Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
if (!alg) {
const algs = new Set();
keystore.all().forEach((key) => {
key.algorithms('sign').forEach(Set.prototype.add.bind(algs));
});
const supported = this.issuer[`${endpoint}_endpoint_auth_signing_alg_values_supported`];
alg = Array.isArray(supported) && supported.find((signAlg) => algs.has(signAlg));
}
const key = keystore.get({ alg, use: 'sig' });
if (!key) {
throw new TypeError(`no key found in client jwks to sign a client assertion with using alg ${alg}`);
}
return jose.JWS.sign(payload, key, { alg, typ: 'JWT', kid: key.kid });
}
const symmetric = alg.startsWith('HS');
if (symmetric) {
key = await this.joseSecret();
} else {
const keystore = instance(this).get('keystore');
if (!keystore) {
throw new TypeError(`no keystore present for client, cannot sign using alg ${alg}`);
}
key = keystore.get({ alg, use: 'sig' });
if (!key) {
throw new TypeError(`no key to sign with found for alg ${alg}`);
}
}
signed = jose.JWS.sign(payload, key, {
...header,
kid: symmetric ? undefined : key.kid,
});
}
if (!algorithms.encrypt.alg) {
return signed;
}
const fields = { alg: algorithms.encrypt.alg, enc: algorithms.encrypt.enc, cty: 'JWT' };
if (fields.alg.match(/^(RSA|ECDH)/)) {
key = await this.issuer.key({
alg: fields.alg,
enc: fields.enc,
use: 'enc',