UNPKG

@tsndr/cloudflare-worker-jwt

Version:

A lightweight JWT implementation with ZERO dependencies for Cloudflare Worker

132 lines (131 loc) 4.1 kB
/** * @typedef JwtAlgorithm * @type {"none" | "ES256" | "ES384" | "ES512" | "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512"} */ export type JwtAlgorithm = "none" | "ES256" | "ES384" | "ES512" | "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512"; /** * @typedef JwtAlgorithms */ export type JwtAlgorithms = { [key: string]: SubtleCryptoImportKeyAlgorithm; }; /** * @typedef JwtHeader * @prop {string} [typ] Type */ export type JwtHeader<T = {}> = { /** * Type (default: `"JWT"`) * * @default "JWT" */ typ?: string; /** * Algorithm (default: `"HS256"`) * * @default "HS256" */ alg?: JwtAlgorithm; } & T; /** * @typedef JwtPayload * @prop {string} [iss] Issuer * @prop {string} [sub] Subject * @prop {string | string[]} [aud] Audience * @prop {string} [exp] Expiration Time * @prop {string} [nbf] Not Before * @prop {string} [iat] Issued At * @prop {string} [jti] JWT ID */ export type JwtPayload<T = { [key: string]: any; }> = { /** Issuer */ iss?: string; /** Subject */ sub?: string; /** Audience */ aud?: string | string[]; /** Expiration Time */ exp?: number; /** Not Before */ nbf?: number; /** Issued At */ iat?: number; /** JWT ID */ jti?: string; } & T; /** * @typedef JwtOptions * @prop {JwtAlgorithm | string} algorithm */ export type JwtOptions = { algorithm?: JwtAlgorithm | string; }; /** * @typedef JwtSignOptions * @extends JwtOptions * @prop {JwtHeader} [header] */ export type JwtSignOptions<T> = { header?: JwtHeader<T>; } & JwtOptions; /** * @typedef JwtVerifyOptions * @extends JwtOptions * @prop {boolean} [throwError=false] If `true` throw error if checks fail. (default: `false`) */ export type JwtVerifyOptions = { /** * Clock tolerance to help with slightly out of sync systems */ clockTolerance?: number; /** * If `true` throw error if checks fail. (default: `false`) * * @default false */ throwError?: boolean; } & JwtOptions; /** * @typedef JwtData * @prop {JwtHeader} header * @prop {JwtPayload} payload */ export type JwtData<Payload = {}, Header = {}> = { header: JwtHeader<Header>; payload: JwtPayload<Payload>; }; /** * Signs a payload and returns the token * * @param payload The payload object. To use `nbf` (Not Before) and/or `exp` (Expiration Time) add `nbf` and/or `exp` to the payload. * @param secret A string which is used to sign the payload. * @param [options={ algorithm: "HS256", header: { typ: "JWT" } }] The options object or the algorithm. * @throws If there"s a validation issue. * @returns Returns token as a `string`. */ export declare function sign<Payload = {}, Header = {}>(payload: JwtPayload<Payload>, secret: string | JsonWebKeyWithKid | CryptoKey | undefined, options?: JwtSignOptions<Header> | JwtAlgorithm): Promise<string>; /** * Verifies the integrity of the token and returns a boolean value. * * @param token The token string generated by `sign()`. * @param secret The string which was used to sign the payload. * @param options The options object or the algorithm. * @throws Throws integration errors and if `options.throwError` is set to `true` also throws `NOT_YET_VALID`, `EXPIRED` or `INVALID_SIGNATURE`. * @returns Returns the decoded token or `undefined`. */ export declare function verify<Payload = {}, Header = {}>(token: string, secret: string | JsonWebKeyWithKid | CryptoKey | undefined, options?: JwtVerifyOptions | JwtAlgorithm): Promise<JwtData<Payload, Header> | undefined>; /** * Returns the payload **without** verifying the integrity of the token. Please use `verify()` first to keep your application secure! * * @param token The token string generated by `sign()`. * @returns Returns an `object` containing `header` and `payload`. */ export declare function decode<Payload = {}, Header = {}>(token: string): JwtData<Payload, Header>; declare const _default: { sign: typeof sign; verify: typeof verify; decode: typeof decode; }; export default _default;