UNPKG

@types/jsonwebtoken/index.d.ts

Version:

9.13 kBTypeScriptView Raw

1// Type definitions for jsonwebtoken 8.5
2// Project: https://github.com/auth0/node-jsonwebtoken
3// Definitions by: Maxime LUCE <https://github.com/SomaticIT>,
4//                 Daniel Heim <https://github.com/danielheim>,
5//                 Brice BERNARD <https://github.com/brikou>,
6//                 Veli-Pekka Kestilä <https://github.com/vpk>,
7//                 Daniel Parker <https://github.com/GeneralistDev>,
8//                 Kjell Dießel <https://github.com/kettil>,
9//                 Robert Gajda <https://github.com/RunAge>,
10//                 Nico Flaig <https://github.com/nflaig>,
11//                 Linus Unnebäck <https://github.com/LinusU>
12//                 Ivan Sieder <https://github.com/ivansieder>
13//                 Piotr Błażejewicz <https://github.com/peterblazejewicz>
14//                 Nandor Kraszlan <https://github.com/nandi95>
15// Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped
16
17/// <reference types="node" />
18
19export class JsonWebTokenError extends Error {
20    inner: Error;
21
22    constructor(message: string, error?: Error);
23}
24
25export class TokenExpiredError extends JsonWebTokenError {
26    expiredAt: Date;
27
28    constructor(message: string, expiredAt: Date);
29}
30
31/**
32 * Thrown if current time is before the nbf claim.
33 */
34export class NotBeforeError extends JsonWebTokenError {
35    date: Date;
36
37    constructor(message: string, date: Date);
38}
39
40export interface SignOptions {
41    /**
42     * Signature algorithm. Could be one of these values :
43     * - HS256:    HMAC using SHA-256 hash algorithm (default)
44     * - HS384:    HMAC using SHA-384 hash algorithm
45     * - HS512:    HMAC using SHA-512 hash algorithm
46     * - RS256:    RSASSA using SHA-256 hash algorithm
47     * - RS384:    RSASSA using SHA-384 hash algorithm
48     * - RS512:    RSASSA using SHA-512 hash algorithm
49     * - ES256:    ECDSA using P-256 curve and SHA-256 hash algorithm
50     * - ES384:    ECDSA using P-384 curve and SHA-384 hash algorithm
51     * - ES512:    ECDSA using P-521 curve and SHA-512 hash algorithm
52     * - none:     No digital signature or MAC value included
53     */
54    algorithm?: Algorithm | undefined;
55    keyid?: string | undefined;
56    /** expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js).  Eg: 60, "2 days", "10h", "7d" */
57    expiresIn?: string | number | undefined;
58    /** expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js).  Eg: 60, "2 days", "10h", "7d" */
59    notBefore?: string | number | undefined;
60    audience?: string | string[] | undefined;
61    subject?: string | undefined;
62    issuer?: string | undefined;
63    jwtid?: string | undefined;
64    mutatePayload?: boolean | undefined;
65    noTimestamp?: boolean | undefined;
66    header?: JwtHeader | undefined;
67    encoding?: string | undefined;
68}
69
70export interface VerifyOptions {
71    algorithms?: Algorithm[] | undefined;
72    audience?: string | RegExp | Array<string | RegExp> | undefined;
73    clockTimestamp?: number | undefined;
74    clockTolerance?: number | undefined;
75    /** return an object with the decoded `{ payload, header, signature }` instead of only the usual content of the payload. */
76    complete?: boolean | undefined;
77    issuer?: string | string[] | undefined;
78    ignoreExpiration?: boolean | undefined;
79    ignoreNotBefore?: boolean | undefined;
80    jwtid?: string | undefined;
81    /**
82     * If you want to check `nonce` claim, provide a string value here.
