JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes.
MIT License
Bot releases are hidden (Show)
JWE.decrypt
option algorithms
was removed and replaced with contentEncryptionAlgorithms (handles enc
allowlist) and keyManagementAlgorithms (handles alg
allowlist)JWT.verify
profile option was removed, use e.g. JWT.IdToken.verify
instead.maxAuthAge
JWT.verify
option, this option is now only present at the specific JWT profile APIs where theauth_time
property applies.nonce
JWT.verify
option, this option is now only present at the specific JWT profile APIs where thenonce
property applies.acr
, amr
, nonce
and azp
claim value types will only be checked when verifying a specific JWT profile using its dedicated API.process.emitWarning
JWT.sign
function options no longer accept a nonce
property. To create a JWT with a nonce
just pass the value to the payload.>=10.13.0 < 13 || >=13.7.0
JWK.importKey
was removedJWKS.KeyStore.fromJWKS
was removedencoding
and parse
were removed