Skip to content

A library to retrieve RSA public keys from a JWKS (JSON Web Key Set) endpoint.

License

Notifications You must be signed in to change notification settings

auth0/node-jwks-rsa

Repository files navigation

A library to retrieve signing keys from a JWKS (JSON Web Key Set) endpoint.

Release Codecov Downloads License CircleCI

📚 Documentation - 🚀 Getting Started - 💬 Feedback

Documentation

  • Examples - documentation of the options and code samples for common scenarios.
  • Docs Site - explore our Docs site and learn more about Auth0.

Getting Started

Installation

Using npm in your project directory run the following command:

npm install --save jwks-rsa

Supports all currently registered JWK types and JWS Algorithms, see panva/jose#262 for more information.

Configure the client

Provide a JWKS endpoint which exposes your signing keys.

const jwksClient = require('jwks-rsa');

const client = jwksClient({
  jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json',
  requestHeaders: {}, // Optional
  timeout: 30000 // Defaults to 30s
});

Retrieve a key

Then use getSigningKey to retrieve a signing key that matches a specific kid.

const kid = 'RkI5MjI5OUY5ODc1N0Q4QzM0OUYzNkVGMTJDOUEzQkFCOTU3NjE2Rg';
const key = await client.getSigningKey(kid);
const signingKey = key.getPublicKey();

Feedback

Contributing

We appreciate feedback and contribution to this repo! Before you get started, please see the following:

Raise an issue

To provide feedback or report a bug, please raise an issue on our issue tracker.

Vulnerability Reporting

Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

What is Auth0?

Auth0 Logo

Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?

This project is licensed under the MIT license. See the LICENSE file for more info.