83     * It is used on Open ID for the ID Tokens. ([Open ID implementation notes](https://openid.net/specs/openid-connect-core-1_0.html#NonceNotes))
84     */
85    nonce?: string | undefined;
86    subject?: string | undefined;
87    maxAge?: string | number | undefined;
88}
89
90export interface DecodeOptions {
91    complete?: boolean | undefined;
92    json?: boolean | undefined;
93}
94export type VerifyErrors =
95    | JsonWebTokenError
96    | NotBeforeError
97    | TokenExpiredError;
98export type VerifyCallback<T = Jwt | JwtPayload | string> = (
99    error: VerifyErrors | null,
100    decoded: T | undefined,
101) => void;
102
103export type SignCallback = (
104    error: Error | null,
105    encoded: string | undefined,
106) => void;
107
108// standard names https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1
109export interface JwtHeader {
110    alg: string | Algorithm;
111    typ?: string | undefined;
112    cty?: string | undefined;
113    crit?: Array<string | Exclude<keyof JwtHeader, 'crit'>> | undefined;
114    kid?: string | undefined;
115    jku?: string | undefined;
116    x5u?: string | string[] | undefined;
117    'x5t#S256'?: string | undefined;
118    x5t?: string | undefined;
119    x5c?: string | string[] | undefined;
120}
121
122// standard claims https://datatracker.ietf.org/doc/html/rfc7519#section-4.1
123export interface JwtPayload {
124    [key: string]: any;
125    iss?: string | undefined;
126    sub?: string | undefined;
127    aud?: string | string[] | undefined;
128    exp?: number | undefined;
129    nbf?: number | undefined;
130    iat?: number | undefined;
131    jti?: string | undefined;
132}
133
134export interface Jwt {
135    header: JwtHeader;
136    payload: JwtPayload | string;
137    signature: string;
138}
139
140// https://github.com/auth0/node-jsonwebtoken#algorithms-supported
141export type Algorithm =
142    "HS256" | "HS384" | "HS512" |
143    "RS256" | "RS384" | "RS512" |
144    "ES256" | "ES384" | "ES512" |
145    "PS256" | "PS384" | "PS512" |
146    "none";
147
148export type SigningKeyCallback = (
149    error: Error | null,
150    signingKey?: Secret
151) => void;
152
153export type GetPublicKeyOrSecret = (
154    header: JwtHeader,
155    callback: SigningKeyCallback
156) => void;
157
158export type Secret =
159    | string
160    | Buffer
161    | { key: string | Buffer; passphrase: string };
162
163/**
164 * Synchronously sign the given payload into a JSON Web Token string
165 * payload - Payload to sign, could be an literal, buffer or string
166 * secretOrPrivateKey - Either the secret for HMAC algorithms, or the PEM encoded private key for RSA and ECDSA.
167 * [options] - Options for the signature
168 * returns - The JSON Web Token string
169 */
170export function sign(
171    payload: string | Buffer | object,
172    secretOrPrivateKey: Secret,
173    options?: SignOptions,
174): string;
175
176/**
177 * Sign the given payload into a JSON Web Token string
178 * payload - Payload to sign, could be an literal, buffer or string
179 * secretOrPrivateKey - Either the secret for HMAC algorithms, or the PEM encoded private key for RSA and ECDSA.
180 * [options] - Options for the signature
181 * callback - Callback to get the encoded token on
182 */
183export function sign(
184    payload: string | Buffer | object,
185    secretOrPrivateKey: Secret,
186    callback: SignCallback,
187): void;
188export function sign(
189    payload: string | Buffer | object,
190    secretOrPrivateKey: Secret,
191    options: SignOptions,
192    callback: SignCallback,
193): void;
194
195/**
196 * Synchronously verify given token using a secret or a public key to get a decoded token
197 * token - JWT string to verify
198 * secretOrPublicKey - Either the secret for HMAC algorithms, or the PEM encoded public key for RSA and ECDSA.
199 * [options] - Options for the verification
200 * returns - The decoded token.
