UNPKG

@types/jsonwebtoken/index.d.ts

Version:

8.78 kBTypeScriptView Raw

1// Type definitions for jsonwebtoken 8.5
2// Project: https://github.com/auth0/node-jsonwebtoken
3// Definitions by: Maxime LUCE <https://github.com/SomaticIT>,
4//                 Daniel Heim <https://github.com/danielheim>,
5//                 Brice BERNARD <https://github.com/brikou>,
6//                 Veli-Pekka Kestilä <https://github.com/vpk>,
7//                 Daniel Parker <https://github.com/GeneralistDev>,
8//                 Kjell Dießel <https://github.com/kettil>,
9//                 Robert Gajda <https://github.com/RunAge>,
10//                 Nico Flaig <https://github.com/nflaig>,
11//                 Linus Unnebäck <https://github.com/LinusU>
12//                 Ivan Sieder <https://github.com/ivansieder>
13//                 Piotr Błażejewicz <https://github.com/peterblazejewicz>
14//                 Nandor Kraszlan <https://github.com/nandi95>
15// Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped
16
17/// <reference types="node" />
18
19export class JsonWebTokenError extends Error {
20    inner: Error;
21
22    constructor(message: string, error?: Error);
23}
24
25export class TokenExpiredError extends JsonWebTokenError {
26    expiredAt: Date;
27
28    constructor(message: string, expiredAt: Date);
29}
30
31/**
32 * Thrown if current time is before the nbf claim.
33 */
34export class NotBeforeError extends JsonWebTokenError {
35    date: Date;
36
37    constructor(message: string, date: Date);
38}
39
40export interface SignOptions {
41    /**
42     * Signature algorithm. Could be one of these values :
43     * - HS256:    HMAC using SHA-256 hash algorithm (default)
44     * - HS384:    HMAC using SHA-384 hash algorithm
45     * - HS512:    HMAC using SHA-512 hash algorithm
46     * - RS256:    RSASSA using SHA-256 hash algorithm
47     * - RS384:    RSASSA using SHA-384 hash algorithm
48     * - RS512:    RSASSA using SHA-512 hash algorithm
49     * - ES256:    ECDSA using P-256 curve and SHA-256 hash algorithm
50     * - ES384:    ECDSA using P-384 curve and SHA-384 hash algorithm
51     * - ES512:    ECDSA using P-521 curve and SHA-512 hash algorithm
52     * - none:     No digital signature or MAC value included
53     */
54    algorithm?: Algorithm | undefined;
55    keyid?: string | undefined;
56    /** expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js).  Eg: 60, "2 days", "10h", "7d" */
57    expiresIn?: string | number | undefined;
58    /** expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js).  Eg: 60, "2 days", "10h", "7d" */
59    notBefore?: string | number | undefined;
60    audience?: string | string[] | undefined;
61    subject?: string | undefined;
62    issuer?: string | undefined;
63    jwtid?: string | undefined;
64    mutatePayload?: boolean | undefined;
65    noTimestamp?: boolean | undefined;
66    header?: JwtHeader | undefined;
67    encoding?: string | undefined;
68}
69
70export interface VerifyOptions {
71    algorithms?: Algorithm[] | undefined;
72    audience?: string | RegExp | Array<string | RegExp> | undefined;
73    clockTimestamp?: number | undefined;
74    clockTolerance?: number | undefined;
75    /** return an object with the decoded `{ payload, header, signature }` instead of only the usual content of the payload. */
76    complete?: boolean | undefined;
77    issuer?: string | string[] | undefined;
78    ignoreExpiration?: boolean | undefined;
79    ignoreNotBefore?: boolean | undefined;
80    jwtid?: string | undefined;
81    /**
82     * If you want to check `nonce` claim, provide a string value here.
