dan/jose
1
0
Fork 0
mirror of https://github.com/danbulant/jose synced 2026-05-21 13:28:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
440 commits 10 branches 160 tags 9.9 MiB
Commit graph

202 commits

Author SHA1 Message Date
Filip Skokan
812e03fcf4 fix: defer AES CBC w/ HMAC decryption after tag verification passes 2021-04-09 22:10:10 +02:00
Filip Skokan
b8b668ebbd lint: fix lint 2021-01-18 13:56:01 +01:00
Filip Skokan
d5af559a94 perf: improve base64url encoding when available in Node.js 2021-01-18 13:43:56 +01:00
Filip Skokan
921737fa83 style: upgrade standard 2020-10-29 20:43:19 +01:00
Filip Skokan
6c3b92f439 fix: allow stubbing of the JWT.decode function 2020-10-29 20:26:09 +01:00
Filip Skokan
97d46fb7c9 refactor: change JWT.decode error message for encrypted JWTs 2020-09-08 14:12:04 +02:00
Filip Skokan
30e5c46ecf feat: decrypt allowlists for both key management and content encryption 
BREAKING CHANGE: the `JWE.decrypt` option `algorithms` was removed and
replaced with contentEncryptionAlgorithms (handles `enc` allowlist) and
keyManagementAlgorithms (handles `alg` allowlist)
 2020-09-08 14:12:04 +02:00
Filip Skokan
fd69d7f509 refactor: move JWT profile specifics outside of generic JWT 
BREAKING CHANGE: the `JWT.verify` profile option was removed, use e.g.
`JWT.IdToken.verify` instead.

BREAKING CHANGE: removed the `maxAuthAge` `JWT.verify` option, this
option is now only present at the specific JWT profile APIs where the
`auth_time` property applies.

BREAKING CHANGE: removed the `nonce` `JWT.verify` option, this
option is now only present at the specific JWT profile APIs where the
`nonce` property applies.

BREAKING CHANGE: the `acr`, `amr`, `nonce` and `azp` claim value types
will only be checked when verifying a specific JWT profile using its
dedicated API.

BREAKING CHANGE: using the draft implementing APIs will emit a one-time
warning per process using `process.emitWarning`
 2020-09-08 14:12:04 +02:00
Filip Skokan
c4267cc655 refactor: removed nonce option from JWT.sign 
BREAKING CHANGE: `JWT.sign` function options no longer accept a `nonce`
property. To create a JWT with a `nonce` just pass the value to the
payload.
 2020-09-08 14:12:04 +02:00
Filip Skokan
1aa9035552 feat: added support for ESM (ECMAScript modules) 
BREAKING CHANGE: due to added ESM module support Node.js version with
ESM implementation bugs are no longer supported, this only affects early
v13.x versions. The resulting Node.js semver range is
`>=10.13.0 < 13 || >=13.7.0`
 2020-09-08 14:12:04 +02:00
Filip Skokan
6c35c519c9 refactor: removed deprecated methods and utilities 
BREAKING CHANGE: deprecated method `JWK.importKey` was removed
BREAKING CHANGE: deprecated method `JWKS.KeyStore.fromJWKS` was removed
BREAKING CHANGE: the use of unregistered curve name P-256K for secp256k1
was removed
 2020-09-08 14:12:04 +02:00
Filip Skokan
70bd4ae6b2 refactor: encrypt APIs unprotectedHeader and aad arguments swapped 
BREAKING CHANGE: jose.JWE.Encrypt constructor aad and unprotectedHeader
arguments swapped places
BREAKING CHANGE: jose.JWE.encrypt.flattened header (unprotectedHeader)
and aad arguments swapped places
BREAKING CHANGE: jose.JWE.encrypt.general header (unprotectedHeader)
and aad arguments swapped places
 2020-09-08 14:12:04 +02:00
Filip Skokan
ba5c897919 refactor: removed payload parsing from JWS.verify 
BREAKING CHANGE: JWS.verify returned payloads are now always buffers
BREAKING CHANGE: JWS.verify options `encoding` and `parse` were removed
 2020-09-08 14:12:04 +02:00
Filip Skokan
67c1a5de77 docs: update decode docs to be less likely to be discovered instead of verify 2020-09-03 16:05:24 +02:00
Filip Skokan
eb482a8ab8 style: lib/jwe/encrypt.js 2020-08-10 18:35:02 +02:00
Filip Skokan
e0a2d57926 refactor: sign.js PROCESS_RECIPIENT 2020-08-10 18:35:02 +02:00
sboys3
ce6836af88
feat: support for validating issuer from a list of values (#91) 
Co-authored-by: Filip Skokan <panva.ip@gmail.com>
 2020-08-10 18:34:51 +02:00
Filip Skokan
d56ec9f5dd fix: ensure "b64" is the same for all recipients edge cases 2020-08-04 14:37:52 +02:00
Filip Skokan
169542363f fix: do not mutate unencoded payload when signing for multiple parties 
resolves #89
 2020-08-04 14:36:52 +02:00
Filip Skokan
e8ad38993e
fix: handle private EC keys without public component (#86) 
Only possible to handle when KeyObject API is available in the runtime.

