UNPKG

@types/jsonwebtoken/index.d.ts

Version:

9.11 kBTypeScriptView Raw

1// Type definitions for jsonwebtoken 8.5
2// Project: https://github.com/auth0/node-jsonwebtoken
3// Definitions by: Maxime LUCE <https://github.com/SomaticIT>,
4//                 Daniel Heim <https://github.com/danielheim>,
5//                 Brice BERNARD <https://github.com/brikou>,
6//                 Veli-Pekka Kestilä <https://github.com/vpk>,
7//                 Daniel Parker <https://github.com/GeneralistDev>,
8//                 Kjell Dießel <https://github.com/kettil>,
9//                 Robert Gajda <https://github.com/RunAge>,
10//                 Nico Flaig <https://github.com/nflaig>,
11//                 Linus Unnebäck <https://github.com/LinusU>
12//                 Ivan Sieder <https://github.com/ivansieder>
13//                 Piotr Błażejewicz <https://github.com/peterblazejewicz>
14//                 Nandor Kraszlan <https://github.com/nandi95>
15// Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped
16
17/// <reference types="node" />
18
19export class JsonWebTokenError extends Error {
20    inner: Error;
21
22    constructor(message: string, error?: Error);
23}
24
25export class TokenExpiredError extends JsonWebTokenError {
26    expiredAt: Date;
27
28    constructor(message: string, expiredAt: Date);
29}
30
31/**
32 * Thrown if current time is before the nbf claim.
33 */
34export class NotBeforeError extends JsonWebTokenError {
35    date: Date;
36
37    constructor(message: string, date: Date);
38}
39
40export interface SignOptions {
41    /**
42     * Signature algorithm. Could be one of these values :
43     * - HS256:    HMAC using SHA-256 hash algorithm (default)
44     * - HS384:    HMAC using SHA-384 hash algorithm
45     * - HS512:    HMAC using SHA-512 hash algorithm
46     * - RS256:    RSASSA using SHA-256 hash algorithm
47     * - RS384:    RSASSA using SHA-384 hash algorithm
48     * - RS512:    RSASSA using SHA-512 hash algorithm
49     * - ES256:    ECDSA using P-256 curve and SHA-256 hash algorithm
50     * - ES384:    ECDSA using P-384 curve and SHA-384 hash algorithm
51     * - ES512:    ECDSA using P-521 curve and SHA-512 hash algorithm
52     * - none:     No digital signature or MAC value included
53     */
54    algorithm?: Algorithm | undefined;
55    keyid?: string | undefined;
56    /** expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js).  Eg: 60, "2 days", "10h", "7d" */
57    expiresIn?: string | number | undefined;
58    /** expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js).  Eg: 60, "2 days", "10h", "7d" */
59    notBefore?: string | number | undefined;
60    audience?: string | string[] | undefined;
61    subject?: string | undefined;
62    issuer?: string | undefined;
63    jwtid?: string | undefined;
64    mutatePayload?: boolean | undefined;
65    noTimestamp?: boolean | undefined;
66    header?: JwtHeader | undefined;
67    encoding?: string | undefined;
68}
69
70export interface VerifyOptions {
71    algorithms?: Algorithm[] | undefined;
72    audience?: string | RegExp | Array<string | RegExp> | undefined;
73    clockTimestamp?: number | undefined;
74    clockTolerance?: number | undefined;
75    /** return an object with the decoded `{ payload, header, signature }` instead of only the usual content of the payload. */
76    complete?: boolean | undefined;
77    issuer?: string | string[] | undefined;
78    ignoreExpiration?: boolean | undefined;
79    ignoreNotBefore?: boolean | undefined;
80    jwtid?: string | undefined;
81    /**
82     * If you want to check `nonce` claim, provide a string value here.
