6.2 KiB
Interface: JWTDecryptOptions
jwt/decrypt.JWTDecryptOptions
Combination of JWE Decryption options and JWT Claims Set verification options.
Hierarchy
-
↳ JWTDecryptOptions
Table of contents
Properties
- audience
- clockTolerance
- contentEncryptionAlgorithms
- crit
- currentDate
- inflateRaw
- issuer
- keyManagementAlgorithms
- maxTokenAge
- subject
- typ
Properties
audience
• Optional audience: string | string[]
Expected JWT "aud" (Audience) Claim value(s).
Inherited from: JWTClaimVerificationOptions.audience
Defined in: types.d.ts:428
clockTolerance
• Optional clockTolerance: string | number
Expected clock tolerance
- in seconds when number (e.g. 5)
- parsed as seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours").
Inherited from: JWTClaimVerificationOptions.clockTolerance
Defined in: types.d.ts:435
contentEncryptionAlgorithms
• Optional contentEncryptionAlgorithms: string[]
A list of accepted JWE "enc" (Encryption Algorithm) Header Parameter values.
Inherited from: DecryptOptions.contentEncryptionAlgorithms
Defined in: types.d.ts:401
crit
• Optional crit: object
An object with keys representing recognized "crit" (Critical) Header Parameter
names. The value for those is either true or false. true when the
Header Parameter MUST be integrity protected, false when it's irrelevant.
This makes the "Extension Header Parameter "${parameter}" is not recognized" error go away.
Use this when a given JWS/JWT/JWE profile requires the use of proprietary non-registered "crit" (Critical) Header Parameters. This will only make sure the Header Parameter is syntactically correct when provided and that it is optionally integrity protected. It will not process the Header Parameter in any way or reject if the operation if it is missing. You MUST still verify the Header Parameter was present and process it according to the profile's validation steps after the operation succeeds.
The JWS extension Header Parameter b64 is always recognized and processed
properly. No other registered Header Parameters that need this kind of
default built-in treatment are currently available.
Type declaration:
Inherited from: DecryptOptions.crit
Defined in: types.d.ts:384
currentDate
• Optional currentDate: Date
Date to use when comparing NumericDate claims, defaults to new Date().
Inherited from: JWTClaimVerificationOptions.currentDate
Defined in: types.d.ts:462
inflateRaw
• Optional inflateRaw: InflateFunction
In a browser runtime you have to provide an implementation for Inflate Raw when you expect JWEs with compressed plaintext.
Inherited from: DecryptOptions.inflateRaw
Defined in: types.d.ts:407
issuer
• Optional issuer: string | string[]
Expected JWT "iss" (Issuer) Claim value(s).
Inherited from: JWTClaimVerificationOptions.issuer
Defined in: types.d.ts:440
keyManagementAlgorithms
• Optional keyManagementAlgorithms: string[]
A list of accepted JWE "alg" (Algorithm) Header Parameter values.
Inherited from: DecryptOptions.keyManagementAlgorithms
Defined in: types.d.ts:396
maxTokenAge
• Optional maxTokenAge: string | number
Maximum time elapsed (in seconds) from the JWT "iat" (Issued At) Claim value.
- in seconds when number (e.g. 5)
- parsed as seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours").
Inherited from: JWTClaimVerificationOptions.maxTokenAge
Defined in: types.d.ts:447
subject
• Optional subject: string
Expected JWT "sub" (Subject) Claim value.
Inherited from: JWTClaimVerificationOptions.subject
Defined in: types.d.ts:452
typ
• Optional typ: string
Expected JWT "typ" (Type) Header Parameter value.
Inherited from: JWTClaimVerificationOptions.typ
Defined in: types.d.ts:457