UNPKG

@jc-lab/jose

Version:

JSON Web Almost Everything - JWA, JWS, JWE, JWK, JWT, JWKS for Node.js with minimal dependencies

github.com/jc-lab/jose

jc-lab/jose

83 lines (67 loc) 2.53 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
const isObject = require('../help/is_object') const secs = require('../help/secs') const epoch = require('../help/epoch') const JWS = require('../jws') const isString = require('./shared_validations').isString.bind(undefined, TypeError) const validateOptions = (options) => { if (typeof options.iat !== 'boolean') { throw new TypeError('options.iat must be a boolean') } if (typeof options.kid !== 'boolean') { throw new TypeError('options.kid must be a boolean') } isString(options.subject, 'options.subject') isString(options.issuer, 'options.issuer') if ( options.audience !== undefined && ( (typeof options.audience !== 'string' || !options.audience) && (!Array.isArray(options.audience) || options.audience.length === 0 || options.audience.some(a => !a || typeof a !== 'string')) ) ) { throw new TypeError('options.audience must be a string or an array of strings') } if (options.header !== undefined && !isObject(options.header)) { throw new TypeError('options.header must be an object') } isString(options.algorithm, 'options.algorithm') isString(options.expiresIn, 'options.expiresIn') isString(options.notBefore, 'options.notBefore') isString(options.jti, 'options.jti') isString(options.nonce, 'options.nonce') if (!(options.now instanceof Date) || !options.now.getTime()) { throw new TypeError('options.now must be a valid Date object') } } module.exports = (payload, key, options = {}) => { if (!isObject(options)) { throw new TypeError('options must be an object') } const { algorithm, audience, expiresIn, header = {}, iat = true, issuer, jti, kid = true, nonce, notBefore, subject, now = new Date() } = options validateOptions({ algorithm, audience, expiresIn, header, iat, issuer, jti, kid, nonce, notBefore, now, subject }) if (!isObject(payload)) { throw new TypeError('payload must be an object') } const unix = epoch(now) payload = { ...payload, sub: subject || payload.sub, aud: audience || payload.aud, iss: issuer || payload.iss, jti: jti || payload.jti, iat: iat ? unix : payload.iat, nonce: nonce || payload.nonce, exp: expiresIn ? unix + secs(expiresIn) : payload.exp, nbf: notBefore ? unix + secs(notBefore) : payload.nbf } return JWS.sign(payload, key, { ...header, alg: algorithm || header.alg, kid: kid ? key.kid : header.kid }) }