83     * It is used on Open ID for the ID Tokens. ([Open ID implementation notes](https://openid.net/specs/openid-connect-core-1_0.html#NonceNotes))
84     */
85    nonce?: string | undefined;
86    subject?: string | undefined;
87    /**
88     * @deprecated
89     * Max age of token
90     */
91    maxAge?: string | undefined;
92}
93
94export interface DecodeOptions {
95    complete?: boolean | undefined;
96    json?: boolean | undefined;
97}
98export type VerifyErrors =
99    | JsonWebTokenError
100    | NotBeforeError
101    | TokenExpiredError;
102export type VerifyCallback<T = JwtPayload> = (
103    err: VerifyErrors | null,
104    decoded: T | undefined,
105) => void;
106
107export type SignCallback = (
108    err: Error | null, encoded: string | undefined
109) => void;
110
111// standard names https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1
112export interface JwtHeader {
113    alg: string | Algorithm;
114    typ?: string | undefined;
115    cty?: string | undefined;
116    crit?: Array<string | Exclude<keyof JwtHeader, 'crit'>> | undefined;
117    kid?: string | undefined;
118    jku?: string | undefined;
119    x5u?: string | string[] | undefined;
120    'x5t#S256'?: string | undefined;
121    x5t?: string | undefined;
122    x5c?: string | string[] | undefined;
123}
124
125// standard claims https://datatracker.ietf.org/doc/html/rfc7519#section-4.1
126export interface JwtPayload {
127    [key: string]: any;
128    iss?: string | undefined;
129    sub?: string | undefined;
130    aud?: string | string[] | undefined;
131    exp?: number | undefined;
132    nbf?: number | undefined;
133    iat?: number | undefined;
134    jti?: string | undefined;
135}
136
137export interface Jwt {
138    header: JwtHeader;
139    payload: JwtPayload;
140    signature: string;
141}
142
143// https://github.com/auth0/node-jsonwebtoken#algorithms-supported
144export type Algorithm =
145    "HS256" | "HS384" | "HS512" |
146    "RS256" | "RS384" | "RS512" |
147    "ES256" | "ES384" | "ES512" |
148    "PS256" | "PS384" | "PS512" |
149    "none";
150
151export type SigningKeyCallback = (
152    err: any,
153    signingKey?: Secret,
154) => void;
155
156export type GetPublicKeyOrSecret = (
157    header: JwtHeader,
158    callback: SigningKeyCallback
159) => void;
160
161export type Secret =
162    | string
163    | Buffer
164    | { key: string | Buffer; passphrase: string };
165
166/**
167 * Synchronously sign the given payload into a JSON Web Token string
168 * payload - Payload to sign, could be an literal, buffer or string
169 * secretOrPrivateKey - Either the secret for HMAC algorithms, or the PEM encoded private key for RSA and ECDSA.
170 * [options] - Options for the signature
171 * returns - The JSON Web Token string
172 */
173export function sign(
174    payload: string | Buffer | object,
175    secretOrPrivateKey: Secret,
176    options?: SignOptions,
177): string;
178
179/**
180 * Sign the given payload into a JSON Web Token string
181 * payload - Payload to sign, could be an literal, buffer or string
182 * secretOrPrivateKey - Either the secret for HMAC algorithms, or the PEM encoded private key for RSA and ECDSA.
183 * [options] - Options for the signature
184 * callback - Callback to get the encoded token on
185 */
186export function sign(
187    payload: string | Buffer | object,
188    secretOrPrivateKey: Secret,
189    callback: SignCallback,
190): void;
191export function sign(
192    payload: string | Buffer | object,
193    secretOrPrivateKey: Secret,
194    options: SignOptions,
195    callback: SignCallback,
196): void;
197
198/**
199 * Synchronously verify given token using a secret or a public key to get a decoded token
200 * token - JWT string to verify
201 * secretOrPublicKey - Either the secret for HMAC algorithms, or the PEM encoded public key for RSA and ECDSA.
202 * [options] - Options for the verification
203 * returns - The decoded token.
