1 |
|
2 |
|
3 |
|
4 |
|
5 |
|
6 |
|
7 |
|
8 |
|
9 |
|
10 |
|
11 |
|
12 |
|
13 |
|
14 |
|
15 |
|
16 |
|
17 |
|
18 |
|
19 | import { KeyObject } from 'crypto';
|
20 |
|
21 | export class JsonWebTokenError extends Error {
|
22 | inner: Error;
|
23 |
|
24 | constructor(message: string, error?: Error);
|
25 | }
|
26 |
|
27 | export class TokenExpiredError extends JsonWebTokenError {
|
28 | expiredAt: Date;
|
29 |
|
30 | constructor(message: string, expiredAt: Date);
|
31 | }
|
32 |
|
33 | /**
|
34 | * Thrown if current time is before the nbf claim.
|
35 | */
|
36 | export class NotBeforeError extends JsonWebTokenError {
|
37 | date: Date;
|
38 |
|
39 | constructor(message: string, date: Date);
|
40 | }
|
41 |
|
42 | export interface SignOptions {
|
43 | |
44 |
|
45 |
|
46 |
|
47 |
|
48 |
|
49 |
|
50 |
|
51 |
|
52 |
|
53 |
|
54 |
|
55 |
|
56 | algorithm?: Algorithm | undefined;
|
57 | keyid?: string | undefined;
|
58 |
|
59 | expiresIn?: string | number | undefined;
|
60 |
|
61 | notBefore?: string | number | undefined;
|
62 | audience?: string | string[] | undefined;
|
63 | subject?: string | undefined;
|
64 | issuer?: string | undefined;
|
65 | jwtid?: string | undefined;
|
66 | mutatePayload?: boolean | undefined;
|
67 | noTimestamp?: boolean | undefined;
|
68 | header?: JwtHeader | undefined;
|
69 | encoding?: string | undefined;
|
70 | allowInsecureKeySizes?: boolean | undefined;
|
71 | allowInvalidAsymmetricKeyTypes?: boolean | undefined;
|
72 | }
|
73 |
|
74 | export interface VerifyOptions {
|
75 | algorithms?: Algorithm[] | undefined;
|
76 | audience?: string | RegExp | Array<string | RegExp> | undefined;
|
77 | clockTimestamp?: number | undefined;
|
78 | clockTolerance?: number | undefined;
|
79 |
|
80 | complete?: boolean | undefined;
|
81 | issuer?: string | string[] | undefined;
|
82 | ignoreExpiration?: boolean | undefined;
|
83 | ignoreNotBefore?: boolean | undefined;
|
84 | jwtid?: string | undefined;
|
85 | |
86 |
|
87 |
|
88 |
|
89 | nonce?: string | undefined;
|
90 | subject?: string | undefined;
|
91 | maxAge?: string | number | undefined;
|
92 | allowInvalidAsymmetricKeyTypes?: boolean | undefined;
|
93 | }
|
94 |
|
95 | export interface DecodeOptions {
|
96 | complete?: boolean | undefined;
|
97 | json?: boolean | undefined;
|
98 | }
|
99 | export type VerifyErrors =
|
100 | | JsonWebTokenError
|
101 | | NotBeforeError
|
102 | | TokenExpiredError;
|
103 | export type VerifyCallback<T = Jwt | JwtPayload | string> = (
|
104 | error: VerifyErrors | null,
|
105 | decoded: T | undefined,
|
106 | ) => void;
|
107 |
|
108 | export type SignCallback = (
|
109 | error: Error | null,
|
110 | encoded: string | undefined,
|
111 | ) => void;
|
112 |
|
113 |
|
114 | export interface JwtHeader {
|
115 | alg: string | Algorithm;
|
116 | typ?: string | undefined;
|
117 | cty?: string | undefined;
|
118 | crit?: Array<string | Exclude<keyof JwtHeader, 'crit'>> | undefined;
|
119 | kid?: string | undefined;
|
120 | jku?: string | undefined;
|
121 | x5u?: string | string[] | undefined;
|
122 | 'x5t#S256'?: string | undefined;
|
123 | x5t?: string | undefined;
|
124 | x5c?: string | string[] | undefined;
|
125 | }
|
126 |
|
127 |
|
128 | export interface JwtPayload {
|
129 | [key: string]: any;
|
130 | iss?: string | undefined;
|
131 | sub?: string | undefined;
|
132 | aud?: string | string[] | undefined;
|
133 | exp?: number | undefined;
|
134 | nbf?: number | undefined;
|
135 | iat?: number | undefined;
|
136 | jti?: string | undefined;
|
137 | }
|
138 |
|
