-
-
Notifications
You must be signed in to change notification settings - Fork 299
/
embedded.ts
46 lines (42 loc) · 1.84 KB
/
embedded.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
import type { KeyLike, FlattenedJWSInput, JWSHeaderParameters } from '../types.d'
import { importJWK } from '../key/import.js'
import isObject from '../lib/is_object.js'
import { JWSInvalid } from '../util/errors.js'
/**
* EmbeddedJWK is an implementation of a GetKeyFunction intended to be used with the JWS/JWT verify
* operations whenever you need to opt-in to verify signatures with a public key embedded in the
* token's "jwk" (JSON Web Key) Header Parameter. It is recommended to combine this with the verify
* function's `algorithms` option to define accepted JWS "alg" (Algorithm) Header Parameter values.
*
* @example Usage
*
* ```js
* const jwt =
* 'eyJqd2siOnsiY3J2IjoiUC0yNTYiLCJ4IjoiVU05ZzVuS25aWFlvdldBbE03NmNMejl2VG96UmpfX0NIVV9kT2wtZ09vRSIsInkiOiJkczhhZVF3MWwyY0RDQTdiQ2tPTnZ3REtwWEFidFhqdnFDbGVZSDhXc19VIiwia3R5IjoiRUMifSwiYWxnIjoiRVMyNTYifQ.eyJpc3MiOiJ1cm46ZXhhbXBsZTppc3N1ZXIiLCJhdWQiOiJ1cm46ZXhhbXBsZTphdWRpZW5jZSIsImlhdCI6MTYwNDU4MDc5NH0.60boak3_dErnW47ZPty1C0nrjeVq86EN_eK0GOq6K8w2OA0thKoBxFK4j-NuU9yZ_A9UKGxPT_G87DladBaV9g'
*
* const { payload, protectedHeader } = await jose.jwtVerify(jwt, jose.EmbeddedJWK, {
* issuer: 'urn:example:issuer',
* audience: 'urn:example:audience',
* })
*
* console.log(protectedHeader)
* console.log(payload)
* ```
*/
export async function EmbeddedJWK(
): Promise<KeyLike> {
protectedHeader?: JWSHeaderParameters,
token?: FlattenedJWSInput,
const joseHeader = {
...protectedHeader,
...token?.header,
}
if (!isObject(joseHeader.jwk)) {
throw new JWSInvalid('"jwk" (JSON Web Key) Header Parameter must be a JSON object')
}
const key = await importJWK({ ...joseHeader.jwk, ext: true }, joseHeader.alg!, true)
if (key instanceof Uint8Array || key.type !== 'public') {
throw new JWSInvalid('"jwk" (JSON Web Key) Header Parameter must be a public key')
}
return key
}