Skip to content

Latest commit

 

History

History
399 lines (244 loc) · 11.1 KB

jwt_encrypt.EncryptJWT.md

File metadata and controls

399 lines (244 loc) · 11.1 KB
Raw

Class: EncryptJWT

💗 Help the project

Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by becoming a sponsor.

The EncryptJWT class is used to build and encrypt Compact JWE formatted JSON Web Tokens.

Example

const secret = jose.base64url.decode('zH4NRP1HMALxxCFnRZABFA7GOJtzU_gIj02alfL1lvI')
const jwt = await new jose.EncryptJWT({ 'urn:example:claim': true })
  .setProtectedHeader({ alg: 'dir', enc: 'A128CBC-HS256' })
  .setIssuedAt()
  .setIssuer('urn:example:issuer')
  .setAudience('urn:example:audience')
  .setExpirationTime('2h')
  .encrypt(secret)

console.log(jwt)

Table of contents

Constructors

Methods

Constructors

constructor

new EncryptJWT(payload?): EncryptJWT

Parameters

Name Type Description
payload JWTPayload The JWT Claims Set object. Defaults to an empty object.

Returns

EncryptJWT

Methods

encrypt

encrypt(key, options?): Promise<string>

Encrypts and returns the JWT.

Parameters

Name Type Description
key Uint8Array | KeyLike Public Key or Secret to encrypt the JWT with. See Algorithm Key Requirements.
options? EncryptOptions JWE Encryption options.

Returns

Promise<string>

replicateAudienceAsHeader

replicateAudienceAsHeader(): this

Replicates the "aud" (Audience) Claim as a JWE Protected Header Parameter.

Returns

this

See

RFC7519#section-5.3

replicateIssuerAsHeader

replicateIssuerAsHeader(): this

Replicates the "iss" (Issuer) Claim as a JWE Protected Header Parameter.

Returns

this

See

RFC7519#section-5.3

replicateSubjectAsHeader

replicateSubjectAsHeader(): this

Replicates the "sub" (Subject) Claim as a JWE Protected Header Parameter.

Returns

this

See

RFC7519#section-5.3

setAudience

setAudience(audience): this

Set the "aud" (Audience) Claim.

Parameters

Name Type Description
audience string | string[] "aud" (Audience) Claim value to set on the JWT Claims Set.

Returns

this

setContentEncryptionKey

setContentEncryptionKey(cek): this

Sets a content encryption key to use, by default a random suitable one is generated for the JWE enc" (Encryption Algorithm) Header Parameter.

Parameters

Name Type Description
cek Uint8Array JWE Content Encryption Key.

Returns

this

Deprecated

You should not use this method. It is only really intended for test and vector validation purposes.

setExpirationTime

setExpirationTime(input): this

Set the "exp" (Expiration Time) Claim.

  • If a number is passed as an argument it is used as the claim directly.
  • If a Date instance is passed as an argument it is converted to unix timestamp and used as the claim.
  • If a string is passed as an argument it is resolved to a time span, and then added to the current unix timestamp and used as the claim.

Format used for time span should be a number followed by a unit, such as "5 minutes" or "1 day".

Valid units are: "sec", "secs", "second", "seconds", "s", "minute", "minutes", "min", "mins", "m", "hour", "hours", "hr", "hrs", "h", "day", "days", "d", "week", "weeks", "w", "year", "years", "yr", "yrs", and "y". It is not possible to specify months. 365.25 days is used as an alias for a year.

If the string is suffixed with "ago", or prefixed with a "-", the resulting time span gets subtracted from the current unix timestamp. A "from now" suffix can also be used for readability when adding to the current unix timestamp.

Parameters

Name Type Description
input string | number | Date "exp" (Expiration Time) Claim value to set on the JWT Claims Set.

Returns

this

setInitializationVector

setInitializationVector(iv): this

Sets the JWE Initialization Vector to use for content encryption, by default a random suitable one is generated for the JWE enc" (Encryption Algorithm) Header Parameter.

