idtoken-verifier

WebJar for idtoken-verifier

License

License

MIT
GroupId

GroupId

org.webjars.npm
ArtifactId

ArtifactId

idtoken-verifier
Last Version

Last Version

2.1.0
Release Date

Release Date

Type

Type

jar
Description

Description

idtoken-verifier
WebJar for idtoken-verifier
Project URL

Project URL

https://www.webjars.org
Source Code Management

Source Code Management

https://github.com/auth0/idtoken-verifier

Download idtoken-verifier

How to add to project

<!-- https://jarcasting.com/artifacts/org.webjars.npm/idtoken-verifier/ -->
<dependency>
    <groupId>org.webjars.npm</groupId>
    <artifactId>idtoken-verifier</artifactId>
    <version>2.1.0</version>
</dependency>
// https://jarcasting.com/artifacts/org.webjars.npm/idtoken-verifier/
implementation 'org.webjars.npm:idtoken-verifier:2.1.0'
// https://jarcasting.com/artifacts/org.webjars.npm/idtoken-verifier/
implementation ("org.webjars.npm:idtoken-verifier:2.1.0")
'org.webjars.npm:idtoken-verifier:jar:2.1.0'
<dependency org="org.webjars.npm" name="idtoken-verifier" rev="2.1.0">
  <artifact name="idtoken-verifier" type="jar" />
</dependency>
@Grapes(
@Grab(group='org.webjars.npm', module='idtoken-verifier', version='2.1.0')
)
libraryDependencies += "org.webjars.npm" % "idtoken-verifier" % "2.1.0"
[org.webjars.npm/idtoken-verifier "2.1.0"]

Dependencies

compile (6)

Group / Artifact Type Version
org.webjars.npm : url-join jar [4.0.1,5)
org.webjars.npm : es6-promise jar [4.2.8,5)
org.webjars.npm : base64-js jar [1.3.0,2)
org.webjars.npm : crypto-js jar [3.2.1,4)
org.webjars.npm : unfetch jar [4.1.0,5)
org.webjars.npm : jsbn jar [1.1.0,2)

Project Modules

There are no modules declared in this project.

idtoken-verifier

Build Status NPM version Coverage License Downloads FOSSA Status

A lightweight library to decode and verify RS JWT meant for the browser.

Usage

import IdTokenVerifier from 'idtoken-verifier';

const verifier = new IdTokenVerifier({
  issuer: 'https://my.auth0.com/',
  audience: 'gYSNlU4YC4V1YPdqq8zPQcup6rJw1Mbt'
});

verifier.verify(id_token, nonce, (error, payload) => {
  if (error) {
    // handle the error
    return;
  }

  // do something with `payload`
});

IdTokenVerifier

Initializes the verifier.

Parameters:

  • configuration
    • issuer: the issuer you trust to sign the tokens.
    • audience: the audience the token is issued for.
    • leeway: when there is a clock skew times between the signing and verifying servers. The leeway should not be bigger than five minutes.
    • jwksCache: the verifier will try to fetch the JWKS from the /.well-known/jwks.json endpoint (or jwksURI if provided) each time it verifies a token. You can provide a cache to store the keys and avoid repeated requests. For the contract, check this example. Hint: for in-memory cache, an easy way is to just provide new Map(), which is a valid object for jwksCache.
    • jwksURI: A valid, direct URI to fetch the JSON Web Key Set (JWKS). Defaults to ${id_token.iss}/.well-known/jwks.json
  • callback
    • error: the validation error if any, null otherwise
    • payload: the decoded jwt payload

verifier.verify

This method will decode the ID token, then verify the token for OIDC compliance using a series of checks on the claims found inside the token.

Parameters

  • id_token: the id_token to verify.
  • nonce: the nonce previously sent to tha authorization server.
  • callback

verifier.decode

This method will decode the token header and payload WITHOUT doing any verification.

Parameters

  • id_token: the id_token to decode.

Return

  • header: the decoded header.
  • payload: the decoded payload.
  • encoded: the parts without decode
    • header: the header string.
    • payload: the payload string.
    • signature: the signature string.

Support

To make it as lightweight as posible, it only provides support for RS256 tokens. It can be easily extensible to other RS* algorithms.

Issue Reporting

If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

Author

Auth0

License

This project is licensed under the MIT license. See the LICENSE file for more info.

FOSSA Status

org.webjars.npm

Auth0

Versions

Version
2.1.0
1.4.1
1.2.0
1.1.1
1.1.0