139 | export interface Jwt {
|
140 | header: JwtHeader;
|
141 | payload: JwtPayload | string;
|
142 | signature: string;
|
143 | }
|
144 |
|
145 |
|
146 | export type Algorithm =
|
147 | "HS256" | "HS384" | "HS512" |
|
148 | "RS256" | "RS384" | "RS512" |
|
149 | "ES256" | "ES384" | "ES512" |
|
150 | "PS256" | "PS384" | "PS512" |
|
151 | "none";
|
152 |
|
153 | export type SigningKeyCallback = (
|
154 | error: Error | null,
|
155 | signingKey?: Secret
|
156 | ) => void;
|
157 |
|
158 | export type GetPublicKeyOrSecret = (
|
159 | header: JwtHeader,
|
160 | callback: SigningKeyCallback
|
161 | ) => void;
|
162 |
|
163 | export type Secret =
|
164 | | string
|
165 | | Buffer
|
166 | | KeyObject
|
167 | | { key: string | Buffer; passphrase: string };
|
168 |
|
169 |
|
170 |
|
171 |
|
172 |
|
173 |
|
174 |
|
175 |
|
176 | export function sign(
|
177 | payload: string | Buffer | object,
|
178 | secretOrPrivateKey: Secret,
|
179 | options?: SignOptions,
|
180 | ): string;
|
181 | export function sign(
|
182 | payload: string | Buffer | object,
|
183 | secretOrPrivateKey: null,
|
184 | options?: SignOptions & { algorithm: "none" },
|
185 | ): string;
|
186 |
|
187 |
|
188 |
|
189 |
|
190 |
|
191 |
|
192 |
|
193 |
|
194 | export function sign(
|
195 | payload: string | Buffer | object,
|
196 | secretOrPrivateKey: Secret,
|
197 | callback: SignCallback,
|
198 | ): void;
|
199 | export function sign(
|
200 | payload: string | Buffer | object,
|
201 | secretOrPrivateKey: Secret,
|
202 | options: SignOptions,
|
203 | callback: SignCallback,
|
204 | ): void;
|
205 | export function sign(
|
206 | payload: string | Buffer | object,
|
207 | secretOrPrivateKey: null,
|
208 | options: SignOptions & { algorithm: "none" },
|
209 | callback: SignCallback,
|
210 | ): void;
|
211 |
|
212 |
|
213 |
|
214 |
|
215 |
|
216 |
|
217 |
|
218 |
|
219 | export function verify(token: string, secretOrPublicKey: Secret, options: VerifyOptions & { complete: true }): Jwt;
|
220 | export function verify(token: string, secretOrPublicKey: Secret, options?: VerifyOptions & { complete?: false }): JwtPayload | string;
|
221 | export function verify(token: string, secretOrPublicKey: Secret, options?: VerifyOptions): Jwt | JwtPayload | string;
|
222 |
|
223 |
|
224 |
|
225 |
|
226 |
|
227 |
|
228 |
|
229 |
|
230 |
|
231 |
|
232 | export function verify(
|
233 | token: string,
|
234 | secretOrPublicKey: Secret | GetPublicKeyOrSecret,
|
235 | callback?: VerifyCallback<JwtPayload | string>,
|
236 | ): void;
|
237 | export function verify(
|
238 | token: string,
|
239 | secretOrPublicKey: Secret | GetPublicKeyOrSecret,
|
240 | options: VerifyOptions & { complete: true },
|
241 | callback?: VerifyCallback<Jwt>,
|
242 | ): void;
|
243 | export function verify(
|
244 | token: string,
|
245 | secretOrPublicKey: Secret | GetPublicKeyOrSecret,
|
246 | options?: VerifyOptions & { complete?: false },
|
247 | callback?: VerifyCallback<JwtPayload | string>,
|
248 | ): void;
|
249 | export function verify(
|
250 | token: string,
|
251 | secretOrPublicKey: Secret | GetPublicKeyOrSecret,
|
252 | options?: VerifyOptions,
|
253 | callback?: VerifyCallback,
|
254 | ): void;
|
255 |
|
256 |
|
257 |
|
258 |
|
259 |
|
260 |
|
261 |
|
262 | export function decode(token: string, options: DecodeOptions & { complete: true }): null | Jwt;
|
263 | export function decode(token: string, options: DecodeOptions & { json: true }): null | JwtPayload;
|
264 | export function decode(token: string, options?: DecodeOptions): null | JwtPayload | string;
|