Package detail

fast-jwt

nearform1.5mApache-2.06.0.2

Fast JSON Web Token implementation

jwt

readme

fast-jwt

Package Version CI

Fast JSON Web Token implementation.

Installation

Just run:

npm install fast-jwt

Usage

createSigner

Create a signer function by calling createSigner and providing one or more of the following options:

  • key: A string or a buffer containing the secret for HS* algorithms or the PEM encoded private key for RS*, PS*, ES* and EdDSA algorithms. If the key is a passphrase protected private key it must be an object (more details below). The key can also be a function accepting a Node style callback or a function returning a promise. This is the only mandatory option, which MUST NOT be provided if the token algorithm is none.

  • algorithm: The algorithm to use to sign the token. The default value is autodetected from the key, using RS256 for RSA private keys, HS256 for plain secrets and the corresponding ES or EdDSA algorithms for EC or Ed* private keys.

  • mutatePayload: If set to true, the original payload will be modified in place (via Object.assign) by the signing function. This is useful if you need a raw reference to the payload after claims have been applied to it but before it has been encoded into a token. Default is false.

  • expiresIn: Time span (in milliseconds or text describing time) after which the token expires, added as the exp claim in the payload as defined by the section 4.1.4 of RFC 7519. This will override any existing value in the claim.

    Eg: 60, "2 days", "10h", "7d". A numeric value is interpreted as a seconds count. If you use a string be sure you provide the time units (days, hours, etc), otherwise milliseconds unit is used by default ("120" is equal to "120ms"). For more info look into @lukeed/ms.

  • notBefore: Time span (in milliseconds or text describing time) before the token is active, added as the nbf claim in the payload as defined by the section 4.1.5 of RFC 7519. This will override any existing value in the claim.

    Eg: 60, "2 days", "10h", "7d". A numeric value is interpreted as a seconds count. If you use a string be sure you provide the time units (days, hours, etc), otherwise milliseconds unit is used by default ("120" is equal to "120ms"). For more info look into @lukeed/ms.

  • jti: The token unique identifier, added as the jti claim in the payload as defined by the section 4.1.7 of RFC 7519. This will override any existing value in the claim.

  • aud: The token audience, added as the aud claim in the payload as defined by the section 4.1.3 of RFC 7519. This claim identifies the recipients that the token is intended for. It must be a string or an array of strings. This will override any existing value in the claim.

  • iss: The token issuer, added as the iss claim in the payload as defined by the section 4.1.1 of RFC 7519. It must be a string. This will override any existing value in the claim.

  • sub: The token subject, added as the sub claim in the payload as defined by the section 4.1.2 of RFC 7519. It must be a string. This will override any existing value in the claim.

  • nonce: The token nonce, added as the nonce claim in the payload. The nonce value is used to associate a Client session with an ID Token. Note that this is a IANA JSON Web Token Claims Registry public claim registered by OpenID Connect (OIDC). It must be a string. This will override any existing value in the claim.

  • kid: The token key id, added as the kid claim in the header section (see section 4.1.4 of RFC 7515 and section 4.5 of RFC 7517). It must be a string.

  • header: Additional claims to add to the header section. This will override the typ and kid claims.

  • noTimestamp: If set to true, the iat claim should not be added to the token. Default is false.

  • clockTimestamp: The timestamp in milliseconds (like the output of Date.now()) that should be used as the current time for all necessary time comparisons. Default is the system time.

The signer is a function which accepts a payload and returns the token.

The payload must be an object.

If the key option is a function, the signer will also accept a Node style callback and will return a promise, supporting therefore both callback and async/await styles.

If the key is a passphrase protected private key, the algorithm option must be provided and must be either a RS* or ES* encoded key and the key option must be an object with the following structure:

{
  key: '<YOUR_RSA_ENCRYPTED_PRIVATE_KEY>',
  passphrase: '<PASSPHRASE_THAT_WAS_USED_TO_ENCRYPT_THE_PRIVATE_KEY>'
}

Example

const { createSigner } = require('fast-jwt')

// Sync style
const signSync = createSigner({ key: 'secret' })
const token = signSync({ a: 1, b: 2, c: 3 })
// => eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhIjoxLCJiIjoyLCJjIjozLCJpYXQiOjE1Nzk1MjEyMTJ9.mIcxteEVjbh2MnKQ3EQlojZojGSyA_guqRBYHQURcfnCSSBTT2OShF8lo9_ogjAv-5oECgmCur_cDWB7x3X53g

