot');
+module.exports = require('./lib/jwt');
View
0 src/jws.coffee
No changes.
View
48 src/jwt.coffee
@@ -1,32 +1,26 @@
-#
-# * [JWT](http://tools.ietf.org/html/draft-jones-json-web-token-10) draft-jones-json-web-token-10
-# * [JWA](https://www.ietf.org/id/draft-ietf-jose-json-web-algorithms-02.txt) draft-ietf-jose-json-web-algorithms-02
-# * [JWS](http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-02) draft-ietf-jose-json-web-signature-02
-# * [JWE](http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-02) draft-ietf-jose-json-web-encryption-02
-# * [JWK](http://tools.ietf.org/html/draft-ietf-jose-json-web-key-02) draft-ietf-jose-json-web-key-02
-#
-#
-#
-
-# Dependencies
-# ============
# Node
crypto = require "crypto"
qstring = require "querystring"
-
-# Lip
+# Lib
jwa = require "./jwa"
ju = require "./utils"
-
# version of the specification we are based on.
-module.exports.specVersion = "draft-jones-json-web-token-10"
+module.exports.spec_version = "draft-jones-json-web-token-10"
#
+# Decodes a given JWT Token.
#
+# ## Arguments
+# * token : The encoded JWT.
+#
+# ## Returns
+# * A **JWT Request** that holds the following.
+# * Attributes: header, claim, segments.
+# * Methods: verify( key ) where they key is *alogrithm* dependant. e.g. if RS you should use a valid *public PEM*
#
-module.exports.jwt_decode = jwt_decode = (token) ->
- # check seguments
+module.exports.decode = (token) ->
+ # check segments
segments = token.split '.'
throw new Error 'Not enough or too many segments' if segments.length != 3
@@ -42,6 +36,10 @@ module.exports.jwt_decode = jwt_decode = (token) ->
new JwtRequest( header, claim, segments )
#
+#
+# Creates a *JWT Token* given the *claim*, the *key* and the given *algorithm*. The *algorithm* defaults to
+# `"HS256"` (Which is a *JWS* *HMAC* signature).
+#
# # Rules for Creating a JWT
#
# To create a JWT, one MUST perform these steps. The order of the
@@ -81,7 +79,12 @@ module.exports.jwt_decode = jwt_decode = (token) ->
#
# 7. Otherwise, let the resulting JWT be the JWS or JWE.
#
-module.exports.jwt_encode = (claim, key, algorithm = "HS256") ->
+# Todo: Refactor to segregate the concerns between JWT and JWS.
+# Todo: Include basic support for JWE identification (regardless of having implemented the JWE algorithms).
+#
+#
+#
+module.exports.encode = (claim, key, algorithm = "HS256") ->
throw new Error 'Argument key is require' unless key
jwa_provider = jwa.provider algorithm
@@ -104,6 +107,9 @@ module.exports.jwt_encode = (claim, key, algorithm = "HS256") ->
segments.join('.')
+#
+# Abstracts the handling of a JWT Request.
+#
class JwtRequest
constructor: (@header, @claim, @segments) ->
@@ -118,7 +124,3 @@ class JwtRequest
_verifier.verify @, key
-
-
-
-
View
8 test/jwt.coffee
@@ -24,11 +24,11 @@ describe 'JWT Implementation with HMAC encryption ', ->
encoded_jwt : "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLCJleHAiOjEzMDA4MTkzODAsImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.h7SvUGw_y4DJBMZiAiF49BAkkWhovB7B5HmztFAq6s0"
it "should encode", ->
- request = jwt.jwt_encode g_fixtures.jwt_claim, fixtures.key
+ request = jwt.encode g_fixtures.jwt_claim, fixtures.key
request.should.be.eql fixtures.encoded_jwt
it "should decode and verify", ->
- jwt_request = jwt.jwt_decode fixtures.encoded_jwt
+ jwt_request = jwt.decode fixtures.encoded_jwt
# asserts the request Header
jwt_request.header.should.be.eql fixtures.jwt_header
# asserts the request Claim.
@@ -89,11 +89,11 @@ GwIDAQAB
it "should encode ...", ->
- request = jwt.jwt_encode( g_fixtures.jwt_claim, fixtures.private_PEM_key, "RS256" )
+ request = jwt.encode( g_fixtures.jwt_claim, fixtures.private_PEM_key, "RS256" )
request.should.be.eql fixtures.encoded_jwt
it "should decode and verify ...", ->
- jwt_request = jwt.jwt_decode fixtures.encoded_jwt
+ jwt_request = jwt.decode fixtures.encoded_jwt
jwt_request.header.should.be.eql fixtures.jwt_header
jwt_request.claim.should.be.eql g_fixtures.jwt_claim

0 comments on commit 3eeca6e

Please sign in to comment.
Something went wrong with that request. Please try again.