201 */
202export function verify(token: string, secretOrPublicKey: Secret, options: VerifyOptions & { complete: true }): Jwt;
203export function verify(token: string, secretOrPublicKey: Secret, options?: VerifyOptions & { complete?: false }): JwtPayload | string;
204export function verify(token: string, secretOrPublicKey: Secret, options?: VerifyOptions): Jwt | JwtPayload | string;
205
206/**
207 * Asynchronously verify given token using a secret or a public key to get a decoded token
208 * token - JWT string to verify
209 * secretOrPublicKey - A string or buffer containing either the secret for HMAC algorithms,
210 * or the PEM encoded public key for RSA and ECDSA. If jwt.verify is called asynchronous,
211 * secretOrPublicKey can be a function that should fetch the secret or public key
212 * [options] - Options for the verification
213 * callback - Callback to get the decoded token on
214 */
215export function verify(
216    token: string,
217    secretOrPublicKey: Secret | GetPublicKeyOrSecret,
218    callback?: VerifyCallback<JwtPayload | string>,
219): void;
220export function verify(
221    token: string,
222    secretOrPublicKey: Secret | GetPublicKeyOrSecret,
223    options: VerifyOptions & { complete: true },
224    callback?: VerifyCallback<Jwt>,
225): void;
226export function verify(
227    token: string,
228    secretOrPublicKey: Secret | GetPublicKeyOrSecret,
229    options?: VerifyOptions & { complete?: false },
230    callback?: VerifyCallback<JwtPayload | string>,
231): void;
232export function verify(
233    token: string,
234    secretOrPublicKey: Secret | GetPublicKeyOrSecret,
235    options?: VerifyOptions,
236    callback?: VerifyCallback,
237): void;
238
239/**
240 * Returns the decoded payload without verifying if the signature is valid.
241 * token - JWT string to decode
242 * [options] - Options for decoding
243 * returns - The decoded Token
244 */
245export function decode(token: string, options: DecodeOptions & { complete: true }): null | Jwt;
246export function decode(token: string, options: DecodeOptions & { json: true }): null | JwtPayload;
247export function decode(token: string, options?: DecodeOptions): null | JwtPayload | string;

1	`// Type definitions for jsonwebtoken 8.5`
2	`// Project: https://github.com/auth0/node-jsonwebtoken`
3	`// Definitions by: Maxime LUCE <https://github.com/SomaticIT>,`
4	`// Daniel Heim <https://github.com/danielheim>,`
5	`// Brice BERNARD <https://github.com/brikou>,`
6	`// Veli-Pekka Kestilä <https://github.com/vpk>,`
7	`// Daniel Parker <https://github.com/GeneralistDev>,`
8	`// Kjell Dießel <https://github.com/kettil>,`
9	`// Robert Gajda <https://github.com/RunAge>,`
10	`// Nico Flaig <https://github.com/nflaig>,`
11	`// Linus Unnebäck <https://github.com/LinusU>`
12	`// Ivan Sieder <https://github.com/ivansieder>`
13	`// Piotr Błażejewicz <https://github.com/peterblazejewicz>`
14	`// Nandor Kraszlan <https://github.com/nandi95>`
15	`// Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped`
16
17	`/// <reference types="node" />`
18
19	`export class JsonWebTokenError extends Error {`
20	`inner: Error;`
21
22	`constructor(message: string, error?: Error);`
23	`}`
24
25	`export class TokenExpiredError extends JsonWebTokenError {`
26	`expiredAt: Date;`
27
28	`constructor(message: string, expiredAt: Date);`
29	`}`
30
31	`/**`
32	`* Thrown if current time is before the nbf claim.`
33	`*/`
34	`export class NotBeforeError extends JsonWebTokenError {`
35	`date: Date;`
36
37	`constructor(message: string, date: Date);`
38	`}`
39
40	`export interface SignOptions {`
41	`/**`
42	`* Signature algorithm. Could be one of these values :`
43	`* - HS256: HMAC using SHA-256 hash algorithm (default)`
44	`* - HS384: HMAC using SHA-384 hash algorithm`
45	`* - HS512: HMAC using SHA-512 hash algorithm`
46	`* - RS256: RSASSA using SHA-256 hash algorithm`
47	`* - RS384: RSASSA using SHA-384 hash algorithm`
48	`* - RS512: RSASSA using SHA-512 hash algorithm`
49	`* - ES256: ECDSA using P-256 curve and SHA-256 hash algorithm`
50	`* - ES384: ECDSA using P-384 curve and SHA-384 hash algorithm`
51	`* - ES512: ECDSA using P-521 curve and SHA-512 hash algorithm`
52	`* - none: No digital signature or MAC value included`
53	`*/`
54	`algorithm?: Algorithm \| undefined;`
55	`keyid?: string \| undefined;`
56	`/** expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js). Eg: 60, "2 days", "10h", "7d" */`
57	`expiresIn?: string \| number \| undefined;`
58	`/** expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js). Eg: 60, "2 days", "10h", "7d" */`
59	`notBefore?: string \| number \| undefined;`
60	`audience?: string \| string[] \| undefined;`
61	`subject?: string \| undefined;`
62	`issuer?: string \| undefined;`
63	`jwtid?: string \| undefined;`
64	`mutatePayload?: boolean \| undefined;`
65	`noTimestamp?: boolean \| undefined;`
66	`header?: JwtHeader \| undefined;`
67	`encoding?: string \| undefined;`
68	`}`
69
70	`export interface VerifyOptions {`
71	`algorithms?: Algorithm[] \| undefined;`
72	`audience?: string \| RegExp \| Array<string \| RegExp> \| undefined;`
73	`clockTimestamp?: number \| undefined;`
74	`clockTolerance?: number \| undefined;`
75	/** return an object with the decoded `{ payload, header, signature }` instead of only the usual content of the payload. */
76	`complete?: boolean \| undefined;`
77	`issuer?: string \| string[] \| undefined;`
78	`ignoreExpiration?: boolean \| undefined;`
79	`ignoreNotBefore?: boolean \| undefined;`
80	`jwtid?: string \| undefined;`
81	`/**`
82	* If you want to check `nonce` claim, provide a string value here.