Parameters

Name Type Description
iv Uint8Array JWE Initialization Vector.

Returns

this

Deprecated

You should not use this method. It is only really intended for test and vector validation purposes.

setIssuedAt

setIssuedAt(input?): this

Set the "iat" (Issued At) Claim.

  • If no argument is used the current unix timestamp is used as the claim.
  • If a number is passed as an argument it is used as the claim directly.
  • If a Date instance is passed as an argument it is converted to unix timestamp and used as the claim.
  • If a string is passed as an argument it is resolved to a time span, and then added to the current unix timestamp and used as the claim.

Format used for time span should be a number followed by a unit, such as "5 minutes" or "1 day".

Valid units are: "sec", "secs", "second", "seconds", "s", "minute", "minutes", "min", "mins", "m", "hour", "hours", "hr", "hrs", "h", "day", "days", "d", "week", "weeks", "w", "year", "years", "yr", "yrs", and "y". It is not possible to specify months. 365.25 days is used as an alias for a year.

If the string is suffixed with "ago", or prefixed with a "-", the resulting time span gets subtracted from the current unix timestamp. A "from now" suffix can also be used for readability when adding to the current unix timestamp.

Parameters

Name Type Description
input? string | number | Date "iat" (Expiration Time) Claim value to set on the JWT Claims Set.

Returns

this

setIssuer

setIssuer(issuer): this

Set the "iss" (Issuer) Claim.

Parameters

Name Type Description
issuer string "Issuer" Claim value to set on the JWT Claims Set.

Returns

this

setJti

setJti(jwtId): this

Set the "jti" (JWT ID) Claim.

Parameters

Name Type Description
jwtId string "jti" (JWT ID) Claim value to set on the JWT Claims Set.

Returns

this

setKeyManagementParameters

setKeyManagementParameters(parameters): this

Sets the JWE Key Management parameters to be used when encrypting. Use of this is method is really only needed for ECDH based algorithms when utilizing the Agreement PartyUInfo or Agreement PartyVInfo parameters. Other parameters will always be randomly generated when needed and missing.

Parameters

Name Type Description
parameters JWEKeyManagementHeaderParameters JWE Key Management parameters.

Returns

this

setNotBefore

setNotBefore(input): this

Set the "nbf" (Not Before) Claim.

  • If a number is passed as an argument it is used as the claim directly.
  • If a Date instance is passed as an argument it is converted to unix timestamp and used as the claim.
  • If a string is passed as an argument it is resolved to a time span, and then added to the current unix timestamp and used as the claim.

Format used for time span should be a number followed by a unit, such as "5 minutes" or "1 day".

Valid units are: "sec", "secs", "second", "seconds", "s", "minute", "minutes", "min", "mins", "m", "hour", "hours", "hr", "hrs", "h", "day", "days", "d", "week", "weeks", "w", "year", "years", "yr", "yrs", and "y". It is not possible to specify months. 365.25 days is used as an alias for a year.

If the string is suffixed with "ago", or prefixed with a "-", the resulting time span gets subtracted from the current unix timestamp. A "from now" suffix can also be used for readability when adding to the current unix timestamp.

Parameters

Name Type Description
input string | number | Date "nbf" (Not Before) Claim value to set on the JWT Claims Set.

Returns

this

setProtectedHeader

setProtectedHeader(protectedHeader): this

Sets the JWE Protected Header on the EncryptJWT object.

Parameters

Name Type Description
protectedHeader CompactJWEHeaderParameters JWE Protected Header. Must contain an "alg" (JWE Algorithm) and "enc" (JWE Encryption Algorithm) properties.

Returns

this

setSubject

setSubject(subject): this

Set the "sub" (Subject) Claim.

Parameters

Name Type Description
subject string "sub" (Subject) Claim value to set on the JWT Claims Set.

Returns

this