import * as jose from "https://deno.land/x/jose@v4.15.1/index.ts";
Classes
The CompactEncrypt class is used to build and encrypt Compact JWE strings. | |
The CompactSign class is used to build and sign Compact JWS strings. | |
The EncryptJWT class is used to build and encrypt Compact JWE formatted JSON Web Tokens. | |
An error subclass thrown when a JOSE Algorithm is not allowed per developer preference. | |
A generic Error that all other JOSE specific Error subclasses extend. | |
An error subclass thrown when a particular feature or algorithm is not supported by this implementation or JOSE in general. | |
An error subclass thrown when a JWE ciphertext decryption fails. | |
An error subclass thrown when a JWE is invalid. | |
An error subclass thrown when a JWK is invalid. | |
An error subclass thrown when a JWKS is invalid. | |
An error subclass thrown when multiple keys match from a JWKS. | |
An error subclass thrown when no keys match from a JWKS. | |
Timeout was reached when retrieving the JWKS response. | |
An error subclass thrown when a JWS is invalid. | |
An error subclass thrown when JWS signature verification fails. | |
An error subclass thrown when a JWT Claim Set member validation fails. | |
An error subclass thrown when a JWT is expired. | |
An error subclass thrown when a JWT is invalid. | |
The FlattenedEncrypt class is used to build and encrypt Flattened JWE objects. | |
The FlattenedSign class is used to build and sign Flattened JWS objects. | |
The GeneralEncrypt class is used to build and encrypt General JWE objects. | |
The GeneralSign class is used to build and sign General JWS objects. | |
Generic class for JWT producing. | |
The SignJWT class is used to build and sign Compact JWS formatted JSON Web Tokens. | |
The UnsecuredJWT class is a utility for dealing with |
Functions
Calculates a base64url-encoded JSON Web Key (JWK) Thumbprint | |
Calculates a JSON Web Key (JWK) Thumbprint URI | |
Decrypts a Compact JWE. | |
Verifies the signature and format of and afterwards decodes the Compact JWS. | |
Returns a function that resolves to a key object from a locally stored, or otherwise available, JSON Web Key Set. | |
Returns a function that resolves to a key object downloaded from a remote endpoint returning a
JSON Web Key Set, that is, for example, an OAuth 2.0 or OIDC jwks_uri. The JSON Web Key Set is
fetched when no key matches the selection process but only as frequently as the
| |
Decodes a signed JSON Web Token payload. This does not validate the JWT Claims Set types or
values. This does not validate the JWS Signature. For a proper Signed JWT Claims Set validation
and JWS signature verification use | |
Decodes the Protected Header of a JWE/JWS/JWT token utilizing any JOSE serialization. | |
EmbeddedJWK is an implementation of a GetKeyFunction intended to be used with the JWS/JWT verify
operations whenever you need to opt-in to verify signatures with a public key embedded in the
token's "jwk" (JSON Web Key) Header Parameter. It is recommended to combine this with the verify
function's | |
Exports a runtime-specific key representation (KeyLike) to a JWK. | |
Exports a runtime-specific private key representation (KeyObject or CryptoKey) to a PEM-encoded PKCS8 string format. | |
Exports a runtime-specific public key representation (KeyObject or CryptoKey) to a PEM-encoded SPKI string format. | |
Decrypts a Flattened JWE. | |
Verifies the signature and format of and afterwards decodes the Flattened JWS. | |
Decrypts a General JWE. | |
Verifies the signature and format of and afterwards decodes the General JWS. | |
Generates a private and a public key for a given JWA algorithm identifier. This can only generate
asymmetric key pairs. For symmetric secrets use the | |
Generates a symmetric secret key for a given JWA algorithm identifier. | |
Imports a JWK to a runtime-specific key representation (KeyLike). Either JWK "alg" (Algorithm)
Parameter must be present or the optional "alg" argument. When running on a runtime using
Web Cryptography API the jwk parameters "use",
"key_ops", and "ext" are also used in the resulting | |
Imports a PEM-encoded PKCS#8 string as a runtime-specific private key representation (KeyObject or CryptoKey). | |
Imports a PEM-encoded SPKI string as a runtime-specific public key representation (KeyObject or CryptoKey). | |
Imports the SPKI from an X.509 string certificate as a runtime-specific public key representation (KeyObject or CryptoKey). | |
Verifies the JWT format (to be a JWE Compact format), decrypts the ciphertext, validates the JWT Claims Set. | |
Verifies the JWT format (to be a JWS Compact format), verifies the JWS signature, validates the JWT Claims Set. |
Interfaces
Interface for Compact JWE Decryption dynamic key resolution. No token components have been verified at the time of this function call. | |
Recognized Compact JWE Header Parameters, any other Header Members may also be present. | |
Recognized Compact JWS Header Parameters, any other Header Members may also be present. | |
Interface for Compact JWS Verification dynamic key resolution. No token components have been verified at the time of this function call. | |
Shared Interface with a "crit" property for all sign, verify, encrypt and decrypt operations. | |
JWE Decryption options. | |
Deflate Raw implementation, e.g. promisified zlib.deflateRaw. | |
JWE Deflate option. | |
JWE Encryption options. | |
Interface for Flattened JWE Decryption dynamic key resolution. No token components have been verified at the time of this function call. | |
Flattened JWE definition. | |
Flattened JWS definition. Payload is returned as an empty string when JWS Unencoded Payload (RFC7797) is used. | |
Flattened JWS definition for verify function inputs, allows payload as Uint8Array for detached signature validation. | |
Interface for Flattened JWS Verification dynamic key resolution. No token components have been verified at the time of this function call. | |
Interface for General JWE Decryption dynamic key resolution. No token components have been verified at the time of this function call. | |
General JWS definition. Payload is returned as an empty string when JWS Unencoded Payload (RFC7797) is used. | |
General JWS definition for verify function inputs, allows payload as Uint8Array for detached signature validation. | |
Interface for General JWS Verification dynamic key resolution. No token components have been verified at the time of this function call. | |
Inflate Raw implementation, e.g. promisified zlib.inflateRaw. | |
JSON Web Key Set | |
Recognized JWE Header Parameters, any other Header members may also be present. | |
Recognized JWE Key Management-related Header Parameters. | |
I JWK | JSON Web Key (JWK). "RSA", "EC", "OKP", and "oct" key types are supported. |
Recognized JWS Header Parameters, any other Header Members may also be present. | |
JWT Claims Set verification options. | |
Interface for JWT Decryption dynamic key resolution. No token components have been verified at the time of this function call. | |
Combination of JWE Decryption options and JWT Claims Set verification options. | |
Recognized Signed JWT Header Parameters, any other Header Members may also be present. | |
Recognized JWT Claims Set members, any other members may also be present. | |
Interface for JWT Verification dynamic key resolution. No token components have been verified at the time of this function call. | |
Combination of JWS Verification options and JWT Claims Set verification options. | |
Options for the remote JSON Web Key Set. | |
JWS Signing options. | |
JWS Verification options. |
Type Aliases
KeyLike are runtime-specific classes representing asymmetric keys or symmetric secrets. These are instances of CryptoKey and additionally KeyObject in Node.js runtime. Uint8Array instances are also accepted as symmetric secret representation only. | |