204 */
205export function verify(token: string, secretOrPublicKey: Secret, options: VerifyOptions & { complete: true }): Jwt | string;
206export function verify(token: string, secretOrPublicKey: Secret, options?: VerifyOptions): JwtPayload | string;
207
208/**
209 * Asynchronously verify given token using a secret or a public key to get a decoded token
210 * token - JWT string to verify
211 * secretOrPublicKey - A string or buffer containing either the secret for HMAC algorithms,
212 * or the PEM encoded public key for RSA and ECDSA. If jwt.verify is called asynchronous,
213 * secretOrPublicKey can be a function that should fetch the secret or public key
214 * [options] - Options for the verification
215 * callback - Callback to get the decoded token on
216 */
217export function verify(
218    token: string,
219    secretOrPublicKey: Secret | GetPublicKeyOrSecret,
220    callback?: VerifyCallback,
221): void;
222export function verify(
223    token: string,
224    secretOrPublicKey: Secret | GetPublicKeyOrSecret,
225    options?: VerifyOptions & { complete: true },
226    callback?: VerifyCallback<Jwt>,
227): void;
228export function verify(
229    token: string,
230    secretOrPublicKey: Secret | GetPublicKeyOrSecret,
231    options?: VerifyOptions,
232    callback?: VerifyCallback,
233): void;
234
235/**
236 * Returns the decoded payload without verifying if the signature is valid.
237 * token - JWT string to decode
238 * [options] - Options for decoding
239 * returns - The decoded Token
240 */
241export function decode(token: string, options: DecodeOptions & { complete: true }): null | Jwt;
242export function decode(token: string, options: DecodeOptions & { json: true }): null | JwtPayload;
243export function decode(token: string, options?: DecodeOptions): null | JwtPayload | string;

1	`// Type definitions for jsonwebtoken 8.5`
2	`// Project: https://github.com/auth0/node-jsonwebtoken`
3	`// Definitions by: Maxime LUCE <https://github.com/SomaticIT>,`
4	`// Daniel Heim <https://github.com/danielheim>,`
5	`// Brice BERNARD <https://github.com/brikou>,`
6	`// Veli-Pekka Kestilä <https://github.com/vpk>,`
7	`// Daniel Parker <https://github.com/GeneralistDev>,`
8	`// Kjell Dießel <https://github.com/kettil>,`
9	`// Robert Gajda <https://github.com/RunAge>,`
10	`// Nico Flaig <https://github.com/nflaig>,`
11	`// Linus Unnebäck <https://github.com/LinusU>`
12	`// Ivan Sieder <https://github.com/ivansieder>`
13	`// Piotr Błażejewicz <https://github.com/peterblazejewicz>`
14	`// Nandor Kraszlan <https://github.com/nandi95>`
15	`// Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped`
16
17	`/// <reference types="node" />`
18
19	`export class JsonWebTokenError extends Error {`
20	`inner: Error;`
21
22	`constructor(message: string, error?: Error);`
23	`}`
24
25	`export class TokenExpiredError extends JsonWebTokenError {`
26	`expiredAt: Date;`
27
28	`constructor(message: string, expiredAt: Date);`
29	`}`
30
31	`/**`
32	`* Thrown if current time is before the nbf claim.`
33	`*/`
34	`export class NotBeforeError extends JsonWebTokenError {`
35	`date: Date;`
36
37	`constructor(message: string, date: Date);`
38	`}`
39
40	`export interface SignOptions {`
41	`/**`
42	`* Signature algorithm. Could be one of these values :`
43	`* - HS256: HMAC using SHA-256 hash algorithm (default)`
44	`* - HS384: HMAC using SHA-384 hash algorithm`
45	`* - HS512: HMAC using SHA-512 hash algorithm`
46	`* - RS256: RSASSA using SHA-256 hash algorithm`
47	`* - RS384: RSASSA using SHA-384 hash algorithm`
48	`* - RS512: RSASSA using SHA-512 hash algorithm`
49	`* - ES256: ECDSA using P-256 curve and SHA-256 hash algorithm`
50	`* - ES384: ECDSA using P-384 curve and SHA-384 hash algorithm`