83	`* It is used on Open ID for the ID Tokens. ([Open ID implementation notes](https://openid.net/specs/openid-connect-core-1_0.html#NonceNotes))`
84	`*/`
85	`nonce?: string \| undefined;`
86	`subject?: string \| undefined;`
87	`maxAge?: string \| number \| undefined;`
88	`}`
89
90	`export interface DecodeOptions {`
91	`complete?: boolean \| undefined;`
92	`json?: boolean \| undefined;`
93	`}`
94	`export type VerifyErrors =`
95	`\| JsonWebTokenError`
96	`\| NotBeforeError`
97	`\| TokenExpiredError;`
98	`export type VerifyCallback<T = Jwt \| JwtPayload \| string> = (`
99	`error: VerifyErrors \| null,`
100	`decoded: T \| undefined,`
101	`) => void;`
102
103	`export type SignCallback = (`
104	`error: Error \| null,`
105	`encoded: string \| undefined,`
106	`) => void;`
107
108	`// standard names https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1`
109	`export interface JwtHeader {`
110	`alg: string \| Algorithm;`
111	`typ?: string \| undefined;`
112	`cty?: string \| undefined;`
113	`crit?: Array<string \| Exclude<keyof JwtHeader, 'crit'>> \| undefined;`
114	`kid?: string \| undefined;`
115	`jku?: string \| undefined;`
116	`x5u?: string \| string[] \| undefined;`
117	`'x5t#S256'?: string \| undefined;`
118	`x5t?: string \| undefined;`
119	`x5c?: string \| string[] \| undefined;`
120	`}`
121
122	`// standard claims https://datatracker.ietf.org/doc/html/rfc7519#section-4.1`
123	`export interface JwtPayload {`
124	`[key: string]: any;`
125	`iss?: string \| undefined;`
126	`sub?: string \| undefined;`
127	`aud?: string \| string[] \| undefined;`
128	`exp?: number \| undefined;`
129	`nbf?: number \| undefined;`
130	`iat?: number \| undefined;`
131	`jti?: string \| undefined;`
132	`}`
133
134	`export interface Jwt {`
135	`header: JwtHeader;`
136	`payload: JwtPayload \| string;`
137	`signature: string;`
138	`}`
139
140	`// https://github.com/auth0/node-jsonwebtoken#algorithms-supported`
141	`export type Algorithm =`
142	`"HS256" \| "HS384" \| "HS512" \|`
143	`"RS256" \| "RS384" \| "RS512" \|`
144	`"ES256" \| "ES384" \| "ES512" \|`
145	`"PS256" \| "PS384" \| "PS512" \|`
146	`"none";`
147
148	`export type SigningKeyCallback = (`
149	`error: Error \| null,`
150	`signingKey?: Secret`
151	`) => void;`
152
153	`export type GetPublicKeyOrSecret = (`
154	`header: JwtHeader,`
155	`callback: SigningKeyCallback`
156	`) => void;`
157
158	`export type Secret =`
159	`\| string`
160	`\| Buffer`
161	`\| { key: string \| Buffer; passphrase: string };`
162
163	`/**`
164	`* Synchronously sign the given payload into a JSON Web Token string`
165	`* payload - Payload to sign, could be an literal, buffer or string`
166	`* secretOrPrivateKey - Either the secret for HMAC algorithms, or the PEM encoded private key for RSA and ECDSA.`
167	`* [options] - Options for the signature`
168	`* returns - The JSON Web Token string`
169	`*/`
170	`export function sign(`
171	`payload: string \| Buffer \| object,`
172	`secretOrPrivateKey: Secret,`
173	`options?: SignOptions,`
174	`): string;`
175
176	`/**`
177	`* Sign the given payload into a JSON Web Token string`
178	`* payload - Payload to sign, could be an literal, buffer or string`