83     * It is used on Open ID for the ID Tokens. ([Open ID implementation notes](https://openid.net/specs/openid-connect-core-1_0.html#NonceNotes))
84     */
85    nonce?: string | undefined;
86    subject?: string | undefined;
87    maxAge?: string | number | undefined;
88}
89
90export interface DecodeOptions {
91    complete?: boolean | undefined;
92    json?: boolean | undefined;
93}
94export type VerifyErrors =
95    | JsonWebTokenError
96    | NotBeforeError
97    | TokenExpiredError;
98export type VerifyCallback<T = Jwt | JwtPayload | string> = (
99    err: VerifyErrors | null,
100    decoded: T | undefined,
101) => void;
102
103export type SignCallback = (
104    err: Error | null, encoded: string | undefined
105) => void;
106
107// standard names https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1
108export interface JwtHeader {
109    alg: string | Algorithm;
110    typ?: string | undefined;
111    cty?: string | undefined;
112    crit?: Array<string | Exclude<keyof JwtHeader, 'crit'>> | undefined;
113    kid?: string | undefined;
114    jku?: string | undefined;
115    x5u?: string | string[] | undefined;
116    'x5t#S256'?: string | undefined;
117    x5t?: string | undefined;
118    x5c?: string | string[] | undefined;
119}
120
121// standard claims https://datatracker.ietf.org/doc/html/rfc7519#section-4.1
122export interface JwtPayload {
123    [key: string]: any;
124    iss?: string | undefined;
125    sub?: string | undefined;
126    aud?: string | string[] | undefined;
127    exp?: number | undefined;
128    nbf?: number | undefined;
129    iat?: number | undefined;
130    jti?: string | undefined;
131}
132
133export interface Jwt {
134    header: JwtHeader;
135    payload: JwtPayload | string;
136    signature: string;
137}
138
139// https://github.com/auth0/node-jsonwebtoken#algorithms-supported
140export type Algorithm =
141    "HS256" | "HS384" | "HS512" |
142    "RS256" | "RS384" | "RS512" |
143    "ES256" | "ES384" | "ES512" |
144    "PS256" | "PS384" | "PS512" |
145    "none";
146
147export type SigningKeyCallback = (
148    err: any,
149    signingKey?: Secret,
150) => void;
151
152export type GetPublicKeyOrSecret = (
153    header: JwtHeader,
154    callback: SigningKeyCallback
155) => void;
156
157export type Secret =
158    | string
159    | Buffer
160    | { key: string | Buffer; passphrase: string };
161
162/**
163 * Synchronously sign the given payload into a JSON Web Token string
164 * payload - Payload to sign, could be an literal, buffer or string
165 * secretOrPrivateKey - Either the secret for HMAC algorithms, or the PEM encoded private key for RSA and ECDSA.
166 * [options] - Options for the signature
167 * returns - The JSON Web Token string
168 */
169export function sign(
170    payload: string | Buffer | object,
171    secretOrPrivateKey: Secret,
172    options?: SignOptions,
173): string;
174
175/**
176 * Sign the given payload into a JSON Web Token string
177 * payload - Payload to sign, could be an literal, buffer or string
178 * secretOrPrivateKey - Either the secret for HMAC algorithms, or the PEM encoded private key for RSA and ECDSA.
179 * [options] - Options for the signature
180 * callback - Callback to get the encoded token on
181 */
182export function sign(
183    payload: string | Buffer | object,
184    secretOrPrivateKey: Secret,
185    callback: SignCallback,
186): void;
187export function sign(
188    payload: string | Buffer | object,
189    secretOrPrivateKey: Secret,
190    options: SignOptions,
191    callback: SignCallback,
192): void;
193
194/**
195 * Synchronously verify given token using a secret or a public key to get a decoded token
196 * token - JWT string to verify
197 * secretOrPublicKey - Either the secret for HMAC algorithms, or the PEM encoded public key for RSA and ECDSA.
198 * [options] - Options for the verification
199 * returns - The decoded token.
