How to use the jose.JWT function in jose

To help you get started, we’ve selected a few jose examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github adamyi / CTFProxy / infra / xssbot / server.js View on Github external
app.get("/", async function (req, res) {
    console.log("incoming request");
    let token = req.headers["x-ctfproxy-jwt"];
    console.log(token);
    var djwt;
    if (token) {
      try {
        djwt = jose.JWT.verify(token, publicKEY);
      } catch (err) {
        console.log("token invalid");
        return res.json({ success: false, message: "Token is not valid" });
      }
    } else {
      console.log("auth token not supplied");
      return res.json({
        success: false,
        message: "Auth token is not supplied",
      });
    }

    if (!req.query.url) {
      console.log("no url");
      return res.json({ success: false, message: "url invalid" });
    }
github panva / node-openid-client / lib / client.js View on Github external
async validateJWT(jwt, expectedAlg, required = ['iss', 'sub', 'aud', 'exp', 'iat']) {
    const timestamp = now();
    let header;
    let payload;
    try {
      ({ header, payload } = jose.JWT.decode(jwt, { complete: true }));
    } catch (err) {
      throw new RPError({
        printf: ['failed to decode JWT (%s: %s)', err.name, err.message],
        jwt,
      });
    }

    if (header.alg !== expectedAlg) {
      throw new RPError({
        printf: ['unexpected JWT alg received, expected %s, got: %s', expectedAlg, header.alg],
        jwt,
      });
    }

    required.forEach(verifyPresence.bind(undefined, payload, jwt));
github panva / node-openid-client / lib / client.js View on Github external
const { iss } = payload;

    if (header.alg === 'none') {
      return payload;
    }

    let key;
    if (!iss || iss === this.issuer.issuer) {
      key = await this.issuer.key(header);
    } else if (issuerRegistry.has(iss)) {
      key = await issuerRegistry.get(iss).key(header);
    } else {
      const discovered = await this.issuer.constructor.discover(iss);
      key = await discovered.key(header);
    }
    return jose.JWT.verify(jwt, key);
  } catch (err) {
    if (err instanceof RPError || err instanceof OPError || err.name === 'AggregateError') {
      throw err;
    } else {
      throw new RPError({
        printf: ['failed to validate the %s JWT (%s: %s)', label, err.name, err.message],
        jwt,
      });
    }
  }
}

jose

JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes

MIT
Latest version published 13 days ago

Package Health Score

94 / 100
Full package analysis