diff --git a/.codegen.json b/.codegen.json index c6bf9012..b43bb1c2 100644 --- a/.codegen.json +++ b/.codegen.json @@ -1 +1 @@ -{ "engineHash": "a8b56d7", "specHash": "b2f7568", "version": "0.5.0" } +{ "engineHash": "c714d1b", "specHash": "b2f7568", "version": "0.5.0" } diff --git a/package.json b/package.json index de5ffa5f..bf1cda0f 100644 --- a/package.json +++ b/package.json @@ -29,7 +29,7 @@ "form-data": "^4.0.0", "node-fetch": "^2.6.3", "buffer": "^6.0.3", - "jsonwebtoken": "^9.0.0", + "jose": "^5.2.2", "tslib": "^2.6.2", "uuid": "^9.0.0" }, @@ -38,7 +38,6 @@ "@rollup/plugin-node-resolve": "^15.2.3", "@rollup/plugin-typescript": "^11.1.5", "@types/jest": "^29.5.1", - "@types/jsonwebtoken": "^9.0.1", "@types/node": "*", "@types/node-fetch": "2.6.3", "@types/uuid": "^9.0.1", diff --git a/src/box/jwtAuth.generated.ts b/src/box/jwtAuth.generated.ts index 4963f9d0..39848eb4 100644 --- a/src/box/jwtAuth.generated.ts +++ b/src/box/jwtAuth.generated.ts @@ -159,7 +159,11 @@ export class BoxJwtAuth implements Authentication { key: this.config.privateKey, passphrase: this.config.privateKeyPassphrase, } satisfies JwtKey; - const assertion: string = createJwtAssertion(claims, jwtKey, jwtOptions); + const assertion: string = await createJwtAssertion( + claims, + jwtKey, + jwtOptions + ); const authManager: AuthorizationManager = !(networkSession == void 0) ? new AuthorizationManager({ networkSession: networkSession }) : new AuthorizationManager({}); diff --git a/src/internal/utils.ts b/src/internal/utils.ts index b7eb4156..c3e40bce 100644 --- a/src/internal/utils.ts +++ b/src/internal/utils.ts @@ -1,6 +1,7 @@ import { Buffer } from 'buffer'; import type { Readable } from 'stream'; import { v4 as uuidv4 } from 'uuid'; +import { SignJWT, importPKCS8 } from 'jose'; export function isBrowser() { return ( @@ -266,11 +267,6 @@ export type JwtSignOptions = { subject?: string | undefined; issuer?: string | undefined; jwtid?: string | undefined; - mutatePayload?: boolean | undefined; - noTimestamp?: boolean | undefined; - encoding?: string | undefined; - allowInsecureKeySizes?: boolean | undefined; - allowInvalidAsymmetricKeyTypes?: boolean | undefined; }; /** @@ -281,15 +277,36 @@ export type JwtSignOptions = { * @param options * @returns */ -export function createJwtAssertion( +export async function createJwtAssertion( claims: { readonly [key: string]: any; }, key: JwtKey, options: JwtSignOptions -): string { - const jwt = eval('require')('jsonwebtoken'); - return jwt.sign(claims, key, options); +): Promise { + const crypto = eval('require')('crypto'); + const privateKey = crypto.createPrivateKey({ + key: key.key, + format: 'pem', + type: 'pkcs8', + passphrase: key.passphrase, + }); + const pem = privateKey.export({ type: 'pkcs8', format: 'pem' }).toString(); + const pkcs8 = await importPKCS8(pem, options.algorithm || 'RS256'); + let signer = new SignJWT(claims); + signer = options.audience ? signer.setAudience(options.audience) : signer; + signer = options.expiresIn + ? signer.setExpirationTime(options.expiresIn) + : signer; + signer = options.issuer ? signer.setIssuer(options.issuer) : signer; + signer = options.jwtid ? signer.setJti(options.jwtid) : signer; + signer = options.notBefore ? signer.setNotBefore(options.notBefore) : signer; + signer = options.subject ? signer.setSubject(options.subject) : signer; + signer = options.algorithm + ? signer.setProtectedHeader({ alg: options.algorithm }) + : signer; + signer = signer.setIssuedAt(); + return await signer.sign(pkcs8); } /**