200 */
201export function verify(token: string, secretOrPublicKey: Secret, options: VerifyOptions & { complete: true }): Jwt;
202export function verify(token: string, secretOrPublicKey: Secret, options?: VerifyOptions & { complete?: false }): JwtPayload | string;
203export function verify(token: string, secretOrPublicKey: Secret, options?: VerifyOptions): Jwt | JwtPayload | string;
204
205/**
206 * Asynchronously verify given token using a secret or a public key to get a decoded token
207 * token - JWT string to verify
208 * secretOrPublicKey - A string or buffer containing either the secret for HMAC algorithms,
209 * or the PEM encoded public key for RSA and ECDSA. If jwt.verify is called asynchronous,
210 * secretOrPublicKey can be a function that should fetch the secret or public key
211 * [options] - Options for the verification
212 * callback - Callback to get the decoded token on
213 */
214export function verify(
215    token: string,
216    secretOrPublicKey: Secret | GetPublicKeyOrSecret,
217    callback?: VerifyCallback<JwtPayload | string>,
218): void;
219export function verify(
220    token: string,
221    secretOrPublicKey: Secret | GetPublicKeyOrSecret,
222    options: VerifyOptions & { complete: true },
223    callback?: VerifyCallback<Jwt>,
224): void;
225export function verify(
226    token: string,
227    secretOrPublicKey: Secret | GetPublicKeyOrSecret,
228    options?: VerifyOptions & { complete?: false },
229    callback?: VerifyCallback<JwtPayload | string>,
230): void;
231export function verify(
232    token: string,
233    secretOrPublicKey: Secret | GetPublicKeyOrSecret,
234    options?: VerifyOptions,
235    callback?: VerifyCallback,
236): void;
237
238/**
239 * Returns the decoded payload without verifying if the signature is valid.
240 * token - JWT string to decode
241 * [options] - Options for decoding
242 * returns - The decoded Token
243 */
244export function decode(token: string, options: DecodeOptions & { complete: true }): null | Jwt;
245export function decode(token: string, options: DecodeOptions & { json: true }): null | JwtPayload;
246export function decode(token: string, options?: DecodeOptions): null | JwtPayload | string;

1	`// Type definitions for jsonwebtoken 8.5`
2	`// Project: https://github.com/auth0/node-jsonwebtoken`
3	`// Definitions by: Maxime LUCE <https://github.com/SomaticIT>,`
4	`// Daniel Heim <https://github.com/danielheim>,`
5	`// Brice BERNARD <https://github.com/brikou>,`
6	`// Veli-Pekka Kestilä <https://github.com/vpk>,`
7	`// Daniel Parker <https://github.com/GeneralistDev>,`
8	`// Kjell Dießel <https://github.com/kettil>,`
9	`// Robert Gajda <https://github.com/RunAge>,`
10	`// Nico Flaig <https://github.com/nflaig>,`
11	`// Linus Unnebäck <https://github.com/LinusU>`
12	`// Ivan Sieder <https://github.com/ivansieder>`
13	`// Piotr Błażejewicz <https://github.com/peterblazejewicz>`
14	`// Nandor Kraszlan <https://github.com/nandi95>`
15	`// Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped`
16
17	`/// <reference types="node" />`
18
19	`export class JsonWebTokenError extends Error {`
20	`inner: Error;`
21
22	`constructor(message: string, error?: Error);`
23	`}`
24
25	`export class TokenExpiredError extends JsonWebTokenError {`
26	`expiredAt: Date;`
27
28	`constructor(message: string, expiredAt: Date);`
29	`}`
30
31	`/**`
32	`* Thrown if current time is before the nbf claim.`
33	`*/`
34	`export class NotBeforeError extends JsonWebTokenError {`
35	`date: Date;`
36
37	`constructor(message: string, date: Date);`
38	`}`
39
40	`export interface SignOptions {`
41	`/**`
42	`* Signature algorithm. Could be one of these values :`
43	`* - HS256: HMAC using SHA-256 hash algorithm (default)`
44	`* - HS384: HMAC using SHA-384 hash algorithm`
45	`* - HS512: HMAC using SHA-512 hash algorithm`
46	`* - RS256: RSASSA using SHA-256 hash algorithm`
47	`* - RS384: RSASSA using SHA-384 hash algorithm`
48	`* - RS512: RSASSA using SHA-512 hash algorithm`
49	`* - ES256: ECDSA using P-256 curve and SHA-256 hash algorithm`
50	`* - ES384: ECDSA using P-384 curve and SHA-384 hash algorithm`
51	`* - ES512: ECDSA using P-521 curve and SHA-512 hash algorithm`
52	`* - none: No digital signature or MAC value included`
53	`*/`
54	`algorithm?: Algorithm \| undefined;`
55	`keyid?: string \| undefined;`
56	`/** expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js). Eg: 60, "2 days", "10h", "7d" */`
57	`expiresIn?: string \| number \| undefined;`
58	`/** expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js). Eg: 60, "2 days", "10h", "7d" */`
59	`notBefore?: string \| number \| undefined;`
60	`audience?: string \| string[] \| undefined;`
61	`subject?: string \| undefined;`
62	`issuer?: string \| undefined;`
63	`jwtid?: string \| undefined;`
64	`mutatePayload?: boolean \| undefined;`
65	`noTimestamp?: boolean \| undefined;`
66	`header?: JwtHeader \| undefined;`
67	`encoding?: string \| undefined;`
68	`}`
69
70	`export interface VerifyOptions {`
71	`algorithms?: Algorithm[] \| undefined;`
72	`audience?: string \| RegExp \| Array<string \| RegExp> \| undefined;`
73	`clockTimestamp?: number \| undefined;`
74	`clockTolerance?: number \| undefined;`
75	/** return an object with the decoded `{ payload, header, signature }` instead of only the usual content of the payload. */
76	`complete?: boolean \| undefined;`
77	`issuer?: string \| string[] \| undefined;`
78	`ignoreExpiration?: boolean \| undefined;`
79	`ignoreNotBefore?: boolean \| undefined;`
80	`jwtid?: string \| undefined;`
81	`/**`
82	* If you want to check `nonce` claim, provide a string value here.
