dan/jose
1
0
Fork 0
mirror of https://github.com/danbulant/jose synced 2026-05-25 04:51:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
427 commits 10 branches 160 tags 9.9 MiB
Commit graph

137 commits

Author SHA1 Message Date
Filip Skokan
97d46fb7c9 refactor: change JWT.decode error message for encrypted JWTs 2020-09-08 14:12:04 +02:00
Filip Skokan
30e5c46ecf feat: decrypt allowlists for both key management and content encryption 
BREAKING CHANGE: the `JWE.decrypt` option `algorithms` was removed and
replaced with contentEncryptionAlgorithms (handles `enc` allowlist) and
keyManagementAlgorithms (handles `alg` allowlist)
 2020-09-08 14:12:04 +02:00
Filip Skokan
fd69d7f509 refactor: move JWT profile specifics outside of generic JWT 
BREAKING CHANGE: the `JWT.verify` profile option was removed, use e.g.
`JWT.IdToken.verify` instead.

BREAKING CHANGE: removed the `maxAuthAge` `JWT.verify` option, this
option is now only present at the specific JWT profile APIs where the
`auth_time` property applies.

BREAKING CHANGE: removed the `nonce` `JWT.verify` option, this
option is now only present at the specific JWT profile APIs where the
`nonce` property applies.

BREAKING CHANGE: the `acr`, `amr`, `nonce` and `azp` claim value types
will only be checked when verifying a specific JWT profile using its
dedicated API.

BREAKING CHANGE: using the draft implementing APIs will emit a one-time
warning per process using `process.emitWarning`
 2020-09-08 14:12:04 +02:00
Filip Skokan
c4267cc655 refactor: removed nonce option from JWT.sign 
BREAKING CHANGE: `JWT.sign` function options no longer accept a `nonce`
property. To create a JWT with a `nonce` just pass the value to the
payload.
 2020-09-08 14:12:04 +02:00
Filip Skokan
6c35c519c9 refactor: removed deprecated methods and utilities 
BREAKING CHANGE: deprecated method `JWK.importKey` was removed
BREAKING CHANGE: deprecated method `JWKS.KeyStore.fromJWKS` was removed
BREAKING CHANGE: the use of unregistered curve name P-256K for secp256k1
was removed
 2020-09-08 14:12:04 +02:00
Filip Skokan
70bd4ae6b2 refactor: encrypt APIs unprotectedHeader and aad arguments swapped 
BREAKING CHANGE: jose.JWE.Encrypt constructor aad and unprotectedHeader
arguments swapped places
BREAKING CHANGE: jose.JWE.encrypt.flattened header (unprotectedHeader)
and aad arguments swapped places
BREAKING CHANGE: jose.JWE.encrypt.general header (unprotectedHeader)
and aad arguments swapped places
 2020-09-08 14:12:04 +02:00
Filip Skokan
ba5c897919 refactor: removed payload parsing from JWS.verify 
BREAKING CHANGE: JWS.verify returned payloads are now always buffers
BREAKING CHANGE: JWS.verify options `encoding` and `parse` were removed
 2020-09-08 14:12:04 +02:00
sboys3
ce6836af88
feat: support for validating issuer from a list of values (#91) 
Co-authored-by: Filip Skokan <panva.ip@gmail.com>
 2020-08-10 18:34:51 +02:00
Filip Skokan
d56ec9f5dd fix: ensure "b64" is the same for all recipients edge cases 2020-08-04 14:37:52 +02:00
Filip Skokan
169542363f fix: do not mutate unencoded payload when signing for multiple parties 
resolves #89
 2020-08-04 14:36:52 +02:00
Filip Skokan
e8ad38993e
fix: handle private EC keys without public component (#86) 
Only possible to handle when KeyObject API is available in the runtime.

