How to use jws - 10 common examples
To help you get started, we’ve selected a few jws examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
salrashid123 / gcpsamples / id_token / node / google-id-token.js View on Github 
fs.readFile(service_account_json, "utf-8", async (err, data) => {
var parsed_json = JSON.parse(data);
const iat = Math.floor(new Date().getTime() / 1000);
const exp = iat + 3600; // 3600 seconds = 1 hour
var payload = {
iss: parsed_json.client_email,
aud: "https://www.googleapis.com/oauth2/v4/token",
exp: exp,
iat: iat,
target_audience: "https://yourapp.appspot.com/"
}
const signature = jws.sign({
header: {alg: 'RS256', typ: 'JWT', kid: parsed_json.private_key_id},
payload: payload,
privateKey: parsed_json.private_key
});
console.log("***************** Google Id Token *****************");
console.log(signature);
console.log("Exchanging JWT for Google ID Token");
data = {
'grant_type' : 'urn:ietf:params:oauth:grant-type:jwt-bearer',
'assertion' : signature
}
var config = {
headers : {"Content-type": "application/x-www-form-urlencoded"}}
if (!decodedToken) {
return done(new JsonWebTokenError('invalid token'));
}
var header = decodedToken.header;
console.log({header});
// if (!~options.algorithms.indexOf(header.alg)) {
// return done(new JsonWebTokenError('invalid algorithm'));
// }
var valid;
try {
valid = jws.verify(jwtString, header.alg, secretOrPublicKey);
} catch (e) {
return done(e);
}
if (!valid)
return done(new JsonWebTokenError('invalid signature'));
var payload;
try {
payload = decode(jwtString);
} catch(err) {
return done(err);
}
if (typeof payload.nbf !== 'undefined' && !options.ignoreNotBefore) {Strategy.prototype.jwtVerify = function jwtVerifyFunc(req, token, metadata, optionsToValidate, done) {
const self = this;
const decoded = jws.decode(token);
let PEMkey = null;
if (decoded == null) {
return done(null, false, 'In Strategy.prototype.jwtVerify: Invalid JWT token.');
}
log.info('In Strategy.prototype.jwtVerify: token decoded: ', decoded);
// When we generate the PEMkey, there are two different types of token signatures
// we have to validate here. One provides x5t and the other a kid. We need to call
// the right one.
try {
if (decoded.header.x5t) {
PEMkey = metadata.generateOidcPEM(decoded.header.x5t);
} else if (decoded.header.kid) {
PEMkey = metadata.generateOidcPEM(decoded.header.kid);function generateJWT(payload, secret, alg) {
var body = {
header: { alg: alg || 'HS256' }, // Default to hash
secret: secret,
payload: payload };
return jwt.sign(body);
}function unpackJWS (signature, callback) {
const parts = jws.decode(signature);
if (!parts)
return callback(makeError('jws-decode'));
if (/^hs/i.test(parts.header.alg))
return callback(makeError('jws-algorithm'));
const payload = jsonParse(parts.payload);
if (!payload)
return callback(makeError('jws-payload-parse'));
payload.header = parts.header;
return callback(null, payload);
}function printProfile (name, profile, details) {
console.log('Profile: '.blue, name.green);
console.log('URL: '.blue, profile.url);
console.log('Container: '.blue, profile.container);
console.log('Token: '.blue, profile.token);
if (details) {
var json = JSON.parse(Jws.decode(profile.token).payload);
var keys = Object.keys(json).sort();
keys.forEach(function (key) {
var name = 'Token.' + key + ':';
while (name.length < 11) name += ' ';
console.log(name.blue, json[key]);
});
}
}}
if (!decodedToken) {
return done(new JsonWebTokenError('invalid token'));
}
var header = decodedToken.header;
console.log({header});
if (!~options.algorithms.indexOf(header.alg)) {
return done(new JsonWebTokenError('invalid algorithm'));
}
var valid;
try {
valid = jws.verify(jwtString, header.alg, secretOrPublicKey);
} catch (e) {
return done(e);
}
if (!valid)
return done(new JsonWebTokenError('invalid signature'));
var payload;
try {
payload = decode(jwtString);
} catch(err) {
return done(err);
}
if (typeof payload.nbf !== 'undefined' && !options.ignoreNotBefore) {}
if (!decodedToken) {
return done(new JsonWebTokenError('invalid token'));
}
var header = decodedToken.header;
console.log({header});
if (!~options.algorithms.indexOf(header.alg)) {
return done(new JsonWebTokenError('invalid algorithm'));
}
var valid;
try {
valid = jws.verify(jwtString, header.alg, secretOrPublicKey);
} catch (e) {
return done(e);
}
if (!valid)
return done(new JsonWebTokenError('invalid signature'));
var payload;
try {
payload = decode(jwtString);
} catch(err) {
return done(err);
}
if (typeof payload.nbf !== 'undefined' && !options.ignoreNotBefore) {}
if (!decodedToken) {
return done(new JsonWebTokenError('invalid token'));
}
var header = decodedToken.header;
console.log({decodedToken});
if (!~options.algorithms.indexOf(header.alg)) {
return done(new JsonWebTokenError('invalid algorithm'));
}
var valid;
try {
valid = jws.verify(jwtString, header.alg, secretOrPublicKey);
} catch (e) {
return done(e);
}
if (!valid)
return done(new JsonWebTokenError('invalid signature'));
var payload;
try {
payload = decode(jwtString);
} catch(err) {
return done(err);
}
if (typeof payload.nbf !== 'undefined' && !options.ignoreNotBefore) {return done(new JsonWebTokenError('secret or public key must be provided'));
}
if (!options.algorithms) {
options.algorithms = ~secretOrPublicKey.toString().indexOf('BEGIN CERTIFICATE') ||
~secretOrPublicKey.toString().indexOf('BEGIN PUBLIC KEY') ?
[ 'RS256','RS384','RS512','ES256','ES384','ES512' ] :
~secretOrPublicKey.toString().indexOf('BEGIN RSA PUBLIC KEY') ?
[ 'RS256','RS384','RS512' ] :
[ 'HS256','HS384','HS512' ];
}
var decodedToken;
try {
decodedToken = jws.decode(jwtString);
} catch(err) {
return done(new JsonWebTokenError('invalid token'));
}
if (!decodedToken) {
return done(new JsonWebTokenError('invalid token'));
}
var header = decodedToken.header;
if (!~options.algorithms.indexOf(header.alg)) {
return done(new JsonWebTokenError('invalid algorithm'));
}
var valid;
