JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes.
MIT License
Bot releases are visible (Hide)
example
Usage
import * as jose from "jose";
const firstRecipientKeyPair = await jose.generateKeyPair("RSA-OAEP-256");
const secondRecipientKeyPair = await jose.generateKeyPair("ECDH-ES+A256KW");
const thirdRecipientSecret = await jose.generateSecret("A256GCMKW");
const encoder = new TextEncoder();
const plaintext = encoder.encode(
"It’s a dangerous business, Frodo, going out your door."
);
const additionalAuthenticatedData = encoder.encode(
"The Fellowship of the Ring"
);
const enc = new jose.GeneralEncrypt(plaintext)
.setAdditionalAuthenticatedData(additionalAuthenticatedData)
.setProtectedHeader({ enc: "A256GCM" });
enc
.addRecipient(firstRecipientKeyPair.publicKey)
.setUnprotectedHeader({ alg: "RSA-OAEP-256" });
enc
.addRecipient(secondRecipientKeyPair.publicKey)
.setUnprotectedHeader({ alg: "ECDH-ES+A256KW" });
enc
.addRecipient(thirdRecipientSecret)
.setUnprotectedHeader({ alg: "A256GCMKW" });
const jwe = await enc.encrypt();
console.log(JSON.stringify(jwe, null, 4));
for (const recipientKey of [
firstRecipientKeyPair.privateKey,
secondRecipientKeyPair.privateKey,
thirdRecipientSecret,
]) {
await jose.generalDecrypt(jwe, recipientKey);
}
import { jwtVerify } from 'jose/jwt/verify'
is now just import { jwtVerify } from 'jose'
.jose/util/random
was removed.jose/jwk/thumbprint
named export is renamed to calculateJwkThumbprint
, now import { calculateJwkThumbprint } from 'jose'
jose/jwk/parse
module was removed, use import { importJWK } from 'jose'
instead.jose/jwk/from_key_like
module was removed, use import { exportJWK } from 'jose'
instead.Migrating from v3.x to v4.x is very straight forward.
import
statements, require()
, or import()
invocations should be changed to use just 'jose'
as the target.jose
dist files for jest, typescript, or other tooling should be removed// before (v3.x)
import { jwtVerify } from 'jose/jwt/verify'
import { SignJWT } from 'jose/jwt/sign'
import * as errors from 'jose/util/errors'
// after (v4.x)
import { jwtVerify, SignJWT, errors } from 'jose'