@shgysk8zer0/jwk-utils

Use JWK and JWTs using the Crypto API

• Code of Conduct
• Contributing

Installation

npm i @shgysk8zer0/jwk-utils

About

This library provides JWK and JWT support via the crypto API.

Supported Algorithms

• RS256
• RS384
• RS512
• ES256
• ES384
• ES512
• HS256
• HS384
• HS512
• PS256
• PS384
• PS512
• EdDSA

[!Note] EdDSA is currently experimental in Node.js and is only suported in Safari. See Browser Compatibility on MDN.

Not Supported

• ES256K

Example

import { generateJWK, createJWT, verifyJWT } from '@shgysk8zer0/jwt-jwk';

// Generate a JWK pair
const { publicKey, privateKey } = await generateJWK();

// JWTs use Unix timestamps - seconds, not ms.
const now = Math.floor(Date.now() / 1000);
// Create a JWT
const token = await createJWT({
  iss: 'Some issuer',
  sub: 'The Subject',
  iat: now,
  exp: now + 60,
  nbf: now,
  jti: crypto.randomUUID(),
  scope: 'api',
  entitlements: ['db:read'],
}, privateKey);

// Verify the JWT
const verifiedPayload = await verifyJWT(token, publicKey, { entitlements: ['db:read'] });

Limitations

Due to using JWKs and public/private keys, this currently does not support algorithms not suppported by crypto.subtle.

[!Note] Polyfills, especially for Unit8Array.fromBase64() & Uint8Array.prototype.toBase64() are required. They are provided by @shgysk8zer0/polyfills, which is imported in the main package (@shgysk8zer0/jwk-utils). However, for compatibility with client-side usage and to avoid conflicts, it is not imported by direct imports.