Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
if (!dPoPConfig.enabled) {
return undefined;
}
if ('dpop' in instance(this)) {
return instance(this).dpop;
}
const token = this.ctx.get('DPoP');
if (!token) {
return undefined;
}
try {
const { header, payload } = JWT.decode(token, { complete: true });
let key;
if (header.typ !== 'dpop+jwt') {
throw new Error('typ must be dpop+jwt');
}
if (typeof header.alg !== 'string' || !header.alg || header.alg === 'none' || header.alg.startsWith('HS')) {
throw new Error('invalid alg');
}
if (!instance(provider).configuration('dPoPSigningAlgValues').includes(header.alg)) {
throw new Error('unsupported alg');
}
if (typeof header.jwk !== 'object' || !header.jwk) {
throw new Error('header must have a jwk');
}
try {
key = JWK.asKey(header.jwk);