Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
let key;
if (header.typ !== 'dpop+jwt') {
throw new Error('typ must be dpop+jwt');
}
if (typeof header.alg !== 'string' || !header.alg || header.alg === 'none' || header.alg.startsWith('HS')) {
throw new Error('invalid alg');
}
if (!instance(provider).configuration('dPoPSigningAlgValues').includes(header.alg)) {
throw new Error('unsupported alg');
}
if (typeof header.jwk !== 'object' || !header.jwk) {
throw new Error('header must have a jwk');
}
try {
key = JWK.asKey(header.jwk);
} catch (err) {
throw new Error('failed to import jwk');
}
if (key.type !== 'public') {
throw new Error('jwk must be a public key');
}
if (typeof payload.jti !== 'string' || !payload.jti) {
throw new Error('must have a jti string property');
}
if (typeof payload.iat !== 'number' || !payload.iat) {
throw new Error('must have a iat number property');
}
if (payload.htm !== this.ctx.method) {
throw new Error('htm mismatch');
}
if (payload.htu !== `${this.urlFor(this.route)}`) {
secret.forEach((secretString, i) => {
const key = JWK.asKey(deriveKey(secretString));
if (i === 0) {
current = key;
}
keystore.add(key);
});