jose

JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes.

MIT License

Downloads
47.9M
Stars
4.9K
Committers
32
View Code on GitHub View on X
Ecosystems: Bun, Deno, Vercel, Next, Node.js, Cloudflare, Electron

Bot releases are hidden (Show)

jose -

Published by panva almost 4 years ago

Bug Fixes

  • workaround for RangeError in browser runtime base64url (ed32b0d)
jose -

Published by panva almost 4 years ago

Features

  • added JWE General JSON Serialization decryption (16dea9e)
jose -

Published by panva almost 4 years ago

Features

  • added JWS General JSON Serialization signing (6fb862c), closes #129
  • added JWS General JSON Serialization verification (55b7781), closes #129
  • added utility function for decoding token's protected header (fa29d68)
jose -

Published by panva almost 4 years ago

Bug Fixes

  • typescript: ref dom lib via triple-slash to fix some compile issues (175f273), closes #126
jose -

Published by panva almost 4 years ago

Bug Fixes

jose -

Published by panva almost 4 years ago

Features

  • support recognizing proprietary crit header parameters (5163116), closes #123

Bug Fixes

  • reject JWTs with b64: false (691b44a)
jose -

Published by panva almost 4 years ago

Features

  • allow specifying modulusLength when generating RSA Key Pairs (5f7a0e9), closes #121
jose -

Published by panva almost 4 years ago

Bug Fixes

  • typescript: refactored how types are published (2937363), closes #119
jose -

Published by panva almost 4 years ago

Bug Fixes

  • handle globalThis undefined in legacy browsers (b83c59b)
jose -

Published by panva almost 4 years ago

Bug Fixes

  • global detection in a browser worker runtime (56ff8fa)
jose -

Published by panva almost 4 years ago

Features

  • added "KeyLike to JWK" module (7a8418e), closes #109
  • allow compact verify/decrypt tokens to be uint8array encoded (e39c3db)
  • allow http.Agent and https.Agent passed in remote JWK Set (38494a8)
jose -

Published by panva almost 4 years ago

Bug Fixes

jose -

Published by panva almost 4 years ago

Bug Fixes

  • typescript: fix compiling by adding .d.ts files for runtime modules (d9cb573)
jose -

Published by panva almost 4 years ago

⚠ BREAKING CHANGES

  • Revised, Promise-based API
  • No dependencies
  • Browser support (using Web Cryptography API)
  • Support for verification using a remote JWKS endpoint
  • Experimental Node.js libuv thread pool based runtime (non-blocking 🎉)

Features

  • Revised API, No dependencies, Browser Support, Promises (357fe0b)
jose -

Published by panva almost 4 years ago

Bug Fixes

  • allow stubbing of the JWT.decode function (6c3b92f)
jose -

Published by panva about 4 years ago

Bug Fixes

  • esm: include esm files in the published package (1956746)
jose -

Published by panva about 4 years ago

Bug Fixes

  • allow plugins such as jose-chacha to work in newer node runtime (30f1dc2)
jose -

Published by panva about 4 years ago

⚠ BREAKING CHANGES

  • the JWE.decrypt option algorithms was removed and replaced with contentEncryptionAlgorithms (handles enc allowlist) and keyManagementAlgorithms (handles alg allowlist)
  • the JWT.verify profile option was removed, use e.g. JWT.IdToken.verify instead.
  • removed the maxAuthAge JWT.verify option, this option is now only present at the specific JWT profile APIs where the
    auth_time property applies.
  • removed the nonce JWT.verify option, this option is now only present at the specific JWT profile APIs where the
    nonce property applies.
  • the acr, amr, nonce and azp claim value types will only be checked when verifying a specific JWT profile using its dedicated API.
  • using the draft implementing APIs will emit a one-time warning per process using process.emitWarning
  • JWT.sign function options no longer accept a nonce property. To create a JWT with a nonce just pass the value to the payload.
  • due to added ESM module support Node.js version with ESM implementation bugs are no longer supported, this only affects early v13.x versions. The resulting Node.js semver range is
    >=10.13.0 < 13 || >=13.7.0
  • deprecated method JWK.importKey was removed
  • deprecated method JWKS.KeyStore.fromJWKS was removed
  • the use of unregistered curve name P-256K for secp256k1 was removed
  • jose.JWE.Encrypt constructor aad and unprotectedHeader arguments swapped places
  • jose.JWE.encrypt.flattened header (unprotectedHeader) and aad arguments swapped places
  • jose.JWE.encrypt.general header (unprotectedHeader) and aad arguments swapped places
  • JWS.verify returned payloads are now always buffers
  • JWS.verify options encoding and parse were removed

Features

  • added support for ESM (ECMAScript modules) (1aa9035)
  • decrypt allowlists for both key management and content encryption (30e5c46)

Bug Fixes

  • typescript: allow Buffer when verifying detached signature (cadbd04)
  • typescript: properly type all decode/verify/decrypt fn options (4c23bd6)

Refactor

  • encrypt APIs unprotectedHeader and aad arguments swapped (70bd4ae)
  • move JWT profile specifics outside of generic JWT (fd69d7f)
  • removed nonce option from JWT.sign (c4267cc)
  • removed deprecated methods and utilities (6c35c51)
  • removed payload parsing from JWS.verify (ba5c897)
jose -

Published by panva about 4 years ago

Features

  • support for validating issuer from a list of values (#91) (ce6836a)
jose -

Published by panva about 4 years ago

Bug Fixes

  • do not mutate unencoded payload when signing for multiple parties (1695423), closes #89
  • ensure "b64" is the same for all recipients edge cases (d56ec9f)
Package Rankings
Top 0.63% on Npmjs.org
Top 8.17% on Proxy.golang.org
Top 19.68% on Repo1.maven.org
Top 0.67% on Deno.land
Related Projects
oauth4webapi

OAuth 2 / OpenID Connect for JavaScript Runtimes

02 Mar 2022 509