Skip to main content
The Deno 2 Release Candidate is here
Learn more
Module

x/oauth4webapi/src/index.ts>jweDecrypt

Low-Level OAuth 2 / OpenID Connect Client API for JavaScript Runtimes
panva/oauth4webapi
Latest
variable jweDecrypt
import { jweDecrypt } from "https://deno.land/x/oauth4webapi@v2.17.0/src/index.ts";

Use to add support for decrypting JWEs the client encounters, namely

  • Encrypted ID Tokens returned by the Token Endpoint
  • Encrypted ID Tokens returned as part of FAPI 1.0 Advanced Detached Signature authorization responses
  • Encrypted JWT UserInfo responses
  • Encrypted JWT Introspection responses
  • Encrypted JARM Responses

Examples

Decrypting JARM responses

import * as oauth from 'oauth4webapi'
import * as jose from 'jose'

// Prerequisites
let as!: oauth.AuthorizationServer
let key!: CryptoKey
let alg!: string
let enc!: string

const decoder = new TextDecoder()

const client: oauth.Client = {
  client_id: 'urn:example:client_id',
  async [oauth.jweDecrypt](jwe) {
    const { plaintext } = await compactDecrypt(jwe, key, {
      keyManagementAlgorithms: [alg],
      contentEncryptionAlgorithms: [enc],
    }).catch((cause) => {
      throw new oauth.OperationProcessingError('decryption failed', { cause })
    })

    return decoder.decode(plaintext)
  },
}

const params = await oauth.validateJwtAuthResponse(as, client, currentUrl)

type

unique symbol