Interface: JWTVerifyOptions

jwt/verify.JWTVerifyOptions

Combination of JWS Verification options and JWT Claims Set verification options.

Hierarchy

VerifyOptions
JWTClaimVerificationOptions

↳ JWTVerifyOptions

Properties

algorithms

• Optional algorithms: string[]

A list of accepted JWS "alg" (Algorithm) Header Parameter values. By default all "alg" (Algorithm) values applicable for the used key/secret are allowed. Note: "none" is never accepted.

Inherited from: VerifyOptions.algorithms

Defined in: types.d.ts:522

audience

• Optional audience: string | string[]

Expected JWT "aud" (Audience) Claim value(s).

Inherited from: JWTClaimVerificationOptions.audience

Defined in: types.d.ts:476

clockTolerance

• Optional clockTolerance: string | number

Expected clock tolerance

in seconds when number (e.g. 5)
parsed as seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours").

Inherited from: JWTClaimVerificationOptions.clockTolerance

Defined in: types.d.ts:483

crit

• Optional crit: object

An object with keys representing recognized "crit" (Critical) Header Parameter names. The value for those is either true or false. true when the Header Parameter MUST be integrity protected, false when it's irrelevant.

This makes the "Extension Header Parameter "${parameter}" is not recognized" error go away.

Use this when a given JWS/JWT/JWE profile requires the use of proprietary non-registered "crit" (Critical) Header Parameters. This will only make sure the Header Parameter is syntactically correct when provided and that it is optionally integrity protected. It will not process the Header Parameter in any way or reject if the operation if it is missing. You MUST still verify the Header Parameter was present and process it according to the profile's validation steps after the operation succeeds.

The JWS extension Header Parameter b64 is always recognized and processed properly. No other registered Header Parameters that need this kind of default built-in treatment are currently available.