UNPKG

@curity/jwt-validation

Version:

Curity JWT Validation library

64 lines (58 loc) 2.61 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
export = JWTValidator; declare class JWTValidator { /** * * @param issuer Allowed issuer value or values * @param audience Allowed audience value or values * @param algorithms Array of allowed signing algorithms * @param publicKey The public key or a method for retrieving one */ constructor(issuer: string | string[], audience: string | string[], algorithms: string[], publicKey: JWTValidator.PublicKeySettings); /** * Decode the given JWT and verify its signature and claims * @param jwtString The JWT to be verified * @param options Options for the verification step * * @returns Map of claims from the payload part of the JWT. */ verifyJWT(jwtString: string, options: JWTValidator.VerifyJWTOptions): Promise<JWTValidator.JWTPayload>; } declare namespace JWTValidator { // export function strToUint8Array export interface VerifyJWTOptions { /** Pass the access token value if you want to validate the at_hash claim */ accessToken?: string, /** Pass the value of the state parameter to validate the s_hash claim */ state?: string, /** Pass the hashed value of nonce parameter to validate nonce */ nonce?: string, /** If true then the exp claim will not be verified. Defaults to false */ ignoreExpiration?: boolean, /** If true then the nbf claim will not be verified. Defaults to false */ ignoreNotBefore?: boolean, /** Allowed clock skew for time-based claims, in seconds. Defaults to 0 */ clockTolerance?: number, /** If provided then the sub claim must match this value */ subject?: string, /** If provided then the jti claim must match this value */ jti?: string, /** Pass the value of the authorization code parameter to validate the c_hash claim */ code?: string } export interface JWTPayload { [key: string]: string | object } /** * The public key for validating JWTs or a method of obtaining one. * * For 'jwks_uri' value, JWK will be retrieved from the given JWKS URI. * For 'issuer' value, JWK will be retrieved from metadata using the issuer claim to compute metadata endpoint. * For 'metadata_url' value, JWK will be retrieved from the given metadata URL. * For 'raw' value, you can provide HMAC secret keys in raw format. * * */ export interface PublicKeySettings { format: 'issuer' | 'jwk' | 'jwks_uri' | 'pem' | 'metadata_url' | 'raw', value: string | null } }