-
Notifications
You must be signed in to change notification settings - Fork 16
/
jws.node.txt
46 lines (41 loc) · 3.56 KB
/
jws.node.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
JWS
JJWS #require("jws"). JWS, but without usual PAYLOAD|ENVLOP members (can be anything).
JJWS.ALGORITHMS #Don't support algo PS*. X-509 certificates not supported (look at package JWCRYPTO for one
#that does)
#Uses package JWA for the crypto.
JJWS.sign(OBJ) #Returns JWS.
#OBJ:
# - header ENVLOP: at least alg must be present
# - payload PAYLOAD_OBJ
# - secret PRIVATE_KEY
JJWS.verify
(JWS, PUBLIC|PRIVATE_KEY) #Returns BOOL
JJWS.decode(JWS) #Returns JJWS.sign() OBJ
JJWS.createSign(OBJ) #Like JJWS.sign() but PAYLOAD|PRIVATE_KEY can be ISTREAM.
#Returns ISTREAM2, where must listen to event handler done(JWS)
JJWS.createVerify(OBJ) #Like JJWS.verify() but:
# - OBJ.signature: JWS, can be ISTREAM
# - OBJ.secret: PUBLIC|PRIVATE_KEY, can be ISTREAM
#Returns ISTREAM2, where must listen to event handler done(BOOL, OBJ) (JJWS.sign() OBJ)
JSONWEBTOKEN #JWS, but with usual PAYLOAD|ENVLOP members, and issuer|audience|exp checks:
# - ENVLOP has default:
# - type: "JWT"
# - alg: "HS256"
# - PAYLOAD has default (unless it is not an OBJ):
# - iat: Date.now()
#Use JJWS
JSONWEBTOKEN.sign #Returns JWS.
(PAYLOAD, PRIVATEKEY[, OBJ]) #OBJ:
# - algorithm (alg)
# - expiresInMinutes DOUBLE: sets exp according to Date.now()
# - audience (aud)
# - subject (sub)
# - issuer (iss)
JSONWEBTOKEN.verify(JWS, #Checks:
PUBLIC|PRIVATE_KEY[, OBJ] # - if OBJ.audience STR, that STR == audience in JWS (ERROR "jwt audience invalid.expected:STR)
, FUNC(ERROR, PAYLOAD)) # - if OBJ.issuer STR, same for issuer (ERROR "jwt issuer invalid. expected: STR")
# - if PAYLOAD contained exp, that is not expired (ERROR "jwt expired")
#If problem, other ERROR.
JSONWEBTOKEN.decode(JWS) #Returns PAYLOAD (doesn't verify)