1 | // Type definitions for jsonwebtoken 8.5
|
2 | // Project: https://github.com/auth0/node-jsonwebtoken
|
3 | // Definitions by: Maxime LUCE <https://github.com/SomaticIT>,
|
4 | // Daniel Heim <https://github.com/danielheim>,
|
5 | // Brice BERNARD <https://github.com/brikou>,
|
6 | // Veli-Pekka Kestilä <https://github.com/vpk>,
|
7 | // Daniel Parker <https://github.com/GeneralistDev>,
|
8 | // Kjell Dießel <https://github.com/kettil>,
|
9 | // Robert Gajda <https://github.com/RunAge>,
|
10 | // Nico Flaig <https://github.com/nflaig>,
|
11 | // Linus Unnebäck <https://github.com/LinusU>
|
12 | // Ivan Sieder <https://github.com/ivansieder>
|
13 | // Piotr Błażejewicz <https://github.com/peterblazejewicz>
|
14 | // Nandor Kraszlan <https://github.com/nandi95>
|
15 | // Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped
|
16 |
|
17 | /// <reference types="node" />
|
18 |
|
19 | export class JsonWebTokenError extends Error {
|
20 | inner: Error;
|
21 |
|
22 | constructor(message: string, error?: Error);
|
23 | }
|
24 |
|
25 | export class TokenExpiredError extends JsonWebTokenError {
|
26 | expiredAt: Date;
|
27 |
|
28 | constructor(message: string, expiredAt: Date);
|
29 | }
|
30 |
|
31 | /**
|
32 | * Thrown if current time is before the nbf claim.
|
33 | */
|
34 | export class NotBeforeError extends JsonWebTokenError {
|
35 | date: Date;
|
36 |
|
37 | constructor(message: string, date: Date);
|
38 | }
|
39 |
|
40 | export interface SignOptions {
|
41 | /**
|
42 | * Signature algorithm. Could be one of these values :
|
43 | * - HS256: HMAC using SHA-256 hash algorithm (default)
|
44 | * - HS384: HMAC using SHA-384 hash algorithm
|
45 | * - HS512: HMAC using SHA-512 hash algorithm
|
46 | * - RS256: RSASSA using SHA-256 hash algorithm
|
47 | * - RS384: RSASSA using SHA-384 hash algorithm
|
48 | * - RS512: RSASSA using SHA-512 hash algorithm
|
49 | * - ES256: ECDSA using P-256 curve and SHA-256 hash algorithm
|
50 | * - ES384: ECDSA using P-384 curve and SHA-384 hash algorithm
|
51 | * - ES512: ECDSA using P-521 curve and SHA-512 hash algorithm
|
52 | * - none: No digital signature or MAC value included
|
53 | */
|
54 | algorithm?: Algorithm | undefined;
|
55 | keyid?: string | undefined;
|
56 | /** expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js). Eg: 60, "2 days", "10h", "7d" */
|
57 | expiresIn?: string | number | undefined;
|
58 | /** expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js). Eg: 60, "2 days", "10h", "7d" */
|
59 | notBefore?: string | number | undefined;
|
60 | audience?: string | string[] | undefined;
|
61 | subject?: string | undefined;
|
62 | issuer?: string | undefined;
|
63 | jwtid?: string | undefined;
|
64 | mutatePayload?: boolean | undefined;
|
65 | noTimestamp?: boolean | undefined;
|
66 | header?: JwtHeader | undefined;
|
67 | encoding?: string | undefined;
|
68 | }
|
69 |
|
70 | export interface VerifyOptions {
|
71 | algorithms?: Algorithm[] | undefined;
|
72 | audience?: string | RegExp | Array<string | RegExp> | undefined;
|
73 | clockTimestamp?: number | undefined;
|
74 | clockTolerance?: number | undefined;
|
75 | /** return an object with the decoded `{ payload, header, signature }` instead of only the usual content of the payload. */
|
76 | complete?: boolean | undefined;
|
77 | issuer?: string | string[] | undefined;
|
78 | ignoreExpiration?: boolean | undefined;
|
79 | ignoreNotBefore?: boolean | undefined;
|
80 | jwtid?: string | undefined;
|
81 | /**
|
82 | * If you want to check `nonce` claim, provide a string value here.