// Callback style
const signWithCallback = createSigner({ key: (callback) => callback(null, 'secret') })

signWithCallback({ a: 1, b: 2, c: 3 }, (err, token) => {
  // token === eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhIjoxLCJiIjoyLCJjIjozLCJpYXQiOjE1Nzk1MjEyMTJ9.mIcxteEVjbh2MnKQ3EQlojZojGSyA_guqRBYHQURcfnCSSBTT2OShF8lo9_ogjAv-5oECgmCur_cDWB7x3X53g
})

// Promise style - Note that the key function style and the signer function style are unrelated
async function test() {
  const signWithPromise = createSigner({ key: async () => 'secret' })

  const token = await signWithPromise({ a: 1, b: 2, c: 3 })
  // => eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhIjoxLCJiIjoyLCJjIjozLCJpYXQiOjE1Nzk1MjEyMTJ9.mIcxteEVjbh2MnKQ3EQlojZojGSyA_guqRBYHQURcfnCSSBTT2OShF8lo9_ogjAv-5oECgmCur_cDWB7x3X53g
}

// Using password protected private key - in this case you MUST provide the algorithm as well
const signSync = createSigner({
  algorithm: '<ANY_RS*_OR_ES*_ALGORITHM>',
  key: {
    key: '<YOUR_RSA_ENCRYPTED_PRIVATE_KEY>',
    passphrase: '<PASSPHRASE_THAT_WAS_USED_TO_ENCRYPT_THE_PRIVATE_KEY>'
  })
const token = signSync({ a: 1, b: 2, c: 3 })

createDecoder

Create a decoder function by calling createDecoder and providing one or more of the following options:

  • complete: Return an object with the decoded header, payload, signature and input (the token part before the signature), instead of just the content of the payload. Default is false.

  • checkTyp: When validating the decoded header, setting this option forces the check of the typ property against this value. Example: checkTyp: 'JWT'. Default is undefined.

The decoder is a function which accepts a token (as Buffer or string) and returns the payload or the sections of the token.

Examples

const { createDecoder } = require('fast-jwt')
const token =
  'eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhIjoxLCJiIjoyLCJjIjozLCJpYXQiOjE1Nzk1MjEyMTJ9.mIcxteEVjbh2MnKQ3EQlojZojGSyA_guqRBYHQURcfnCSSBTT2OShF8lo9_ogjAv-5oECgmCur_cDWB7x3X53g'

// Standard decoder
const decode = createDecoder()
const payload = decode(token)
// => { a: 1, b: 2, c: 3, iat: 1579521212 }

// Complete decoder
const decodeComplete = createDecoder({ complete: true })
const sections = decodeComplete(token)
/* => 
  { 
    header: { alg: 'HS512', typ: 'JWT' }, 
    payload: { a: 1, b: 2, c: 3, iat: 1579521212 },
    signature: 'mIcxteEVjbh2MnKQ3EQlojZojGSyA/guqRBYHQURcfnCSSBTT2OShF8lo9/ogjAv+5oECgmCur/cDWB7x3X53g==',
    input: 'eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhIjoxLCJiIjoyLCJjIjozLCJpYXQiOjE1Nzk1MjEyMTJ9' 
  }
*/

createVerifier

Create a verifier function by calling createVerifier and providing one or more of the following options:

  • key: A string or a buffer containing the secret for HS* algorithms or the PEM encoded public key for RS*, PS*, ES* and EdDSA algorithms. The key can also be a function accepting a Node style callback or a function returning a promise. This is the only mandatory option, which MUST NOT be provided if the token algorithm is none.

  • algorithms: List of strings with the names of the allowed algorithms. By default, all algorithms are accepted.

  • complete: Return an object with the decoded header, payload, signature and input (the token part before the signature), instead of just the content of the payload. Default is false.

  • cache: A positive number specifying the size of the verified tokens cache (using LRU strategy). Setting to true is equivalent to provide the size 1000. When enabled, as you can see in the benchmarks section below, performances dramatically improve. By default the cache is disabled.

