Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by becoming a sponsor.
The UnsecuredJWT class is a utility for dealing with { "alg": "none" } Unsecured JWTs.
This class is exported (as a named export) from the main 'jose' module entry point as well as
from its subpath export 'jose/jwt/unsecured'.
Encoding
const unsecuredJwt = new jose.UnsecuredJWT({ 'urn:example:claim': true })
.setIssuedAt()
.setIssuer('urn:example:issuer')
.setAudience('urn:example:audience')
.setExpirationTime('2h')
.encode()
console.log(unsecuredJwt)Decoding
const payload = jose.UnsecuredJWT.decode(unsecuredJwt, {
issuer: 'urn:example:issuer',
audience: 'urn:example:audience',
})
console.log(payload)▸ new UnsecuredJWT(payload): UnsecuredJWT
| Parameter | Type | Description |
|---|---|---|
payload |
JWTPayload |
The JWT Claims Set object. Defaults to an empty object. |
▸ static decode<PayloadType>(jwt, options?): UnsecuredResult<PayloadType>
Decodes an unsecured JWT.
| Type Parameter | Default type |
|---|---|
PayloadType |
JWTPayload |
| Parameter | Type | Description |
|---|---|---|
jwt |
string |
Unsecured JWT to decode the payload of. |
options? |
JWTClaimVerificationOptions |
JWT Claims Set validation options. |
UnsecuredResult<PayloadType>
▸ encode(): string
Encodes the Unsecured JWT.
string
▸ setAudience(audience): this
Set the "aud" (Audience) Claim.
| Parameter | Type | Description |
|---|---|---|
audience |
string | string[] |
"aud" (Audience) Claim value to set on the JWT Claims Set. |
this
▸ setExpirationTime(input): this
Set the "exp" (Expiration Time) Claim.
- If a
numberis passed as an argument it is used as the claim directly. - If a
Dateinstance is passed as an argument it is converted to unix timestamp and used as the claim. - If a
stringis passed as an argument it is resolved to a time span, and then added to the current unix timestamp and used as the claim.
Format used for time span should be a number followed by a unit, such as "5 minutes" or "1 day".
Valid units are: "sec", "secs", "second", "seconds", "s", "minute", "minutes", "min", "mins", "m", "hour", "hours", "hr", "hrs", "h", "day", "days", "d", "week", "weeks", "w", "year", "years", "yr", "yrs", and "y". It is not possible to specify months. 365.25 days is used as an alias for a year.
If the string is suffixed with "ago", or prefixed with a "-", the resulting time span gets subtracted from the current unix timestamp. A "from now" suffix can also be used for readability when adding to the current unix timestamp.
| Parameter | Type | Description |
|---|---|---|
input |
string | number | Date |
"exp" (Expiration Time) Claim value to set on the JWT Claims Set. |
this
▸ setIssuedAt(input?): this
Set the "iat" (Issued At) Claim.
- If no argument is used the current unix timestamp is used as the claim.
- If a
numberis passed as an argument it is used as the claim directly. - If a
Dateinstance is passed as an argument it is converted to unix timestamp and used as the claim. - If a
stringis passed as an argument it is resolved to a time span, and then added to the current unix timestamp and used as the claim.
Format used for time span should be a number followed by a unit, such as "5 minutes" or "1 day".
Valid units are: "sec", "secs", "second", "seconds", "s", "minute", "minutes", "min", "mins", "m", "hour", "hours", "hr", "hrs", "h", "day", "days", "d", "week", "weeks", "w", "year", "years", "yr", "yrs", and "y". It is not possible to specify months. 365.25 days is used as an alias for a year.
If the string is suffixed with "ago", or prefixed with a "-", the resulting time span gets subtracted from the current unix timestamp. A "from now" suffix can also be used for readability when adding to the current unix timestamp.
| Parameter | Type | Description |
|---|---|---|
input? |
string | number | Date |
"iat" (Expiration Time) Claim value to set on the JWT Claims Set. |
this
▸ setIssuer(issuer): this
Set the "iss" (Issuer) Claim.
| Parameter | Type | Description |
|---|---|---|
issuer |
string |
"Issuer" Claim value to set on the JWT Claims Set. |
this
▸ setJti(jwtId): this
Set the "jti" (JWT ID) Claim.
| Parameter | Type | Description |
|---|---|---|
jwtId |
string |
"jti" (JWT ID) Claim value to set on the JWT Claims Set. |
this
▸ setNotBefore(input): this
Set the "nbf" (Not Before) Claim.
- If a
numberis passed as an argument it is used as the claim directly. - If a
Dateinstance is passed as an argument it is converted to unix timestamp and used as the claim. - If a
stringis passed as an argument it is resolved to a time span, and then added to the current unix timestamp and used as the claim.
Format used for time span should be a number followed by a unit, such as "5 minutes" or "1 day".
Valid units are: "sec", "secs", "second", "seconds", "s", "minute", "minutes", "min", "mins", "m", "hour", "hours", "hr", "hrs", "h", "day", "days", "d", "week", "weeks", "w", "year", "years", "yr", "yrs", and "y". It is not possible to specify months. 365.25 days is used as an alias for a year.
If the string is suffixed with "ago", or prefixed with a "-", the resulting time span gets subtracted from the current unix timestamp. A "from now" suffix can also be used for readability when adding to the current unix timestamp.
| Parameter | Type | Description |
|---|---|---|
input |
string | number | Date |
"nbf" (Not Before) Claim value to set on the JWT Claims Set. |
this
▸ setSubject(subject): this
Set the "sub" (Subject) Claim.
| Parameter | Type | Description |
|---|---|---|
subject |
string |
"sub" (Subject) Claim value to set on the JWT Claims Set. |
this