|
83 | * It is used on Open ID for the ID Tokens. ([Open ID implementation notes](https://openid.net/specs/openid-connect-core-1_0.html#NonceNotes))
|
84 | */
|
85 | nonce?: string | undefined;
|
86 | subject?: string | undefined;
|
87 | /**
|
88 | * @deprecated
|
89 | * Max age of token
|
90 | */
|
91 | maxAge?: string | undefined;
|
92 | }
|
93 |
|
94 | export interface DecodeOptions {
|
95 | complete?: boolean | undefined;
|
96 | json?: boolean | undefined;
|
97 | }
|
98 | export type VerifyErrors =
|
99 | | JsonWebTokenError
|
100 | | NotBeforeError
|
101 | | TokenExpiredError;
|
102 | export type VerifyCallback<T = JwtPayload> = (
|
103 | err: VerifyErrors | null,
|
104 | decoded: T | undefined,
|
105 | ) => void;
|
106 |
|
107 | export type SignCallback = (
|
108 | err: Error | null, encoded: string | undefined
|
109 | ) => void;
|
110 |
|
111 | // standard names https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1
|
112 | export interface JwtHeader {
|
113 | alg: string | Algorithm;
|
114 | typ?: string | undefined;
|
115 | cty?: string | undefined;
|
116 | crit?: Array<string | Exclude<keyof JwtHeader, 'crit'>> | undefined;
|
117 | kid?: string | undefined;
|
118 | jku?: string | undefined;
|
119 | x5u?: string | string[] | undefined;
|
120 | 'x5t#S256'?: string | undefined;
|
121 | x5t?: string | undefined;
|
122 | x5c?: string | string[] | undefined;
|
123 | }
|
124 |
|
125 | // standard claims https://datatracker.ietf.org/doc/html/rfc7519#section-4.1
|
126 | export interface JwtPayload {
|
127 | [key: string]: any;
|
128 | iss?: string | undefined;
|
129 | sub?: string | undefined;
|
130 | aud?: string | string[] | undefined;
|
131 | exp?: number | undefined;
|
132 | nbf?: number | undefined;
|
133 | iat?: number | undefined;
|
134 | jti?: string | undefined;
|
135 | }
|
136 |
|
137 | export interface Jwt {
|
138 | header: JwtHeader;
|
139 | payload: JwtPayload;
|
140 | signature: string;
|
141 | }
|
142 |
|
143 | // https://github.com/auth0/node-jsonwebtoken#algorithms-supported
|
144 | export type Algorithm =
|
145 | "HS256" | "HS384" | "HS512" |
|
146 | "RS256" | "RS384" | "RS512" |
|
147 | "ES256" | "ES384" | "ES512" |
|
148 | "PS256" | "PS384" | "PS512" |
|
149 | "none";
|
150 |
|
151 | export type SigningKeyCallback = (
|
152 | err: any,
|
153 | signingKey?: Secret,
|
154 | ) => void;
|
155 |
|
156 | export type GetPublicKeyOrSecret = (
|
157 | header: JwtHeader,
|
158 | callback: SigningKeyCallback
|
159 | ) => void;
|
160 |
|
161 | export type Secret =
|
162 | | string
|
163 | | Buffer
|
164 | | { key: string | Buffer; passphrase: string };
|
165 |
|
166 | /**
|
167 | * Synchronously sign the given payload into a JSON Web Token string
|
168 | * payload - Payload to sign, could be an literal, buffer or string
|
169 | * secretOrPrivateKey - Either the secret for HMAC algorithms, or the PEM encoded private key for RSA and ECDSA.
|
170 | * [options] - Options for the signature
|
171 | * returns - The JSON Web Token string
|
172 | */
|
173 | export function sign(
|
174 | payload: string | Buffer | object,
|
175 | secretOrPrivateKey: Secret,
|
176 | options?: SignOptions,
|
177 | ): string;
|
178 |
|
179 | /**
|
180 | * Sign the given payload into a JSON Web Token string
|
181 | * payload - Payload to sign, could be an literal, buffer or string
|
182 | * secretOrPrivateKey - Either the secret for HMAC algorithms, or the PEM encoded private key for RSA and ECDSA.
|
183 | * [options] - Options for the signature
|
184 | * callback - Callback to get the encoded token on
|
185 | */
|
186 | export function sign(
|
187 | payload: string | Buffer | object,
|
188 | secretOrPrivateKey: Secret,
|
189 | callback: SignCallback,
|
190 | ): void;
|
191 | export function sign(
|
192 | payload: string | Buffer | object,
|
193 | secretOrPrivateKey: Secret,
|
194 | options: SignOptions,
|
195 | callback: SignCallback,
|
196 | ): void;
|
197 |
|
198 | /**
|
199 | * Synchronously verify given token using a secret or a public key to get a decoded token
|
200 | * token - JWT string to verify
|
201 | * secretOrPublicKey - Either the secret for HMAC algorithms, or the PEM encoded public key for RSA and ECDSA.
|
202 | * [options] - Options for the verification
|
203 | * returns - The decoded token.
|
204 | */
|
205 | export function verify(token: string, secretOrPublicKey: Secret, options: VerifyOptions & { complete: true }): Jwt | string;
|
206 | export function verify(token: string, secretOrPublicKey: Secret, options?: VerifyOptions): JwtPayload | string;
|
207 |
|
208 | /**
|
209 | * Asynchronously verify given token using a secret or a public key to get a decoded token
|
210 | * token - JWT string to verify
|
211 | * secretOrPublicKey - A string or buffer containing either the secret for HMAC algorithms,
|
212 | * or the PEM encoded public key for RSA and ECDSA. If jwt.verify is called asynchronous,
|
213 | * secretOrPublicKey can be a function that should fetch the secret or public key
|
214 | * [options] - Options for the verification
|
215 | * callback - Callback to get the decoded token on
|
216 | */
|
217 | export function verify(
|
218 | token: string,
|
219 | secretOrPublicKey: Secret | GetPublicKeyOrSecret,
|
220 | callback?: VerifyCallback,
|
221 | ): void;
|
222 | export function verify(
|
223 | token: string,
|
224 | secretOrPublicKey: Secret | GetPublicKeyOrSecret,
|
225 | options?: VerifyOptions & { complete: true },
|
226 | callback?: VerifyCallback<Jwt>,
|
227 | ): void;
|
228 | export function verify(
|
229 | token: string,
|
230 | secretOrPublicKey: Secret | GetPublicKeyOrSecret,
|
231 | options?: VerifyOptions,
|
232 | callback?: VerifyCallback,
|
233 | ): void;
|
234 |
|
235 | /**
|
236 | * Returns the decoded payload without verifying if the signature is valid.
|
237 | * token - JWT string to decode
|
238 | * [options] - Options for decoding
|
239 | * returns - The decoded Token
|
240 | */
|
241 | export function decode(token: string, options: DecodeOptions & { complete: true }): null | Jwt;
|
242 | export function decode(token: string, options: DecodeOptions & { json: true }): null | JwtPayload;
|
243 | export function decode(token: string, options?: DecodeOptions): null | JwtPayload | string;
|