Skip to content

Latest commit

 

History

History
120 lines (82 loc) · 3.15 KB

README.md

File metadata and controls

120 lines (82 loc) · 3.15 KB

keylab

codecov npm version code style: prettier bundle size

Keylab is a Node.js library designed to simplify the creation and validation of JSON Web Tokens, eliminating the need for prior knowledge in cryptography.

Install

with yarn

yarn add keylab

with pnpm

pnpm add keylab

with npm

npm install keylab

Get Started

Signin a Token with a Private key

// ES256

import {getKeyPair, signJwtWithPrivateKey, Algs} from "keylab"

const keyPairES256 = await getKeyPair({
    keyFormat: "pem",
    algorithmIdentifier: Algs?.ES256,
    keySize: 4096
});

const signedPayloadEs256 = await signJwtWithPrivateKey(
    {
        aid: "12345",
        sub: "sub:12345",
        iss: "issuer:12345",
        aud: ["aud:12345"],
        scp: ["a", "b:c", "d"].join(" ")
    },
    Algs.ES256,
    keyPairES256.privateKey
);

Verify a token with private key (symetric)

  • HS256
import {verifyHSTokenWithSecretString, Algs} from "keylab"

const isVerified = await verifyHSTokenWithSecretString(
    signedToken,
    SECRET_STRING,
    Algs.HS256
);

Verify a token with a public OpenID endpoint (asymetric)

  • ES512
import {checkTokenValidness} from "keylab"

const signedPayloadEs512 = "ey.....";
const jwksUri = "https://id.authdog.com/oidc/.well-known/jwks.json";

const isValid = await checkTokenValidness(
    signedPayloadEs512,
    {
        jwksUri
    }
);

Changelog

  • 0.1.32: Leverage Adhoc keys
  • 0.1.31: Bump jose dependency, fix fetch in Jest, enable Ed25519, Ed448
  • 0.1.30: Fix support for adhoc jwks
  • 0.1.26: Remove fetchJwksWithUri, remove node-fetch dependency
  • 0.1.20: Improve Cloudflare Workers compatibility for verify
  • 0.1.19: Export getKeyPair
  • 0.1.18: Export pemToJwk
  • 0.1.14: Extract alg to verify token with PEM
  • 0.1.13: Validate tokens signed with PEM
  • 0.1.12:
  • Remove jws from dependencies
  • improve compatibility with Cloudflare Workers
  • 0.1.11: Add support for keyid injection in jwt header (required for Apple OAuth2.0 flow)
  • 0.0.0: JWT signed with a JSON Web Key can be "ad-hoc" validated
  • 0.0.0: verifyRSATokenWithUri has been replaced with verifyRSAToken

Issue Reporting

If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

References

License

This project is licensed under the MIT license. See the LICENSE file for more info.