83	`* It is used on Open ID for the ID Tokens. ([Open ID implementation notes](https://openid.net/specs/openid-connect-core-1_0.html#NonceNotes))`
84	`*/`
85	`nonce?: string \| undefined;`
86	`subject?: string \| undefined;`
87	`maxAge?: string \| number \| undefined;`
88	`}`
89
90	`export interface DecodeOptions {`
91	`complete?: boolean \| undefined;`
92	`json?: boolean \| undefined;`
93	`}`
94	`export type VerifyErrors =`
95	`\| JsonWebTokenError`
96	`\| NotBeforeError`
97	`\| TokenExpiredError;`
98	`export type VerifyCallback<T = Jwt \| JwtPayload \| string> = (`
99	`err: VerifyErrors \| null,`
100	`decoded: T \| undefined,`
101	`) => void;`
102
103	`export type SignCallback = (`
104	`err: Error \| null, encoded: string \| undefined`
105	`) => void;`
106
107	`// standard names https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1`
108	`export interface JwtHeader {`
109	`alg: string \| Algorithm;`
110	`typ?: string \| undefined;`
111	`cty?: string \| undefined;`
112	`crit?: Array<string \| Exclude<keyof JwtHeader, 'crit'>> \| undefined;`
113	`kid?: string \| undefined;`
114	`jku?: string \| undefined;`
115	`x5u?: string \| string[] \| undefined;`
116	`'x5t#S256'?: string \| undefined;`
117	`x5t?: string \| undefined;`
118	`x5c?: string \| string[] \| undefined;`
119	`}`
120
121	`// standard claims https://datatracker.ietf.org/doc/html/rfc7519#section-4.1`
122	`export interface JwtPayload {`
123	`[key: string]: any;`
124	`iss?: string \| undefined;`
125	`sub?: string \| undefined;`
126	`aud?: string \| string[] \| undefined;`
127	`exp?: number \| undefined;`
128	`nbf?: number \| undefined;`
129	`iat?: number \| undefined;`
130	`jti?: string \| undefined;`
131	`}`
132
133	`export interface Jwt {`
134	`header: JwtHeader;`
135	`payload: JwtPayload \| string;`
136	`signature: string;`
137	`}`
138
139	`// https://github.com/auth0/node-jsonwebtoken#algorithms-supported`
140	`export type Algorithm =`
141	`"HS256" \| "HS384" \| "HS512" \|`
142	`"RS256" \| "RS384" \| "RS512" \|`
143	`"ES256" \| "ES384" \| "ES512" \|`
144	`"PS256" \| "PS384" \| "PS512" \|`
145	`"none";`
146
147	`export type SigningKeyCallback = (`
148	`err: any,`
149	`signingKey?: Secret,`
150	`) => void;`
151
152	`export type GetPublicKeyOrSecret = (`
153	`header: JwtHeader,`
154	`callback: SigningKeyCallback`
155	`) => void;`
156
157	`export type Secret =`
158	`\| string`
159	`\| Buffer`
160	`\| { key: string \| Buffer; passphrase: string };`
161
162	`/**`
163	`* Synchronously sign the given payload into a JSON Web Token string`
164	`* payload - Payload to sign, could be an literal, buffer or string`
165	`* secretOrPrivateKey - Either the secret for HMAC algorithms, or the PEM encoded private key for RSA and ECDSA.`
166	`* [options] - Options for the signature`
167	`* returns - The JSON Web Token string`
168	`*/`
169	`export function sign(`
170	`payload: string \| Buffer \| object,`
171	`secretOrPrivateKey: Secret,`
172	`options?: SignOptions,`
173	`): string;`
174
175	`/**`
176	`* Sign the given payload into a JSON Web Token string`
177	`* payload - Payload to sign, could be an literal, buffer or string`