51	`* - ES512: ECDSA using P-521 curve and SHA-512 hash algorithm`
52	`* - none: No digital signature or MAC value included`
53	`*/`
54	`algorithm?: Algorithm \| undefined;`
55	`keyid?: string \| undefined;`
56	`/** expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js). Eg: 60, "2 days", "10h", "7d" */`
57	`expiresIn?: string \| number \| undefined;`
58	`/** expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js). Eg: 60, "2 days", "10h", "7d" */`
59	`notBefore?: string \| number \| undefined;`
60	`audience?: string \| string[] \| undefined;`
61	`subject?: string \| undefined;`
62	`issuer?: string \| undefined;`
63	`jwtid?: string \| undefined;`
64	`mutatePayload?: boolean \| undefined;`
65	`noTimestamp?: boolean \| undefined;`
66	`header?: JwtHeader \| undefined;`
67	`encoding?: string \| undefined;`
68	`}`
69
70	`export interface VerifyOptions {`
71	`algorithms?: Algorithm[] \| undefined;`
72	`audience?: string \| RegExp \| Array<string \| RegExp> \| undefined;`
73	`clockTimestamp?: number \| undefined;`
74	`clockTolerance?: number \| undefined;`
75	/** return an object with the decoded `{ payload, header, signature }` instead of only the usual content of the payload. */
76	`complete?: boolean \| undefined;`
77	`issuer?: string \| string[] \| undefined;`
78	`ignoreExpiration?: boolean \| undefined;`
79	`ignoreNotBefore?: boolean \| undefined;`
80	`jwtid?: string \| undefined;`
81	`/**`
82	* If you want to check `nonce` claim, provide a string value here.
83	`* It is used on Open ID for the ID Tokens. ([Open ID implementation notes](https://openid.net/specs/openid-connect-core-1_0.html#NonceNotes))`
84	`*/`
85	`nonce?: string \| undefined;`
86	`subject?: string \| undefined;`
87	`/**`
88	`* @deprecated`
89	`* Max age of token`
90	`*/`
91	`maxAge?: string \| undefined;`
92	`}`
93
94	`export interface DecodeOptions {`
95	`complete?: boolean \| undefined;`
96	`json?: boolean \| undefined;`
97	`}`
98	`export type VerifyErrors =`
99	`\| JsonWebTokenError`
100	`\| NotBeforeError`
101	`\| TokenExpiredError;`
102	`export type VerifyCallback<T = JwtPayload> = (`
103	`err: VerifyErrors \| null,`
104	`decoded: T \| undefined,`
105	`) => void;`
106
107	`export type SignCallback = (`
108	`err: Error \| null, encoded: string \| undefined`
109	`) => void;`
110
111	`// standard names https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1`
112	`export interface JwtHeader {`
113	`alg: string \| Algorithm;`
114	`typ?: string \| undefined;`
115	`cty?: string \| undefined;`
116	`crit?: Array<string \| Exclude<keyof JwtHeader, 'crit'>> \| undefined;`
117	`kid?: string \| undefined;`
118	`jku?: string \| undefined;`
119	`x5u?: string \| string[] \| undefined;`
120	`'x5t#S256'?: string \| undefined;`
121	`x5t?: string \| undefined;`
122	`x5c?: string \| string[] \| undefined;`
123	`}`
124
125	`// standard claims https://datatracker.ietf.org/doc/html/rfc7519#section-4.1`
126	`export interface JwtPayload {`
127	`[key: string]: any;`
128	`iss?: string \| undefined;`
129	`sub?: string \| undefined;`
130	`aud?: string \| string[] \| undefined;`
131	`exp?: number \| undefined;`
132	`nbf?: number \| undefined;`
133	`iat?: number \| undefined;`
134	`jti?: string \| undefined;`
135	`}`
136
137	`export interface Jwt {`
138	`header: JwtHeader;`
139	`payload: JwtPayload;`
140	`signature: string;`
141	`}`
142
143	`// https://github.com/auth0/node-jsonwebtoken#algorithms-supported`
144	`export type Algorithm =`
145	`"HS256" \| "HS384" \| "HS512" \|`
146	`"RS256" \| "RS384" \| "RS512" \|`
147	`"ES256" \| "ES384" \| "ES512" \|`
148	`"PS256" \| "PS384" \| "PS512" \|`
149	`"none";`
150
151	`export type SigningKeyCallback = (`
152	`err: any,`
153	`signingKey?: Secret,`
154	`) => void;`
155
156	`export type GetPublicKeyOrSecret = (`
157	`header: JwtHeader,`
158	`callback: SigningKeyCallback`
159	`) => void;`
160
161	`export type Secret =`
162	`\| string`
163	`\| Buffer`
164	`\| { key: string \| Buffer; passphrase: string };`
165
166	`/**`
167	`* Synchronously sign the given payload into a JSON Web Token string`
168	`* payload - Payload to sign, could be an literal, buffer or string`
169	`* secretOrPrivateKey - Either the secret for HMAC algorithms, or the PEM encoded private key for RSA and ECDSA.`
170	`* [options] - Options for the signature`
171	`* returns - The JSON Web Token string`
172	`*/`
173	`export function sign(`
174	`payload: string \| Buffer \| object,`
175	`secretOrPrivateKey: Secret,`
176	`options?: SignOptions,`
177	`): string;`
178
179	`/**`
180	`* Sign the given payload into a JSON Web Token string`
181	`* payload - Payload to sign, could be an literal, buffer or string`
182	`* secretOrPrivateKey - Either the secret for HMAC algorithms, or the PEM encoded private key for RSA and ECDSA.`
183	`* [options] - Options for the signature`
184	`* callback - Callback to get the encoded token on`
185	`*/`
186	`export function sign(`
187	`payload: string \| Buffer \| object,`
188	`secretOrPrivateKey: Secret,`
189	`callback: SignCallback,`
190	`): void;`
191	`export function sign(`
192	`payload: string \| Buffer \| object,`
193	`secretOrPrivateKey: Secret,`
194	`options: SignOptions,`
195	`callback: SignCallback,`
196	`): void;`
197
198	`/**`
199	`* Synchronously verify given token using a secret or a public key to get a decoded token`
200	`* token - JWT string to verify`
201	`* secretOrPublicKey - Either the secret for HMAC algorithms, or the PEM encoded public key for RSA and ECDSA.`
202	`* [options] - Options for the verification`
203	`* returns - The decoded token.`
204	`*/`
205	`export function verify(token: string, secretOrPublicKey: Secret, options: VerifyOptions & { complete: true }): Jwt \| string;`
206	`export function verify(token: string, secretOrPublicKey: Secret, options?: VerifyOptions): JwtPayload \| string;`
207
208	`/**`
209	`* Asynchronously verify given token using a secret or a public key to get a decoded token`
210	`* token - JWT string to verify`
211	`* secretOrPublicKey - A string or buffer containing either the secret for HMAC algorithms,`
212	`* or the PEM encoded public key for RSA and ECDSA. If jwt.verify is called asynchronous,`
213	`* secretOrPublicKey can be a function that should fetch the secret or public key`
214	`* [options] - Options for the verification`
215	`* callback - Callback to get the decoded token on`
216	`*/`
217	`export function verify(`
218	`token: string,`
219	`secretOrPublicKey: Secret \| GetPublicKeyOrSecret,`
220	`callback?: VerifyCallback,`
221	`): void;`
222	`export function verify(`
223	`token: string,`
224	`secretOrPublicKey: Secret \| GetPublicKeyOrSecret,`
225	`options?: VerifyOptions & { complete: true },`
226	`callback?: VerifyCallback<Jwt>,`
227	`): void;`
228	`export function verify(`
229	`token: string,`
230	`secretOrPublicKey: Secret \| GetPublicKeyOrSecret,`
231	`options?: VerifyOptions,`
232	`callback?: VerifyCallback,`
233	`): void;`
234
235	`/**`
236	`* Returns the decoded payload without verifying if the signature is valid.`
237	`* token - JWT string to decode`
238	`* [options] - Options for decoding`
239	`* returns - The decoded Token`
240	`*/`
241	`export function decode(token: string, options: DecodeOptions & { complete: true }): null \| Jwt;`
242	`export function decode(token: string, options: DecodeOptions & { json: true }): null \| JwtPayload;`
243	`export function decode(token: string, options?: DecodeOptions): null \| JwtPayload \| string;`