closes #85
 2020-07-01 13:13:34 +02:00
Filip Skokan
7ba492237a fix: allow any JSON numeric value for timestamp values 
> NumericDate
>    A JSON numeric value representing the number of seconds from
>    1970-01-01T00:00:00Z UTC until the specified UTC date/time,
>    ignoring leap seconds.  This is equivalent to the IEEE Std 1003.1,
>    2013 Edition [POSIX.1] definition "Seconds Since the Epoch", in
>    which each day is accounted for by exactly 86400 seconds, other
>    than that non-integer values can be represented.  See RFC 3339
>    [RFC3339] for details regarding date/times in general and UTC in
>    particular.
 2020-06-01 14:58:25 +02:00
Filip Skokan
7c1cab196e feat: add opt-in objects to verify using embedded JWS Header public keys 2020-05-04 22:37:11 +02:00
Filip Skokan
06915861b3 fix: "typ" content-type validation, case insensitive and handled prefix 2020-04-27 20:48:35 +02:00
Filip Skokan
8c0a8a950e feat: update JWT Profile for OAuth 2.0 Access Tokens to latest draft 
BREAKING CHANGE: `at+JWT` JWT draft profile - in the draft's Section 2.2
the claims `iat` and `jti` are now REQUIRED (was RECOMMENDED).
 2020-04-16 12:09:08 +02:00
Filip Skokan
54d6582cb9 chore: fix vector test titles 2020-03-17 20:00:30 +01:00
Filip Skokan
a28c4469ce chore: fix decryption test titles 2020-03-17 19:58:59 +01:00
Filip Skokan
af31c079ad test: add RSA-OAEP-256 test vectors from the jose mailing list 2020-03-17 19:58:15 +01:00
Filip Skokan
bc77a15fab feat: update JWT Profile for OAuth 2.0 Access Tokens to latest draft 2020-03-11 15:29:56 +01:00
Filip Skokan
f86bda3bb7 fix: allow importing simpler passphrases as oct keys 2020-03-05 20:36:15 +01:00
Filip Skokan
a2d428e5e0 test: add ECDH-ES test vectors from rfc8037 2020-02-27 17:46:43 +01:00
Filip Skokan
fc08426466 feat: add JWT.verify "typ" option for checking JWT Type Header parameter 2020-02-24 09:12:27 +01:00
Filip Skokan
734a9dc2ab test: refactor jwe long running tests 2020-02-19 10:53:08 +01:00
Filip Skokan
f7e463d0dd improvement: private / public key input support improved in node 10 2020-02-14 21:17:19 +01:00
Filip Skokan
38369ea3d7 feat: add ECDH-ES with X25519 and X448 OKP keys 2020-02-13 16:26:09 +01:00
Filip Skokan
7477f0831b feat: add RSA-OAEP-384 and RSA-OAEP-512 JWE Key Management Algorithms 
These are registered for JOSE by W3C Web Cryptography Working Group in
[Web Cryptography API](https://www.w3.org/TR/WebCryptoAPI/)
 2020-02-13 15:24:37 +01:00
Filip Skokan
3e3d7dd381 perf: various codepaths refactored 2020-02-06 14:18:48 +01:00
Filip Skokan
2fb1d8ed85 style: remove unused requires 2020-01-29 20:38:03 +01:00
Filip Skokan
470b4c7315 perf: base64url decode, JWT.verify, JWK.Key instance re-use 
I'm done trying to educate other JOSE producers about interoperability
so i'm going to be accepting their non-conform base64url so that users
of this module don't suffer performance loss.
 2020-01-29 20:33:30 +01:00
Filip Skokan
a9f6f71350 feat: keystore filtering by JWK Key thumbprint 2020-01-26 19:31:55 +01:00
Filip Skokan
70ff22227a fix: contactKDF iteration count fixed for key sizes larger than 256 bits 2020-01-25 16:43:53 +01:00
Filip Skokan
e3ad39fea0 test: add test for rfc7518#appendix-C 2020-01-25 10:15:35 +01:00
Filip Skokan
3a6d17fdd1 feat: add opt-in support for Unsecured JWS algorithm "none" 2020-01-23 18:38:00 +01:00
Filip Skokan
a0c0c7ad70
feat: add JWTExpired error and JWTClaimInvalid claim and reason props 
Resolves #62
 2020-01-16 08:49:37 +01:00
Filip Skokan
b1864e319d feat: exposed shorthands for JWT verification profiles 2020-01-12 16:40:51 +01:00
Filip Skokan
bc81e5dec2 fix: expose JOSENotSupported key import errors on unsupported runtimes 2020-01-08 13:17:45 +01:00
Filip Skokan
828ad5a33d fix: force iat past check when maxTokenAge option is used + JWT refactor 2020-01-01 21:23:05 +01:00
Filip Skokan
7bb5c953a9 feat: add JWT validation profiles for Access Tokens and Logout Tokens 2019-12-31 14:20:52 +01:00
Filip Skokan
0ed5025de3 fix: skip validating iat is in the past when exp is present 
validating that iat is in the past is common sense but actually nowhere
defined, in most applications tokens will contain `exp` and for those
it seems requiring a few second leeway just to satisfy `iat` seems
inappropriate
 2019-12-17 20:40:23 +01:00
Filip Skokan
bee574457f fix: properly fail to import unsupported openssh keys 2019-12-10 17:06:34 +01:00
Filip Skokan
25a7a71915 feat: importing a certificate populates x5c and x5t thumbprints 
closes #59
 2019-12-10 14:58:54 +01:00
Filip Skokan
62bdee7b29 refactor: improve error message when JWE "enc" value is invalid 2019-12-06 16:09:49 +01:00
Filip Skokan
8976027c97 refactor: improve error message when key use mismatches the operation 2019-12-06 15:35:15 +01:00
Filip Skokan
daabedc776 fix: handle Unencoded Payload (b64:false) with arbitrary buffer payloads 
fixes #57
 2019-12-05 20:54:43 +01:00
Filip Skokan
a9f1d4b195 refactor: introduce various registries to prepare for extension modules 2019-12-03 18:54:37 +01:00
Filip Skokan
ce77388254 fix: default JWT.sign kid option value is false for HMAC signatures 2019-11-27 22:04:15 +01:00
Filip Skokan
5e1009a63e feat: allow JWK.asKey inputs for sign/verify/encrypt/decrypt operations 2019-11-27 22:04:14 +01:00
Filip Skokan
ea60338ca6 feat: allow JWKS.KeyStore .all and .get to filter for key curves 2019-11-26 16:01:49 +01:00
Filip Skokan
c3eb8450b9 feat: return the CEK from JWE.decrypt operation with { complete: true } 2019-11-23 12:06:15 +01:00
Filip Skokan
6bb66d4f0b feat: add JWS.verify encoding and parsing options 2019-11-05 20:09:34 +01:00