178	`* secretOrPrivateKey - Either the secret for HMAC algorithms, or the PEM encoded private key for RSA and ECDSA.`
179	`* [options] - Options for the signature`
180	`* callback - Callback to get the encoded token on`
181	`*/`
182	`export function sign(`
183	`payload: string \| Buffer \| object,`
184	`secretOrPrivateKey: Secret,`
185	`callback: SignCallback,`
186	`): void;`
187	`export function sign(`
188	`payload: string \| Buffer \| object,`
189	`secretOrPrivateKey: Secret,`
190	`options: SignOptions,`
191	`callback: SignCallback,`
192	`): void;`
193
194	`/**`
195	`* Synchronously verify given token using a secret or a public key to get a decoded token`
196	`* token - JWT string to verify`
197	`* secretOrPublicKey - Either the secret for HMAC algorithms, or the PEM encoded public key for RSA and ECDSA.`
198	`* [options] - Options for the verification`
199	`* returns - The decoded token.`
200	`*/`
201	`export function verify(token: string, secretOrPublicKey: Secret, options: VerifyOptions & { complete: true }): Jwt;`
202	`export function verify(token: string, secretOrPublicKey: Secret, options?: VerifyOptions & { complete?: false }): JwtPayload \| string;`
203	`export function verify(token: string, secretOrPublicKey: Secret, options?: VerifyOptions): Jwt \| JwtPayload \| string;`
204
205	`/**`
206	`* Asynchronously verify given token using a secret or a public key to get a decoded token`
207	`* token - JWT string to verify`
208	`* secretOrPublicKey - A string or buffer containing either the secret for HMAC algorithms,`
209	`* or the PEM encoded public key for RSA and ECDSA. If jwt.verify is called asynchronous,`
210	`* secretOrPublicKey can be a function that should fetch the secret or public key`
211	`* [options] - Options for the verification`
212	`* callback - Callback to get the decoded token on`
213	`*/`
214	`export function verify(`
215	`token: string,`
216	`secretOrPublicKey: Secret \| GetPublicKeyOrSecret,`
217	`callback?: VerifyCallback<JwtPayload \| string>,`
218	`): void;`
219	`export function verify(`
220	`token: string,`
221	`secretOrPublicKey: Secret \| GetPublicKeyOrSecret,`
222	`options: VerifyOptions & { complete: true },`
223	`callback?: VerifyCallback<Jwt>,`
224	`): void;`
225	`export function verify(`
226	`token: string,`
227	`secretOrPublicKey: Secret \| GetPublicKeyOrSecret,`
228	`options?: VerifyOptions & { complete?: false },`
229	`callback?: VerifyCallback<JwtPayload \| string>,`
230	`): void;`
231	`export function verify(`
232	`token: string,`
233	`secretOrPublicKey: Secret \| GetPublicKeyOrSecret,`
234	`options?: VerifyOptions,`
235	`callback?: VerifyCallback,`
236	`): void;`
237
238	`/**`
239	`* Returns the decoded payload without verifying if the signature is valid.`
240	`* token - JWT string to decode`
241	`* [options] - Options for decoding`
242	`* returns - The decoded Token`
243	`*/`
244	`export function decode(token: string, options: DecodeOptions & { complete: true }): null \| Jwt;`
245	`export function decode(token: string, options: DecodeOptions & { json: true }): null \| JwtPayload;`
246	`export function decode(token: string, options?: DecodeOptions): null \| JwtPayload \| string;`