id-token/dist/compute-hash.js

OpenID Connect ID Token

'use strict';

Object.defineProperty(exports, "__esModule", {
  value: true
});
exports.default = computeHash;

var _assert = require('assert');

var _assert2 = _interopRequireDefault(_assert);

var _crypto = require('crypto');

var _crypto2 = _interopRequireDefault(_crypto);

function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }

// Based on https://tools.ietf.org/html/rfc7518#section-3.1
var algHashMapping = {
  'HS256': 'sha256',
  'HS384': 'sha384',
  'HS512': 'sha512',
  'RS256': 'sha256',
  'RS384': 'sha384',
  'RS512': 'sha512'
};
// 'ES256': 'SHA256',
// 'ES384': 'SHA384',
// 'ES512': 'SHA512',
function isNonEmptyString(value) {
  return typeof value === 'string' && !!value;
}

function computeHash(alg, accessTokenOrCode) {
  _assert2.default.ok(!!algHashMapping[alg], 'Invalid algorithm');
  _assert2.default.ok(isNonEmptyString(accessTokenOrCode), 'Argument "accessTokenOrCode" required (string)');

  // Implementation of Access Token hash (at_hash claim) or Code hash (c_hash claim)
  // http://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.3.2.11
  var hash = _crypto2.default.createHash(algHashMapping[alg]);
  hash.update(accessTokenOrCode);
  var digest = hash.digest();
  var base64Hash = digest.toString('base64', 0, digest.length / 2);

  // Implementation of base64url Encoding without Padding
  // http://tools.ietf.org/html/rfc7515#appendix-C
  return base64Hash.split('=')[0] // Remove any trailing '='s
  .replace('+', '-') // 62nd char of encoding
  .replace('/', '_'); // 63rd char of encoding
}
//# sourceMappingURL=compute-hash.js.map