jweDecrypt | /mod.ts | oauth4webapi@v3.1.2

Module

x/oauth4webapi/mod.ts>jweDecrypt

Low-Level OAuth 2 / OpenID Connect Client API for JavaScript Runtimes

panva/oauth4webapi

Latest

build conformance docs examples src tap

mod.ts (default module)

AuthorizationResponseError

OperationProcessingError

ResponseBodyError

UnsupportedOperationError

WWWAuthenticateChallengeError

AuthorizationDetails

AuthorizationServer

Client

ClientCredentialsGrantRequestOptions

ConfirmationClaims

CryptoKeyPair

DeviceAuthorizationRequestOptions

DeviceAuthorizationResponse

DiscoveryRequestOptions

DPoPHandle

DPoPRequestOptions

ExportedJWKSCache

GenerateKeyPairOptions

HttpRequestOptions

IDToken

IntrospectionRequestOptions

IntrospectionResponse

JWK

ModifyAssertionFunction

ModifyAssertionOptions

MTLSEndpointAliases

OAuth2Error

PrivateKey

ProcessAuthorizationCodeResponseOptions

ProtectedResourceRequestOptions

PushedAuthorizationRequestOptions

PushedAuthorizationResponse

RevocationRequestOptions

TokenEndpointRequestOptions

TokenEndpointResponse

UserInfoAddress

UserInfoRequestOptions

UserInfoResponse

ValidateJWTAccessTokenOptions

ValidateSignatureOptions

WWWAuthenticateChallenge

WWWAuthenticateChallengeParameters

ProtectedResourceRequestBody

allowInsecureRequests

AUTHORIZATION_RESPONSE_ERROR

HTTP_REQUEST_FORBIDDEN

INVALID_REQUEST

INVALID_RESPONSE

INVALID_SERVER_METADATA

JSON_ATTRIBUTE_COMPARISON

JWT_USERINFO_EXPECTED

KEY_SELECTION

MISSING_SERVER_METADATA

modifyAssertion

PARSE_ERROR

REQUEST_PROTOCOL_FORBIDDEN

RESPONSE_BODY_ERROR

RESPONSE_IS_NOT_CONFORM

UNSUPPORTED_OPERATION

WWW_AUTHENTICATE_CHALLENGE

authorizationCodeGrantRequest

calculatePKCECodeChallenge

clientCredentialsGrantRequest

ClientSecretBasic

ClientSecretJwt

ClientSecretPost

deviceAuthorizationRequest

deviceCodeGrantRequest

discoveryRequest

DPoP

generateKeyPair

generateRandomCodeVerifier

generateRandomNonce

generateRandomState

genericTokenEndpointRequest

getValidatedIdTokenClaims

processAuthorizationCodeResponse

processClientCredentialsResponse

processDeviceAuthorizationResponse

processDeviceCodeResponse

processDiscoveryResponse

processGenericTokenEndpointResponse

processIntrospectionResponse

processPushedAuthorizationResponse

processRefreshTokenResponse

processRevocationResponse

processUserInfoResponse

protectedResourceRequest

pushedAuthorizationRequest

refreshTokenGrantRequest

revocationRequest

TlsClientAuth

userInfoRequest

validateApplicationLevelSignature

validateAuthResponse

validateCodeIdTokenResponse

validateDetachedSignatureResponse

validateJwtAccessToken

validateJwtAuthResponse

ava.config.mjs

default

variable jweDecrypt

import { jweDecrypt } from "https://deno.land/x/oauth4webapi@v3.1.2/mod.ts";

Use to add support for decrypting JWEs the client encounters, namely

Encrypted ID Tokens returned by the Token Endpoint
Encrypted ID Tokens returned as part of FAPI 1.0 Advanced Detached Signature authorization responses
Encrypted JWT UserInfo responses
Encrypted JWT Introspection responses
Encrypted JARM Responses

Examples

Decrypting JARM responses

import * as jose from 'jose'

let as!: oauth.AuthorizationServer
let client!: oauth.Client
let key!: oauth.CryptoKey
let alg!: string
let enc!: string
let currentUrl!: URL
let state!: string | undefined

let decoder = new TextDecoder()
let jweDecrypt: oauth.JweDecryptFunction = async (jwe) => {
  const { plaintext } = await jose
    .compactDecrypt(jwe, key, {
      keyManagementAlgorithms: [alg],
      contentEncryptionAlgorithms: [enc],
    })
    .catch((cause: unknown) => {
      throw new oauth.OperationProcessingError('decryption failed', { cause })
    })

  return decoder.decode(plaintext)
}

let params = await oauth.validateJwtAuthResponse(as, client, currentUrl, state, {
  [oauth.jweDecrypt]: jweDecrypt,
})

type

unique symbol