  • cacheTTL: The maximum time to live of a cache entry (in milliseconds). If the token has a earlier expiration or the verifier has a shorter maxAge, the earlier takes precedence. The default is 600000, which is 10 minutes.

  • errorCacheTTL: A number or function function (tokenError) => number that represents the maximum time to live of a cache error entry (in milliseconds). Example: the key function fails or does not return a secret or public key. By default errors are not cached, the errorCacheTTL default value is -1.

  • allowedJti: A string, a regular expression, an array of strings or an array of regular expressions containing allowed values for the id claim (jti). By default, all values are accepted.

  • allowedAud: A string, a regular expression, an array of strings or an array of regular expressions containing allowed values for the audience claim (aud). By default, all values are accepted.

  • allowedIss: A string, a regular expression, an array of strings or an array of regular expressions containing allowed values for the issuer claim (iss). By default, all values are accepted.

  • allowedSub: A string, a regular expression, an array of strings or an array of regular expressions containing allowed values for the subject claim (sub). By default, all values are accepted.

  • allowedNonce: A string, a regular expression, an array of strings or an array of regular expressions containing allowed values for the nonce claim (nonce). By default, all values are accepted.

  • requiredClaims: An array of strings containing which claims should exist in the token. By default, no claim is marked as required.

  • ignoreExpiration: Do not validate the expiration of the token. Default is false.

  • ignoreNotBefore: Do not validate the activation of the token. Default is false.

  • maxAge: The maximum allowed age (in milliseconds) for tokens to still be valid. By default this is not checked.

  • clockTimestamp: The timestamp in milliseconds (like the output of Date.now()) that should be used as the current time for all necessary time comparisons. Default is the system time.

  • clockTolerance: Timespan in milliseconds is the tolerance to apply to the current timestamp when performing time comparisons. Default is 0.

  • cacheKeyBuilder: The function that will be used to create the cache's key for each token. To mitigate the risk of leaking sensitive information and generate collisions, a hashing function is used by default.

The verifier is a function which accepts a token (as Buffer or string) and returns the payload or the sections of the token.

If the key option is a function, the signer will also accept a Node style callback and will return a promise, supporting therefore both callback and async/await styles.

Examples

const { createVerifier, TOKEN_ERROR_CODES } = require('fast-jwt')
const token =
  'eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhIjoxLCJiIjoyLCJjIjozLCJpYXQiOjE1Nzk1MjEyMTJ9.mIcxteEVjbh2MnKQ3EQlojZojGSyA_guqRBYHQURcfnCSSBTT2OShF8lo9_ogjAv-5oECgmCur_cDWB7x3X53g'

// Sync style
const verifySync = createVerifier({ key: 'secret' })
const payload = verifySync(token)
// => { a: 1, b: 2, c: 3, iat: 1579521212 }

// Callback style with complete return
const verifyWithCallback = createVerifier({ key: callback => callback(null, 'secret'), complete: true })

verifyWithCallback(token, (err, sections) => {
  /*
  sections === {
    header: { alg: 'HS512', typ: 'JWT' },
    payload: { a: 1, b: 2, c: 3, iat: 1579521212 },
    signature: 'mIcxteEVjbh2MnKQ3EQlojZojGSyA/guqRBYHQURcfnCSSBTT2OShF8lo9/ogjAv+5oECgmCur/cDWB7x3X53g==',
    input: 'eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhIjoxLCJiIjoyLCJjIjozLCJpYXQiOjE1Nzk1MjEyMTJ9'
  }
*/
})

// Promise style - Note that the key function style and the verifier function style are unrelated
async function test() {
  const verifyWithPromise = createVerifier({ key: async () => 'secret' })

  const payload = await verifyWithPromise(token)
  // => { a: 1, b: 2, c: 3, iat: 1579521212 }
}

// custom errorCacheTTL verifier
const verifier = createVerifier({
  key: 'secret',
  cache: true,
  errorCacheTTL: tokenError => {
    // customize the ttl based on the error code
    if (tokenError.code === TOKEN_ERROR_CODES.invalidKey) {
      return 1000
    }
    return 2000
  }
})

Creating a certificate

Many different algorithms are supported and appropriate certificates can be created through various external applications. Here is one example to create RSA certificates with openssl.

