typepki-jwt: JWT/JWS sub module for TypePKI library (Beta)

The 'TypePKI' library is an opensource free TypeScript PKI library which is the successor of the long lived jsrsasign library.

The 'typepki-jwt' is a JWT(JSON Web Token) and JWS(JSON Web Signatures) sub module for TypePKI library.

FEATURE

signing and verifying JWS(JSON Web Signatures)
verifying JWT(JSON Web Token)
Dual CommonJS/ES module package supporting CommonJS(CJS) and ES modules

Uasge

signing JWS with private key

This supports asymmetric private key or shared key of CrytoKey object of W3C Crypto API for signing. It may be useful to generate a key or import a key by using typepki-webcrypto module.

import { importPEM } from "typepki-webcrypto";
const prvkey = await importPEM("-----BEGIN PRIVATE...", "SHA256withRSA");

Now you can generate JWS signature.

import { signJWS } from "typepki-jwt";
const sJWS = await signJWS("RS256", prvkey, "eyJOe...", "eyJpc...");

"sJWS" will be a string such like "eyJOe...".

It is even easier if you specify the PEM or HMAC key string directly instead of the CryptoKey object:

const sJWS = await signJWS("RS256", "-----BEGIN PRIVATE KEY...", "eyJOe...", "eyJpc...");

verifying JWS with public key

Verifying JWS will be similar way. Importing a public key first:

import { importPEM } from "typepki-webcrypto";
const pubkey = await importPEM("-----BEGIN PUBLIC...", "SHA256withRSA");

Verifying JWS signature will be:

import { verifyJWS } from "typepki-jwt";
const isValid = await verifyJWS(sJWS, pubkey, ["RS256", "RS384", "RS512"]);

NOTE: It is strongly recommended to specify the "acceptAlgs" optional argument such like "['RS256', 'RS384']" to prevent algorithm down grade attacks.

verifying JWT

Verifying JWT will be similar to JWS by {@link verifyJWS}. To verify JWT you need to specify JWT acceptable parameters by {@link JWTVerifyOption}. Whey you want to accept JWT tokens with:

with HS256 and HS384 signature algorithms
"http://issuer1.example.com/" or "http://issuer2.example.com/" as issuers
verify at current time (by without verifyAt member)

JWTVerifyOption will be following

const opt: JWTVerifyOption = {
  alg: ["HS256", "HS384"],
  iss: ["http://issuer1.example.com/", "http://issuer2.example.com/"],
};

Then you can verify a JWT by {@link verifyJWT} funciton.

await verifyJWT("eyJ...", key, opt) -> true

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
docs		docs
src		src
.gitignore		.gitignore
CHANGELOG.md		CHANGELOG.md
LICENSE		LICENSE
README.md		README.md
biome.json		biome.json
build.mts		build.mts
package.json		package.json
tsconfig.build.base.json		tsconfig.build.base.json
tsconfig.build.cjs.json		tsconfig.build.cjs.json
tsconfig.build.esm.json		tsconfig.build.esm.json
tsconfig.json		tsconfig.json
tsconfig.typedoc.json		tsconfig.typedoc.json
typedoc.json		typedoc.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

typepki-jwt: JWT/JWS sub module for TypePKI library (Beta)

FEATURE

Uasge

signing JWS with private key

verifying JWS with public key

verifying JWT

About

Releases

Packages

Languages

License

kjur/typepki-jwt

Folders and files

Latest commit

History

Repository files navigation

typepki-jwt: JWT/JWS sub module for TypePKI library (Beta)

FEATURE

Uasge

signing JWS with private key

verifying JWS with public key

verifying JWT

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages