包详细信息

jsontokens

stacks-network233.5kMIT4.0.1

node.js library for encoding, decoding, and verifying JSON Web Tokens (JWTs)

jwt, json, web, token

自述文件

JSON Tokens JS

CircleCI npm npm npm Slack

node.js library for signing, decoding, and verifying JSON Web Tokens (JWTs) with the ES256K signature scheme (which uses the secp256k elliptic curve). This is currently the only supported signing and verification scheme for this library.

Installation

npm install jsontokens

Signing Tokens

import { TokenSigner } from 'jsontokens'

const rawPrivateKey = '278a5de700e29faae8e40e366ec5012b5ec63d36ec77e8a2417154cc1d25383f'
const tokenPayload = {"iat": 1440713414.85}
const token = new TokenSigner('ES256K', rawPrivateKey).sign(tokenPayload)

Creating Unsecured Tokens

import { createUnsecuredToken } from 'jsontokens'

const unsecuredToken = createUnsecuredToken(tokenPayload)

Decoding Tokens

import { decodeToken } = from 'jsontokens'
const tokenData = decodeToken(token)

Verifying Tokens

The TokenVerifier class will validate that a token is correctly signed. It does not perform checks on the claims in the payload (e.g., the exp field)--- checking the expiration field, etc., is left as a requirement for callers.

import { TokenVerifier } from 'jsontokens'
const rawPublicKey = '03fdd57adec3d438ea237fe46b33ee1e016eda6b585c3e27ea66686c2ea5358479'
const verified = new TokenVerifier('ES256K', rawPublicKey).verify(token)

Example Tokens

eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk

更新日志

Changelog

All notable changes to the project will be documented in this file.

4.0.1 (2022-08-27)

Bug Fixes

  • add base64url without buffer (7dc8d53)

4.0.0 (2022-08-25)

BREAKING CHANGES

  • Removes the buffer dependency and switches to the more modern Uint8Array

3.1.1 (2022-06-01)

Bug Fixes

  • allow compressed private keys (a7cfc6a)

3.1.0 (2022-05-31)

Features

  • replace crypto dependencies (50bc8eb)

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

[3.0.0]

Changed

  • Added async functions that use Web Crypto API used for hashing, if available. Otherwise uses the Node.js crypto module.

[2.0.3]

Changed

  • No longer exporting buggy @types/bn.js package. Lib consumers no longer require enabling synthetic default imports.

[2.0.2]

Changed

  • Fixed bug with type packages listed in devDependencies instead of dependencies.

[2.0.1]

Added

[2.0.0]

Changed

  • Ported to Typescript.

[1.0.0]

Changed

  • We now have an .eslintrc definition and code that passes that linting spec.

[0.8.0]

Added

  • You can now add custom header fields to the JWS header by passing an object to the TokenSigner.sign() method's customHeader parameter.

Changed

  • Use Buffer.from instead of deprecated new Buffer()