PRIVATE_PEM="./jwt-private.pem"
PUBLIC_PEM="./jwt-public.pem"

ssh-keygen -t rsa -b 2048 -m PEM -f "$PRIVATE_PEM" -q -N ""
openssl rsa -in "$PRIVATE_PEM" -pubout -outform PEM -out "$PUBLIC_PEM" 2>/dev/null
rm "$PRIVATE_PEM.pub"

Algorithms supported

This is the lisf of currently supported algorithms:

Name Description
none Empty algorithm - The token signature section will be empty
HS256 HMAC using SHA-256 hash algorithm
HS384 HMAC using SHA-384 hash algorithm
HS512 HMAC using SHA-512 hash algorithm
ES256 ECDSA using P-256 curve and SHA-256 hash algorithm
ES384 ECDSA using P-384 curve and SHA-384 hash algorithm
ES512 ECDSA using P-521 curve and SHA-512 hash algorithm
RS256 RSASSA-PKCS1-v1_5 using SHA-256 hash algorithm
RS384 RSASSA-PKCS1-v1_5 using SHA-384 hash algorithm
RS512 RSASSA-PKCS1-v1_5 using SHA-512 hash algorithm
PS256 RSASSA-PSS using SHA-256 hash algorithm
PS384 RSASSA-PSS using SHA-384 hash algorithm
PS512 RSASSA-PSS using SHA-512 hash algorithm
EdDSA EdDSA tokens using Ed25519 or Ed448 keys, only supported on Node.js 12+

Caching

fast-jwt supports caching of verified tokens.

The cache layer, powered by mnemonist, is a LRU cache which dimension is controlled by the user, as described in the options list.

When caching is enabled, verified tokens are always stored in cache. If the verification fails once, the error is cached as well for the time set by errorCacheTTL and the operation is not retried.

For verified tokens, caching considers the time sensitive claims of the token (iat, nbf and exp) and make sure the verification is retried after a token becomes valid or after a token becomes expired.

Performances improvements varies by uses cases and by the type of the operation performed and the algorithm used.

The default cacheKeyBuilder is a function that hashes the token. This provides a good level of protection against sensitive information leaks, but it also has a significant performance impact (almost 10x slower, as it's a CPU bound operation). If you are using caching and you are not concerned about potential information leaks you can use the identity function as cacheKeyBuilder to improve them.

For a detailed discussion about it, take a look at this issue.

Note: Errors are not cached by default, to change this behaviour use the errorCacheTTL option.

Token Error Codes

Error codes exported by TOKEN_ERROR_CODES.

Error Handling

When using the verifier, errors can occur due to various reasons such as an expired token, an invalid signature, or a malformed token. fast-jwt throws a TokenError when such issues are encountered. You can catch this error and inspect its code property to determine the specific cause of the error. The possible values for the code property are listed in the TOKEN_ERROR_CODES object (see the "Token Error Codes" section above for more details).

const { createVerifier, createSigner, TOKEN_ERROR_CODES } = require('fast-jwt')

// Example 1: Handling an expired token
const sign = createSigner({ key: 'secret', expiresIn: '1ms' }) // Token expires almost immediately
const verify = createVerifier({ key: 'secret' })

const expiredToken = sign({ foo: 'bar' })

// Wait for a moment to ensure the token expires
setTimeout(() => {
  try {
    verify(expiredToken)
  } catch (err) {
    if (err.code === TOKEN_ERROR_CODES.expired) {
      console.error('Token verification failed because the token has expired.')
      // Handle expired token error (e.g., prompt user to re-authenticate)
    } else {
      console.error('An unexpected error occurred:', err.message)
    }
  }
}, 100); // Wait 100ms, which is longer than the token's 1ms validity

// Example 2: Handling an invalid signature (e.g., wrong secret)
const correctSigner = createSigner({ key: 'correct-secret' })
const verifierWithWrongKey = createVerifier({ key: 'wrong-secret' })

const tokenSignedWithCorrectKey = correctSigner({ data: 'payload' })

try {
  verifierWithWrongKey(tokenSignedWithCorrectKey)
} catch (err) {
  if (err.code === TOKEN_ERROR_CODES.invalidSignature) {
    console.error('Token verification failed due to an invalid signature. This might be due to a key mismatch.')
    // Handle invalid signature error
  } else {
    console.error('An unexpected error occurred:', err.message)
  }
}

JWKS

JWKS is supported via get-jwks. Check out the documentation for integration examples.

