10 KiB
Class: EncryptJWT
jwt/encrypt.EncryptJWT
The EncryptJWT class is a utility for creating Compact JWE formatted JWT strings.
example ESM import
import { EncryptJWT } from 'jose/jwt/encrypt'
example CJS import
const { EncryptJWT } = require('jose/jwt/encrypt')
example Usage
const jwt = await new EncryptJWT({ 'urn:example:claim': true })
.setProtectedHeader({ alg: 'dir', enc: 'A256GCM' })
.setIssuedAt()
.setIssuer('urn:example:issuer')
.setAudience('urn:example:audience')
.setExpirationTime('2h')
.encrypt(secretKey)
console.log(jwt)
Hierarchy
-
ProduceJWT↳
EncryptJWT
Table of contents
Constructors
Methods
- encrypt
- replicateAudienceAsHeader
- replicateIssuerAsHeader
- replicateSubjectAsHeader
- setAudience
- setContentEncryptionKey
- setExpirationTime
- setInitializationVector
- setIssuedAt
- setIssuer
- setJti
- setKeyManagementParameters
- setNotBefore
- setProtectedHeader
- setSubject
Constructors
constructor
• new EncryptJWT(payload)
Parameters
| Name | Type | Description |
|---|---|---|
payload |
JWTPayload |
The JWT Claims Set object. |
Inherited from
ProduceJWT.constructor
Defined in
Methods
encrypt
▸ encrypt(key, options?): Promise<string>
Encrypts and returns the JWT.
Parameters
| Name | Type | Description |
|---|---|---|
key |
KeyLike |
Public Key or Secret to encrypt the JWT with. |
options? |
EncryptOptions |
JWE Encryption options. |
Returns
Promise<string>
Defined in
replicateAudienceAsHeader
▸ replicateAudienceAsHeader(): EncryptJWT
Replicates the "aud" (Audience) Claim as a JWE Protected Header Parameter as per RFC7519#section-5.3.
Returns
Defined in
replicateIssuerAsHeader
▸ replicateIssuerAsHeader(): EncryptJWT
Replicates the "iss" (Issuer) Claim as a JWE Protected Header Parameter as per RFC7519#section-5.3.
Returns
Defined in
replicateSubjectAsHeader
▸ replicateSubjectAsHeader(): EncryptJWT
Replicates the "sub" (Subject) Claim as a JWE Protected Header Parameter as per RFC7519#section-5.3.
Returns
Defined in
setAudience
▸ setAudience(audience): EncryptJWT
Set "aud" (Audience) Claim.
Parameters
| Name | Type | Description |
|---|---|---|
audience |
string | string[] |
"aud" (Audience) Claim value to set on the JWT Claims Set. |
Returns
Inherited from
ProduceJWT.setAudience
Defined in
setContentEncryptionKey
▸ setContentEncryptionKey(cek): EncryptJWT
Sets a content encryption key to use, by default a random suitable one is generated for the JWE enc" (Encryption Algorithm) Header Parameter. You do not need to invoke this method, it is only really intended for test and vector validation purposes.
Parameters
| Name | Type | Description |
|---|---|---|
cek |
Uint8Array |
JWE Content Encryption Key. |
Returns
Defined in
setExpirationTime
▸ setExpirationTime(input): EncryptJWT
Set "exp" (Expiration Time) Claim.
Parameters
| Name | Type | Description |
|---|---|---|
input |
string | number |
"exp" (Expiration Time) Claim value to set on the JWT Claims Set. When number is passed that is used as a value, when string is passed it is resolved to a time span and added to the current timestamp. |
Returns
Inherited from
ProduceJWT.setExpirationTime
Defined in
setInitializationVector
▸ setInitializationVector(iv): EncryptJWT
Sets the JWE Initialization Vector to use for content encryption, by default a random suitable one is generated for the JWE enc" (Encryption Algorithm) Header Parameter. You do not need to invoke this method, it is only really intended for test and vector validation purposes.
Parameters
| Name | Type | Description |
|---|---|---|
iv |
Uint8Array |
JWE Initialization Vector. |
Returns
Defined in
setIssuedAt
▸ setIssuedAt(input?): EncryptJWT
Set "iat" (Issued At) Claim.
Parameters
| Name | Type | Description |
|---|---|---|
input? |
number |
"iat" (Issued At) Claim value to set on the JWT Claims Set. Default is current timestamp. |
Returns
Inherited from
ProduceJWT.setIssuedAt
Defined in
setIssuer
▸ setIssuer(issuer): EncryptJWT
Set "iss" (Issuer) Claim.
Parameters
| Name | Type | Description |
|---|---|---|
issuer |
string |
"Issuer" Claim value to set on the JWT Claims Set. |
Returns
Inherited from
ProduceJWT.setIssuer
Defined in
setJti
▸ setJti(jwtId): EncryptJWT
Set "jti" (JWT ID) Claim.
Parameters
| Name | Type | Description |
|---|---|---|
jwtId |
string |
"jti" (JWT ID) Claim value to set on the JWT Claims Set. |
Returns
Inherited from
ProduceJWT.setJti
Defined in
setKeyManagementParameters
▸ setKeyManagementParameters(parameters): EncryptJWT
Sets the JWE Key Management parameters to be used when encrypting. Use of this is method is really only needed for ECDH-ES based algorithms when utilizing the Agreement PartyUInfo or Agreement PartyVInfo parameters. Other parameters will always be randomly generated when needed and missing.
Parameters
| Name | Type | Description |
|---|---|---|
parameters |
JWEKeyManagementHeaderParameters |
JWE Key Management parameters. |
Returns
Defined in
setNotBefore
▸ setNotBefore(input): EncryptJWT
Set "nbf" (Not Before) Claim.
Parameters
| Name | Type | Description |
|---|---|---|
input |
string | number |
"nbf" (Not Before) Claim value to set on the JWT Claims Set. When number is passed that is used as a value, when string is passed it is resolved to a time span and added to the current timestamp. |
Returns
Inherited from
ProduceJWT.setNotBefore
Defined in
setProtectedHeader
▸ setProtectedHeader(protectedHeader): EncryptJWT
Sets the JWE Protected Header on the EncryptJWT object.
Parameters
| Name | Type | Description |
|---|---|---|
protectedHeader |
JWEHeaderParameters |
JWE Protected Header. Must contain an "alg" (JWE Algorithm) and "enc" (JWE Encryption Algorithm) properties. |
Returns
Defined in
setSubject
▸ setSubject(subject): EncryptJWT
Set "sub" (Subject) Claim.
Parameters
| Name | Type | Description |
|---|---|---|
subject |
string |
"sub" (Subject) Claim value to set on the JWT Claims Set. |
Returns
Inherited from
ProduceJWT.setSubject