179	`* secretOrPrivateKey - Either the secret for HMAC algorithms, or the PEM encoded private key for RSA and ECDSA.`
180	`* [options] - Options for the signature`
181	`* callback - Callback to get the encoded token on`
182	`*/`
183	`export function sign(`
184	`payload: string \| Buffer \| object,`
185	`secretOrPrivateKey: Secret,`
186	`callback: SignCallback,`
187	`): void;`
188	`export function sign(`
189	`payload: string \| Buffer \| object,`
190	`secretOrPrivateKey: Secret,`
191	`options: SignOptions,`
192	`callback: SignCallback,`
193	`): void;`
194
195	`/**`
196	`* Synchronously verify given token using a secret or a public key to get a decoded token`
197	`* token - JWT string to verify`
198	`* secretOrPublicKey - Either the secret for HMAC algorithms, or the PEM encoded public key for RSA and ECDSA.`
199	`* [options] - Options for the verification`
200	`* returns - The decoded token.`
201	`*/`
202	`export function verify(token: string, secretOrPublicKey: Secret, options: VerifyOptions & { complete: true }): Jwt;`
203	`export function verify(token: string, secretOrPublicKey: Secret, options?: VerifyOptions & { complete?: false }): JwtPayload \| string;`
204	`export function verify(token: string, secretOrPublicKey: Secret, options?: VerifyOptions): Jwt \| JwtPayload \| string;`
205
206	`/**`
207	`* Asynchronously verify given token using a secret or a public key to get a decoded token`
208	`* token - JWT string to verify`
209	`* secretOrPublicKey - A string or buffer containing either the secret for HMAC algorithms,`
210	`* or the PEM encoded public key for RSA and ECDSA. If jwt.verify is called asynchronous,`
211	`* secretOrPublicKey can be a function that should fetch the secret or public key`
212	`* [options] - Options for the verification`
213	`* callback - Callback to get the decoded token on`
214	`*/`
215	`export function verify(`
216	`token: string,`
217	`secretOrPublicKey: Secret \| GetPublicKeyOrSecret,`
218	`callback?: VerifyCallback<JwtPayload \| string>,`
219	`): void;`
220	`export function verify(`
221	`token: string,`
222	`secretOrPublicKey: Secret \| GetPublicKeyOrSecret,`
223	`options: VerifyOptions & { complete: true },`
224	`callback?: VerifyCallback<Jwt>,`
225	`): void;`
226	`export function verify(`
227	`token: string,`
228	`secretOrPublicKey: Secret \| GetPublicKeyOrSecret,`
229	`options?: VerifyOptions & { complete?: false },`
230	`callback?: VerifyCallback<JwtPayload \| string>,`
231	`): void;`
232	`export function verify(`
233	`token: string,`
234	`secretOrPublicKey: Secret \| GetPublicKeyOrSecret,`
235	`options?: VerifyOptions,`
236	`callback?: VerifyCallback,`
237	`): void;`
238
239	`/**`
240	`* Returns the decoded payload without verifying if the signature is valid.`
241	`* token - JWT string to decode`
242	`* [options] - Options for decoding`
243	`* returns - The decoded Token`
244	`*/`
245	`export function decode(token: string, options: DecodeOptions & { complete: true }): null \| Jwt;`
246	`export function decode(token: string, options: DecodeOptions & { json: true }): null \| JwtPayload;`
247	`export function decode(token: string, options?: DecodeOptions): null \| JwtPayload \| string;`