Benchmarks

See benchmarks

Contributing

See CONTRIBUTING.md

License

Licensed under the Apache-2.0 license.

banner

changelog

2021-12-30 / 1.4.1

  • feat: Release v1.4.1 (#178)
  • feat: Distinguish between sync & async methods in types (#177)
  • chore(deps): bump actions/setup-node from 2.5.0 to 2.5.1 (#176)
  • chore: use major version of notify release action
  • chore(deps): bump nearform/github-action-notify-release (#175)
  • chore(deps-dev): bump @types/node from 16.11.14 to 17.0.1 (#172)
  • feat: Update release.yml to use the new token naming convention (#169)
  • chore(deps): bump fastify/github-action-merge-dependabot from 2.7.1 to 3.0.2 (#168)
  • chore(deps): bump fastify/github-action-merge-dependabot (#166)

2021-12-01 / 1.4.0

  • feat: v1.4.0 (#163)
  • feat: Added support for x509 certificate public key (#161)
  • feat: Refactoring checkAreCompatibleAlgorithms function (#158)
  • chore(deps): bump actions/setup-node from 2.4.1 to 2.5.0 (#156)
  • chore(deps): bump actions/cache from 2.1.6 to 2.1.7 (#154)
  • feat: Added JwtHeader type definition (#153)
  • refactor (docs): Improve documentation (#151)
  • chore(deps): bump mnemonist from 0.38.5 to 0.39.0 (#150)
  • chore(deps-dev): bump tsd from 0.18.0 to 0.19.0 (#149)
  • chore(deps): bump fastify/github-action-merge-dependabot (#148)
  • refactor (docs): fix mutatePayload definition sentence (#146)
  • chore: use main for optic action to test (#144)

2021-11-10 / 1.3.2

  • feat: v1.3.2 (#141)
  • feat: 1.3.1 (#140)
  • chore: Updated README with missing information (#138)
  • chore(deps): bump nearform/optic-release-automation from 2.1.3 to 2.1.4 (#132)
  • chore(deps): bump nearform/optic-release-automation from 2.1.2 to 2.1.3 (#130)
  • chore(deps): bump nearform/optic-release-automation from 2.1.0 to 2.1.2 (#128)
  • fix: bump optic-release-automation (#126)
  • fix: bump optic-release-automation (#124)
  • fix: ci (#123)
  • chore(deps): bump nearform/optic-release-automation from 1.0.1 to 2.0.0 (#122)
  • fix: release ci (#121)
  • chore(deps): bump actions/checkout from 2.3.5 to 2.4.0 (#120)
  • feat: Add support for ES* password protected private keys (#119)

2021-11-01 / 1.3.0

  • feat: Bumped v1.3.0
  • feat: Support passphrase protected keys (#117)
  • docs: remove readme deps badge
  • chore(deps): bump actions/checkout from 2.3.4 to 2.3.5 (#114)
  • chore(deps-dev): bump tsd from 0.17.0 to 0.18.0 (#112)
  • chore(deps-dev): bump @sinonjs/fake-timers from 7.1.2 to 8.0.1 (#110)
  • chore(deps): bump actions/setup-node from 2.4.0 to 2.4.1 (#109)
  • chore(deps): bump fastify/github-action-merge-dependabot (#108)
  • chore(deps-dev): bump eslint-config-standard-with-typescript (#107)
  • chore(deps-dev): bump cronometro from 0.8.0 to 1.0.0 (#106)
  • chore(deps): bump fastify/github-action-merge-dependabot (#105)
  • chore(deps): bump fastify/github-action-merge-dependabot (#104)
  • chore(deps): bump actions/setup-node from 2.3.2 to 2.4.0 (#103)
  • chore(deps): bump actions/setup-node from 2.3.1 to 2.3.2 (#102)
  • chore(deps): bump actions/setup-node from 2.3.0 to 2.3.1 (#101)
  • chore(deps): bump actions/setup-node from 2.2.0 to 2.3.0 (#100)
  • chore(deps-dev): bump @types/node from 15.14.1 to 16.0.0 (#98)
  • chore(deps): bump fastify/github-action-merge-dependabot (#97)
  • chore(deps): bump actions/setup-node from 2.1.5 to 2.2.0 (#96)

