JSPM

jwt-jwks-client

0.2.1
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 1
  • Score
    100M100P100Q32183F
  • License MIT

A client library that verifies a JWT token by retrieve signing keys from a JWKS (JSON Web Key Set) endpoint.

Package Exports

  • jwt-jwks-client

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (jwt-jwks-client) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

Build Status codecov License: MIT FOSSA Status


JWT JWKS Client

A client library that verifies a JWT token by retrieve signing keys from a JWKS (JSON Web Key Set) endpoint written in TypeScript.

Usage

You'll provide the client with the JWKS endpoint which exposes your signing keys. Using the verify you can if a JWT token.

import jwksClient from "jwt-jwks-client";
// or using require
const jwksClient = require('jwt-jwks-client');

const client = jwksClient({
  secure: true, // Default value
  jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json',
  rateLimit: 0; // Optional, num of request per min, 0 means no limit
  requestHeaders: {}, // Optional
  requestAgentOptions: {}, // Optional
  timeout: 30000, // Optional, default 30s
});

// throws error if token not valid
await client.verify(jwtToken);

Verify with options

await client.verify(jwtToken, verifyOptions);

interface VerifyOptions {
  iat?: boolean;
  kid?: boolean;
  subject?: string;
  issuer?: string;
  audience?: string | string[];
  header?: object;
  algorithm?: string;
  expiresIn?: string;
  notBefore?: string;
  jti?: string;
  now?: Date;
}

For details, see jose library

Using AgentOptions for TLS/SSL Configuration

The requestAgentOptions property can be used to configure SSL/TLS options. An example use case is providing a trusted private (i.e. enterprise/corporate) root certificate authority to establish TLS communication with the jwks_uri.

import jwksClient from "jwt-jwks-client";

const client = jwksClient({
  strictSsl: true, // Default value
  jwksUri: 'https://my-enterprise-id-provider/.well-known/jwks.json',
  requestHeaders: {}, // Optional
  requestAgentOptions: {
    ca: fs.readFileSync(caFile)
  }
});

For more information, see the NodeJS request library agentOptions documentation.

Showing Trace Logs

To show trace logs you can set the following environment variable:

DEBUG=jwks

JWT token sign

Check out my other JWT Auth library that supports not only regular JWT token generation, but also key rotation and key revocation.

License

FOSSA Status