diff --git a/index.js b/index.js index c3db3b0..eea1b0d 100644 --- a/index.js +++ b/index.js @@ -1,5 +1,7 @@ 'use strict' +var xtend = require('xtend') + const crypto = require('crypto') const b64url = require('base64-url') const inherits = require('util').inherits @@ -43,7 +45,10 @@ function encode (key, payload, algorithm, cb) { return prcResult(validationError, null, cb) } - var parts = b64url.encode(JSON.stringify({typ: 'JWT', alg: algorithm})) + + var header = xtend({typ: 'JWT', alg: algorithm}, payload.header); + delete payload.header; + + var parts = b64url.encode(JSON.stringify(header)) + '.' + b64url.encode(JSON.stringify(payload)) diff --git a/package.json b/package.json index 6936dd7..a4d1dbe 100644 --- a/package.json +++ b/package.json @@ -39,7 +39,8 @@ "homepage": "https://github.com/joaquimserafim/json-web-token", "dependencies": { "base64-url": "^1.2.2", - "json-parse-safe": "^1.0.3" + "json-parse-safe": "^1.0.3", + "xtend": "^4.0.1" }, "devDependencies": { "istanbul": "^0.4.3", diff --git a/test/test.js b/test/test.js index 95b7449..1b77269 100644 --- a/test/test.js +++ b/test/test.js @@ -4,12 +4,16 @@ var read = require('fs').readFileSync var test = require('tape') var b64url = require('base64-url') var jwt = require('../.') +var xtend = require('xtend') var payload = { iss: 'my_issurer', aud: 'World', iat: 1400062400223, typ: '/online/transactionstatus/v2', + header: { + kid: 'TestKeyId' + }, request: { myTransactionId: '[myTransactionId]', merchantTransactionId: '[merchantTransactionId]', @@ -17,9 +21,16 @@ var payload = { } } +var extraHeaders = { + header: {kid: 'TestKeyId'} + }; + +var payloadWithHeaders = xtend(payload, extraHeaders); + var secret = 'TOPSECRETTTTT' var theToken = null var theTokenSign = null +var theTokenSignWithHeaders = null var algorithms test('get the error class', function(assert) { @@ -57,6 +68,17 @@ test('jwt - encode with callback / sign', function(assert) { }) }) +test('jwt + custom headers - encode with callback / sign', function(assert) { + var pem = read(__dirname + '/fixtures/test.pem').toString('ascii') + jwt.encode(pem, payloadWithHeaders, 'RS256', function(err, token) { + assert.deepEqual(err, null) + assert.ok(token) + theTokenSignWithHeaders = token + assert.deepEqual(token.split('.').length, 3) + assert.end() + }) +}) + test('jwt - encode with callback / bad algorithm', function(assert) { jwt.encode(secret, payload, 'wow', function(err) { assert.deepEqual(err.message, 'The algorithm is not supported!') @@ -81,6 +103,15 @@ test('jwt - decode with callback / sign', function(assert) { }) }) +test('jwt + custom headers - decode with callback / sign', function(assert) { + var crt = read(__dirname + '/fixtures/test.crt').toString('ascii') + jwt.decode(crt, theTokenSignWithHeaders, function(err, decodePayload) { + assert.deepEqual(err, null) + assert.deepEqual(decodePayload, payloadWithHeaders) + assert.end() + }) +}) + test('jwt - decode with callback / bad algorithm', function(assert) { var t = theToken.split('.').slice(1, 3) var badHeader = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJ3b3cifQ'