2021-06-18 / 1.2.0

  • feat: Bumped v1.2.0
  • chore(deps): bump nearform/github-action-notify-release (#95)
  • chore(deps-dev): bump tsd from 0.16.0 to 0.17.0 (#94)
  • chore(deps-dev): bump tsd from 0.15.1 to 0.16.0 (#92)
  • chore(deps): bump nearform/github-action-notify-release (#91)
  • chore(deps): bump fastify/github-action-merge-dependabot (#90)
  • chore(deps): bump nearform/github-action-notify-release (#87)
  • chore(deps): bump actions/cache from 2.1.5 to 2.1.6 (#88)
  • chore(deps): bump fastify/github-action-merge-dependabot (#86)
  • ci: add github-actions-release-notify (#85)
  • chore(deps-dev): bump eslint-plugin-promise from 4.3.1 to 5.1.0 (#84)
  • chore(deps-dev): bump tsd from 0.14.0 to 0.15.0 (#83)
  • chore(deps-dev): bump @types/node from 14.14.42 to 15.0.0 (#81)
  • chore(deps): bump actions/cache from v2.1.4 to v2.1.5 (#78)
  • chore(deps-dev): bump tap from 14.11.0 to 15.0.2 (#75)
  • chore(deps): bump actions/cache from v2 to v2.1.4 (#72)
  • chore(deps): bump actions/checkout from v1 to v2.3.4 (#71)
  • chore(deps): bump actions/setup-node from v1 to v2.1.5 (#74)
  • chore(deps): bump fastify/github-action-merge-dependabot (#73)
  • chore: fix dependabot.yml file name
  • docs: reference get-jwks for JWKS support

2021-03-11 / 1.1.3

  • feat: Bumped v1.1.3
  • chore: add files field in package.json so benchmarks and other files are not bundled with package (#70)

2021-03-10 / 1.1.2

  • feat: Bumped v1.1.2
  • chore: remove benchmark directory from package bundle (#69)

2021-03-08 / 1.1.1

  • fix: Fixed allowed claims verification. (#67)
  • chore: update workflows and dependabot (#66)
  • feat: Merge pull request #61 from nearform/dependabot/npm_and_yarn/eslint-config-standard-with-typescript-20.0.0
  • chore(test-timers): Replace depreciated lolex with FakeTimers (#65)
  • chore(deps-dev): bump eslint-config-standard-with-typescript

2021-01-25 / 1.1.0

  • feat: Bumped v1.1.0
  • feat: Add support for exp claim in the payload (#59)

2021-01-21 / 1.0.0

  • feat: Merge pull request #57 from nearform/drop-experimental
  • feat: Drop experimental status
  • chore(deps-dev): bump cronometro from 0.6.0 to 0.8.0 (#55)
  • chore(deps-dev): bump eslint-plugin-standard from 4.1.0 to 5.0.0 (#52)
  • fix: incorrect error message (#56)
  • feat: Merge pull request #53 from nearform/dependabot/npm_and_yarn/tsd-0.14.0
  • chore(deps-dev): bump tsd from 0.13.1 to 0.14.0
  • chore(deps-dev): bump eslint-config-standard from 15.0.1 to 16.0.0 (#50)

2020-10-24 / 0.5.1

  • fix: Merge pull request #49 from nearform/fix-decoder-types
  • fix: Fixed key callback signature.
  • fix: Fixed creators signature.

2020-10-24 / 0.5.0

  • feat: Merge pull request #48 from nearform/typescript-2
  • feat: Use exact enumeration for TokenError codes.
  • fix: Export TokenError class.
  • chore(deps-dev): bump eslint-config-standard from 14.1.1 to 15.0.0 (#47)

2020-10-13 / 0.4.2

  • feat: Bumped v0.4.2
  • feat: Added TypeScript types. (#46)
  • chore(deps-dev): bump cronometro from 0.4.0 to 0.6.0 (#45)
  • chore(deps-dev): bump jose from 1.28.0 to 2.0.2 (#44)

2020-09-09 / 0.4.1

  • feat: Bumped v0.4.1
  • feat: Verify string typ (#42)

2020-09-08 / 0.4.0

  • feat: Bumped v0.4.0
  • feat: Header typ check (#40)

2020-09-04 / 0.3.1

  • fix: Merge pull request #39 from nearform/fix-payload-overwrite
  • feat: adjust filter and add test
  • feat: removes undefined props
  • feat: Update README.md (#37)

