Skip to content

mharj/mharj-jwt-util

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

98 Commits

.devcontainer

.devcontainer

 
 

.github

.github

 
 

.vscode

.vscode

 
 

src

src

 
 

test

test

 
 

.eslintignore

.eslintignore

 
 

.eslintrc.json

.eslintrc.json

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

.prettierrc

.prettierrc

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

azure-pipelines.yml

azure-pipelines.yml

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

tsconfig.json

tsconfig.json

 
 

tsconfig.test.json

tsconfig.test.json

 
 

Repository files navigation

mharj-jwt-util

Build Status Azure DevOps coverage Maintainability

Json Webtoken Utility to validate OpenID tokens against issuer public ssl keys

  • Can build public PEM cert from modulus + exponent (i.e. Google)
  • Caches issuer OpenID configuration 24h
  • New Token "kid" forces reloading jwks_uri data.

Note: if running NodeJS less than 18.0.0 you need to install and use cross-fetch polyfill

Usage example

// with Bearer header
try {
	const {body, isCached} = await jwtBearerVerify(req.headers.authorization);
} catch (err) {
	console.log(err);
}
// or Just token
try {
	const {body, isCached} = await jwtVerify(process.env.GOOGLE_ID_TOKEN);
} catch (err) {
	console.log(err);
}

// attach logger to see http requests (console and log4js should be working)
setJwtLogger(console);

Enable file caching

await useCache(new FileCertCache({fileName: './certCache.json'}));

// or with Tachyon drive
await useCache(new TachyonCertCache(new FileStorageDriver('FileCertCacheDriver', './certCache.json', certCacheBufferSerializer)));

Enable verified token persist caching (Tachyon drive with encryption)

import {CacheMap, TachyonExpireCache} from 'tachyon-expire-cache';
import {CryptoBufferProcessor, FileStorageDriver} from 'tachyon-drive-node-fs';
import {IPersistSerializer} from 'tachyon-drive';

function cachePayloadSchema<T>(data: z.Schema<T>) {
	return z.object({
		data,
		expires: z.number().optional(),
	});
}
const anyObjectSchema = z.object({}).passthrough(); // or build token payload schema
const bufferSerializer: IPersistSerializer<CacheMap<TokenPayload, RawJwtToken>, Buffer> = {
	serialize: (data: CacheMap<TokenPayload, RawJwtToken>) => Buffer.from(JSON.stringify(Array.from(data))),
	deserialize: (buffer: Buffer) => new Map(JSON.parse(buffer.toString())),
	validator: (data: CacheMap<TokenPayload, RawJwtToken>) => z.map(z.string(), cachePayloadSchema(anyObjectSchema)).safeParse(data).success,
};
const processor = new CryptoBufferProcessor(Buffer.from('some-secret-key'));
const driver = new FileStorageDriver('TokenStorageDriver', './tokenCache.aes', bufferSerializer, processor);
const cache = new TachyonExpireCache<TokenPayload, RawJwtToken>(driver);

await setTokenCache(cache);

About

Json Webtoken Util

Topics

jwt discovery jsonwebtoken

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages