@oada/certs
Version:
Generate and verify JWT signatures (OAuth dynamic client registration certificates and Trellis document integrity signatures) in the Open Ag Data Alliance (OADA) and Trellis ecosystems
64 lines (63 loc) • 1.99 kB
TypeScript
/**
* @license
* Copyright 2019 Open Ag Data Alliance
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import type { JOSEHeader } from './jwks-utils';
export declare const TRUSTED_LIST_URI = "https://oada.github.io/oada-trusted-lists/client-registration-v2.json";
export interface ValidateResult {
/**
* Valid and JWK/JKU+KID is in trusted list
*/
trusted: boolean;
/**
* Whether signature is a valid signature, regardless of trusted list status
*/
valid: boolean;
/**
* The actual decoded client certificate
*/
payload?: unknown;
header?: JOSEHeader;
/**
* Array of objects with "message" keys giving details on the validation results
*/
details: ReadonlyArray<{
message: string;
}>;
}
export interface ValidateOptions {
/**
* Timeout in ms
* @default 1000
*/
timeout: number;
/**
* Timeout in seconds
* @default 3600
*/
trustedListCacheTime: number;
additionalTrustedListURIs: readonly string[];
/**
* @default false
*/
disableDefaultTrustedListURI: boolean;
}
export declare type TrustedList = readonly string[] | {
version: '2';
jkus?: unknown;
jwks?: unknown;
};
export declare function clearCache(): void;
export declare function validate(sig: string, { timeout, trustedListCacheTime, additionalTrustedListURIs, disableDefaultTrustedListURI, }?: Partial<ValidateOptions>): Promise<ValidateResult>;