2020-08-27 / 0.3.0

  • feat: Adjustments to get full test coverage (#36)
  • feat: Payloads only objects (#35)

2020-08-17 / 0.2.0

  • feat: Bumped v0.2.0
  • feat: Throw on invalid payload (#31)
  • chore(deps-dev): bump fastify from 2.15.2 to 3.0.3 (#25)
  • chore(deps): bump mnemonist from 0.37.0 to 0.38.0 (#22)
  • chore(deps-dev): bump lolex from 5.1.2 to 6.0.0 (#19)
  • chore(deps-dev): bump prettier from 1.19.1 to 2.0.5 (#18)
  • chore(deps-dev): bump eslint from 6.8.0 to 7.3.1 (#17)
  • chore(deps): bump mnemonist from 0.32.0 to 0.37.0 (#20)

2020-06-23 / 0.1.1

  • feat: Bumped v0.1.1
  • feat: Added security disclaimer

2020-06-23 / 0.1.0

  • feat: Added myself to package.json
  • feat: Merge pull request #16 from nearform/node-12-crypto
  • chore: Minor improvement.
  • fix: Return right curve name.
  • chore: Improved benchmarking suite.
  • chore: Updated tests.
  • feat: Use newer crypto features if available.
  • chore: Update benchmarks.
  • feat: Merge pull request #15 from nearform/eddsa
  • chore: updated jose verify readme section
  • chore: updated jose verify
  • chore: Add compliance check with RFCs. [#9]
  • fix: Removed useless complexity.
  • chore: Updated benchmarks.
  • chore: Updated tests.
  • feat: Added EdDSA tokens support. [#11]
  • fix: Merge pull request #14 from nearform/fix-benchmarks
  • fix: Fixed Node 10 compatibility.
  • chore: Updated README.
  • chore: Updated tests.
  • feat: Crypto and performance improvements.
  • fix: Removed encoding as only UTF-8 should be supported.
  • fix: Fixed base64url decoding.
  • feat: Use timingSafeEqual for HMAC. Fixes #13. [#13]
  • chore: Regenerated benchmarks.
  • chore: Only consider RS512 for decoding.
  • feat: Merge pull request #12 from nearform/compliance
  • fix: Do not accept public keys for signing.
  • fix: Minor improvements.
  • feat: Autodetect token algorithm when signing.
  • feat: Rename secret option to key.
  • feat: Add default TTL to the verifier cache. [#7]
  • chore: Improved script.
  • fix: Use right hash algorithm for the cache. [#8]
  • chore: Regenerated keys. [#8]
  • chore: Improved key generation. [#8]
  • fix: Change the default for payload parsing to be JSON. [#8]
  • fix: Use hash as cache keys. [#8]
  • fix: Removed signing cache. Fixes #7. [#7]
  • chore: Added caching information in the README.
  • fix: Have case-sensitive algorithm matching.
  • feat: Merge pull request #6 from nearform/benchmarks
  • chore: Changed benchmark engine.
  • feat: Merge pull request #4 from nearform/caching
  • feat: Improved cache option validation for signing.
  • feat: Added signing caching.
  • feat: Tested cache layer.
  • chore: Minor code improvements.
  • feat(wip): Added caching layer.
  • feat: Merge pull request #1 from nearform/initial-version
  • fix: Fixed callback handling.
  • chore: Added benchmarks to the README
  • fix: Fixed tests.
  • fix: Handle subtle case.
  • feat: Added original error in case of decoding failures.
  • chore: Minor documentation improvements.
  • feat: Added compatibility test.
  • chore: Renamed function.
  • feat: Improved decoder performances.
  • chore: Readme typos.
  • feat: Added documentation and remove unnecessary code.
  • feat: Use single function approach.
  • feat: Improved performances by making code callback-first.
  • chore: Removed worker_threads.
  • chore: Added benchmarking suites.
  • fix: Fix stupid test typo.
  • fix: Fixing CI.
  • chore: Minor improvements.
  • feat(test): Tested the entire codebase.
  • chore: Fix CI configuration.
  • chore: Removed lockfiles.
  • chore: Reenable all tests.
  • feat(wip): Improving test coverage.
  • feat(wip): Initial version.