import { createLocalJWKSet } from "https://deno.land/x/jose@v4.13.0/jwks/local.ts";
Returns a function that resolves to a key object from a locally stored, or otherwise available, JSON Web Key Set.
It uses the "alg" (JWS Algorithm) Header Parameter to determine the right JWK "kty" (Key Type), then proceeds to match the JWK "kid" (Key ID) with one found in the JWS Header Parameters (if there is one) while also respecting the JWK "use" (Public Key Use) and JWK "key_ops" (Key Operations) Parameters (if they are present on the JWK).
Only a single public key must match the selection process. As shown in the example below when multiple keys get matched it is possible to opt-in to iterate over the matched keys and attempt verification in an iterative manner.
Examples
Usage
Usage
const JWKS = jose.createLocalJWKSet({
keys: [
{
kty: 'RSA',
e: 'AQAB',
n: '12oBZRhCiZFJLcPg59LkZZ9mdhSMTKAQZYq32k_ti5SBB6jerkh-WzOMAO664r_qyLkqHUSp3u5SbXtseZEpN3XPWGKSxjsy-1JyEFTdLSYe6f9gfrmxkUF_7DTpq0gn6rntP05g2-wFW50YO7mosfdslfrTJYWHFhJALabAeYirYD7-9kqq9ebfFMF4sRRELbv9oi36As6Q9B3Qb5_C1rAzqfao_PCsf9EPsTZsVVVkA5qoIAr47lo1ipfiBPxUCCNSdvkmDTYgvvRm6ZoMjFbvOtgyts55fXKdMWv7I9HMD5HwE9uW839PWA514qhbcIsXEYSFMPMV6fnlsiZvQQ',
alg: 'PS256',
},
{
crv: 'P-256',
kty: 'EC',
x: 'ySK38C1jBdLwDsNWKzzBHqKYEE5Cgv-qjWvorUXk9fw',
y: '_LeQBw07cf5t57Iavn4j-BqJsAD1dpoz8gokd3sBsOo',
alg: 'ES256',
},
],
})
const { payload, protectedHeader } = await jose.jwtVerify(jwt, JWKS, {
issuer: 'urn:example:issuer',
audience: 'urn:example:audience',
})
console.log(protectedHeader)
console.log(payload)
Opting-in to multiple JWKS matches using createLocalJWKSet
Opting-in to multiple JWKS matches using createLocalJWKSet
const options = {
issuer: 'urn:example:issuer',
audience: 'urn:example:audience',
}
const { payload, protectedHeader } = await jose
.jwtVerify(jwt, JWKS, options)
.catch(async (error) => {
if (error?.code === 'ERR_JWKS_MULTIPLE_MATCHING_KEYS') {
for await (const publicKey of error) {
try {
return await jose.jwtVerify(jwt, publicKey, options)
} catch (innerError) {
if (innerError?.code === 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED') {
continue
}
throw innerError
}
}
throw new jose.errors.JWSSignatureVerificationFailed()
}
throw error
})
console.log(protectedHeader)
console.log(payload)
Parameters
JSON Web Key Set formatted object.