UNPKG

jose

Version:

Universal 'JSON Web Almost Everything' - JWA, JWS, JWE, JWT, JWK with no dependencies

github.com/panva/jose

panva/jose

33 lines (32 loc) 1.3 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
import { decoder } from '../lib/buffer_utils.js'; import * as base64url from '../runtime/base64url.js'; import { JWTInvalid } from '../util/errors.js'; import jwtPayload from '../lib/jwt_claims_set.js'; import ProduceJWT from '../lib/jwt_producer.js'; export default class UnsecuredJWT extends ProduceJWT { encode() { const header = base64url.encode(JSON.stringify({ alg: 'none' })); const payload = base64url.encode(JSON.stringify(this._payload)); return `${header}.${payload}.`; } static decode(jwt, options) { if (typeof jwt !== 'string') { throw new JWTInvalid('Unsecured JWT must be a string'); } const { 0: encodedHeader, 1: encodedPayload, 2: signature, length } = jwt.split('.'); if (length !== 3 || signature !== '') { throw new JWTInvalid('Invalid Unsecured JWT'); } let header; try { header = JSON.parse(decoder.decode(base64url.decode(encodedHeader))); if (header.alg !== 'none') throw new Error(); } catch (_a) { throw new JWTInvalid('Invalid Unsecured JWT'); } const payload = jwtPayload(header, base64url.decode(encodedPayload), options); return { payload, header }; } }