npm
Sign UpSign In

dorongrinstein-jwtverifier-1

1.0.3 • Public • Published

dorongrinstein-jwtverifier-1 is a library for validating JWTs.

Why was this library developed?

Where a JWT needs to be validated, this library is utilized. When the JWT issuer can rotate the key used for signing, the key ID (kid) header is specified by the issuer in the JWT header section. This library fetches a document from a specified place (URL or explicitly supplied object) and caches the valid public keys with their corresponding IDs. When a JWT is validated whose public key ID (kid) is not in the cache, this library fetches a new public keys document from the supplied URL (if applicable) assuming a new public key (corresponding to a new private key) which was not previously known is now being used by the JWT issuer. This library makes it easy to simply validate a JWT without having to worry about the key rotation concern. It also supports validation of valid issuers and the valid age (in seconds) of a JWT. This version of the library does not care about the expiration attribute conveyed by the JWT issuer, it enforces the JWT expiration by applying the validLifetimeSeconds (default 24 hours) in options (passed as 2nd parameter to the constructor)

Installation

npm install dorongrinstein-jwt-verifier-1 [--save]

Usage

let jwt = 'jwt goes here...';  
let verifier = new (require('dorongrinstein-jwt-verifier-1'))('http://localhost:5000/publickey');  
verifier.verify(jwt).then(function(validJwt) {console.log(validJwt)}, function(err) {console.log(err)});

Constructor Parameters

  1. public keys URL. This endpoint must return a JSON in the format {"keyid": "utf-8 encoded public key", "other keyid": "other public key"}
  2. options (for overriding the default settings see below)
  3. fixed public keys object of the same format described in 1 above

NOTE: You can only set either parameter 1 OR parameter 3 but NOT both. If you wish to set parameter 3, set parameter 1 to null. If you wish to pass parameter 1 do not pass parameter 3.

Default Settings

In order for a JWT to be considered valid it has to be issued (iss) by 'concur' and the iat (issued at) must be within the last 24 hours

Overriding the default settings

In order to specify an alternative issuer (other than concur) and an alternative lifespan (other than 24 hours), pass an options object in the second construtor parameter:

{"validIssuer": "blabla", "validLifetimeSeconds": 60*60*1} // this would set valid issuer to blabla and make the lifespan 1 hour

Author

doron.grinstein@concur.com

Readme

Keywords

Package Sidebar

Install

npm i dorongrinstein-jwtverifier-1

Weekly Downloads

1

Version

1.0.3

License

ISC

Last publish

Collaborators

  • dorongrinstein
Try on RunKit
Report malware