closes #85
 2020-07-01 13:13:34 +02:00
Filip Skokan
7ba492237a fix: allow any JSON numeric value for timestamp values 
> NumericDate
>    A JSON numeric value representing the number of seconds from
>    1970-01-01T00:00:00Z UTC until the specified UTC date/time,
>    ignoring leap seconds.  This is equivalent to the IEEE Std 1003.1,
>    2013 Edition [POSIX.1] definition "Seconds Since the Epoch", in
>    which each day is accounted for by exactly 86400 seconds, other
>    than that non-integer values can be represented.  See RFC 3339
>    [RFC3339] for details regarding date/times in general and UTC in
>    particular.
 2020-06-01 14:58:25 +02:00
Filip Skokan
7c1cab196e feat: add opt-in objects to verify using embedded JWS Header public keys 2020-05-04 22:37:11 +02:00
Filip Skokan
06915861b3 fix: "typ" content-type validation, case insensitive and handled prefix 2020-04-27 20:48:35 +02:00
Filip Skokan
8c0a8a950e feat: update JWT Profile for OAuth 2.0 Access Tokens to latest draft 
BREAKING CHANGE: `at+JWT` JWT draft profile - in the draft's Section 2.2
the claims `iat` and `jti` are now REQUIRED (was RECOMMENDED).
 2020-04-16 12:09:08 +02:00
Filip Skokan
530709d15c refactor: aes_kw 2020-04-15 09:27:18 +02:00
Filip Skokan
dcf8d75a8a fix: use native openssl AES Key Wrap 🤦 2020-04-15 09:21:50 +02:00
Filip Skokan
447f2bee01 refactor: clear check for supported curves 2020-04-08 08:51:13 +02:00
Filip Skokan
27b77b9edc refactor: get rid of multiple asn1 OID mappings 2020-04-07 20:10:55 +02:00
Filip Skokan
bc77a15fab feat: update JWT Profile for OAuth 2.0 Access Tokens to latest draft 2020-03-11 15:29:56 +01:00
Filip Skokan
f86bda3bb7 fix: allow importing simpler passphrases as oct keys 2020-03-05 20:36:15 +01:00
Filip Skokan
fc08426466 feat: add JWT.verify "typ" option for checking JWT Type Header parameter 2020-02-24 09:12:27 +01:00
Kyle Den Hartog
419d09b4d5
refactor: use consistent BigInt(n) syntax 2020-02-24 08:57:35 +01:00
Filip Skokan
9e7444b7d2 refactor: removed asn1.js in favor of slimmer @panva/asn1.js 
resolves #61
 2020-02-18 16:12:10 +01:00
Filip Skokan
f7e463d0dd improvement: private / public key input support improved in node 10 2020-02-14 21:17:19 +01:00
Filip Skokan
38369ea3d7 feat: add ECDH-ES with X25519 and X448 OKP keys 2020-02-13 16:26:09 +01:00
Filip Skokan
594c3e4e43 improvement: dsaEncoding is now available in lts/erbium 2020-02-13 15:31:28 +01:00
Filip Skokan
7477f0831b feat: add RSA-OAEP-384 and RSA-OAEP-512 JWE Key Management Algorithms 
These are registered for JOSE by W3C Web Cryptography Working Group in
[Web Cryptography API](https://www.w3.org/TR/WebCryptoAPI/)
 2020-02-13 15:24:37 +01:00
Filip Skokan
3e3d7dd381 perf: various codepaths refactored 2020-02-06 14:18:48 +01:00
Filip Skokan
eae01b57ab fix: actually remove the base64url proper encoding check 
This should've landed with 470b4c7
 2020-02-03 14:07:28 +01:00
Filip Skokan
dec5d233e1 refactor: simplify lib/jwa/ecdsa.js 2020-01-30 16:16:42 +01:00
Filip Skokan
2fb1d8ed85 style: remove unused requires 2020-01-29 20:38:03 +01:00
Filip Skokan
470b4c7315 perf: base64url decode, JWT.verify, JWK.Key instance re-use 
I'm done trying to educate other JOSE producers about interoperability
so i'm going to be accepting their non-conform base64url so that users
of this module don't suffer performance loss.
 2020-01-29 20:33:30 +01:00
Filip Skokan
93068a63c8 refactor: improve performance when decoding base64url values 
When creating a Buffer from a string, this encoding will also correctly
accept "URL and Filename Safe Alphabet".
 2020-01-28 16:41:03 +01:00
Filip Skokan
ed1f78023e refactor: cleanup, code diet 2020-01-27 10:34:21 +01:00
Filip Skokan
a9f6f71350 feat: keystore filtering by JWK Key thumbprint 2020-01-26 19:31:55 +01:00
Filip Skokan
70ff22227a fix: contactKDF iteration count fixed for key sizes larger than 256 bits 2020-01-25 16:43:53 +01:00
Filip Skokan
3a6d17fdd1 feat: add opt-in support for Unsecured JWS algorithm "none" 2020-01-23 18:38:00 +01:00
Filip Skokan
a0c0c7ad70
feat: add JWTExpired error and JWTClaimInvalid claim and reason props 
Resolves #62
 2020-01-16 08:49:37 +01:00
Filip Skokan
b1864e319d feat: exposed shorthands for JWT verification profiles 2020-01-12 16:40:51 +01:00
Filip Skokan
bc81e5dec2 fix: expose JOSENotSupported key import errors on unsupported runtimes 2020-01-08 13:17:45 +01:00