UNPKG

@types/jsonwebtoken/index.d.ts

Version:

8.78 kBTypeScriptView Raw

1/// <reference types="node" />
2
3import { KeyObject } from "crypto";
4
5export class JsonWebTokenError extends Error {
6    inner: Error;
7
8    constructor(message: string, error?: Error);
9}
10
11export class TokenExpiredError extends JsonWebTokenError {
12    expiredAt: Date;
13
14    constructor(message: string, expiredAt: Date);
15}
16
17/**
18 * Thrown if current time is before the nbf claim.
19 */
20export class NotBeforeError extends JsonWebTokenError {
21    date: Date;
22
23    constructor(message: string, date: Date);
24}
25
26export interface SignOptions {
27    /**
28     * Signature algorithm. Could be one of these values :
29     * - HS256:    HMAC using SHA-256 hash algorithm (default)
30     * - HS384:    HMAC using SHA-384 hash algorithm
31     * - HS512:    HMAC using SHA-512 hash algorithm
32     * - RS256:    RSASSA using SHA-256 hash algorithm
33     * - RS384:    RSASSA using SHA-384 hash algorithm
34     * - RS512:    RSASSA using SHA-512 hash algorithm
35     * - ES256:    ECDSA using P-256 curve and SHA-256 hash algorithm
36     * - ES384:    ECDSA using P-384 curve and SHA-384 hash algorithm
37     * - ES512:    ECDSA using P-521 curve and SHA-512 hash algorithm
38     * - none:     No digital signature or MAC value included
39     */
40    algorithm?: Algorithm | undefined;
41    keyid?: string | undefined;
42    /** expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js).  Eg: 60, "2 days", "10h", "7d" */
43    expiresIn?: string | number;
44    /** expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js).  Eg: 60, "2 days", "10h", "7d" */
45    notBefore?: string | number | undefined;
46    audience?: string | string[] | undefined;
47    subject?: string | undefined;
48    issuer?: string | undefined;
49    jwtid?: string | undefined;
50    mutatePayload?: boolean | undefined;
51    noTimestamp?: boolean | undefined;
52    header?: JwtHeader | undefined;
53    encoding?: string | undefined;
54    allowInsecureKeySizes?: boolean | undefined;
55    allowInvalidAsymmetricKeyTypes?: boolean | undefined;
56}
57
58export interface VerifyOptions {
59    algorithms?: Algorithm[] | undefined;
60    audience?: string | RegExp | Array<string | RegExp> | undefined;
61    clockTimestamp?: number | undefined;
62    clockTolerance?: number | undefined;
63    /** return an object with the decoded `{ payload, header, signature }` instead of only the usual content of the payload. */
64    complete?: boolean | undefined;
65    issuer?: string | string[] | undefined;
66    ignoreExpiration?: boolean | undefined;
67    ignoreNotBefore?: boolean | undefined;
68    jwtid?: string | undefined;
69    /**
70     * If you want to check `nonce` claim, provide a string value here.
71     * It is used on Open ID for the ID Tokens. ([Open ID implementation notes](https://openid.net/specs/openid-connect-core-1_0.html#NonceNotes))
72     */
73    nonce?: string | undefined;
74    subject?: string | undefined;
75    maxAge?: string | number | undefined;
76    allowInvalidAsymmetricKeyTypes?: boolean | undefined;
77}
78
79export interface DecodeOptions {
80    complete?: boolean | undefined;
81    json?: boolean | undefined;
82}
83export type VerifyErrors =
84    | JsonWebTokenError
85    | NotBeforeError
86    | TokenExpiredError;
87export type VerifyCallback<T = Jwt | JwtPayload | string> = (
88    error: VerifyErrors | null,
89    decoded: T | undefined,
90) => void;
91
92export type SignCallback = (
93    error: Error | null,
94    encoded: string | undefined,
95) => void;
96
97// standard names https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1
98export interface JwtHeader {
99    alg: string | Algorithm;
100    typ?: string | undefined;
101    cty?: string | undefined;
102    crit?: Array<string | Exclude<keyof JwtHeader, "crit">> | undefined;
103    kid?: string | undefined;
104    jku?: string | undefined;
105    x5u?: string | string[] | undefined;
106    "x5t#S256"?: string | undefined;
107    x5t?: string | undefined;
108    x5c?: string | string[] | undefined;
109}
110
111// standard claims https://datatracker.ietf.org/doc/html/rfc7519#section-4.1
112export interface JwtPayload {
113    [key: string]: any;
114    iss?: string | undefined;
115    sub?: string | undefined;
116    aud?: string | string[] | undefined;
117    exp?: number | undefined;
118    nbf?: number | undefined;
119    iat?: number | undefined;
120    jti?: string | undefined;
121}
122
123export interface Jwt {
124    header: JwtHeader;
125    payload: JwtPayload | string;
126    signature: string;
127}
128
129// https://github.com/auth0/node-jsonwebtoken#algorithms-supported
130export type Algorithm =
131    | "HS256"
132    | "HS384"
133    | "HS512"
134    | "RS256"
135    | "RS384"
136    | "RS512"
137    | "ES256"
138    | "ES384"
139    | "ES512"
140    | "PS256"
141    | "PS384"
142    | "PS512"
143    | "none";
144
145export type SigningKeyCallback = (
146    error: Error | null,
147    signingKey?: Secret,
148) => void;
149
150export type GetPublicKeyOrSecret = (
151    header: JwtHeader,
152    callback: SigningKeyCallback,
153) => void;
154
155export type Secret =
156    | string
157    | Buffer
158    | KeyObject
159    | { key: string | Buffer; passphrase: string };
160
161/**
162 * Synchronously sign the given payload into a JSON Web Token string
163 * payload - Payload to sign, could be an literal, buffer or string
164 * secretOrPrivateKey - Either the secret for HMAC algorithms, or the PEM encoded private key for RSA and ECDSA.
165 * [options] - Options for the signature
166 * returns - The JSON Web Token string
167 */
168export function sign(
169    payload: string | Buffer | object,
170    secretOrPrivateKey: Secret,
171    options?: SignOptions,
172): string;
173export function sign(
174    payload: string | Buffer | object,
175    secretOrPrivateKey: null,
176    options?: SignOptions & { algorithm: "none" },
177): string;
178
179/**
180 * Sign the given payload into a JSON Web Token string
181 * payload - Payload to sign, could be an literal, buffer or string
182 * secretOrPrivateKey - Either the secret for HMAC algorithms, or the PEM encoded private key for RSA and ECDSA.
183 * [options] - Options for the signature
184 * callback - Callback to get the encoded token on
185 */
186export function sign(
187    payload: string | Buffer | object,
188    secretOrPrivateKey: Secret,
189    callback: SignCallback,
190): void;
191export function sign(
192    payload: string | Buffer | object,
193    secretOrPrivateKey: Secret,
194    options: SignOptions,
195    callback: SignCallback,
196): void;
197export function sign(
198    payload: string | Buffer | object,
199    secretOrPrivateKey: null,
200    options: SignOptions & { algorithm: "none" },
201    callback: SignCallback,
202): void;
203
204/**
205 * Synchronously verify given token using a secret or a public key to get a decoded token
206 * token - JWT string to verify
207 * secretOrPublicKey - Either the secret for HMAC algorithms, or the PEM encoded public key for RSA and ECDSA.
208 * [options] - Options for the verification
209 * returns - The decoded token.
210 */
211export function verify(token: string, secretOrPublicKey: Secret, options: VerifyOptions & { complete: true }): Jwt;
212export function verify(
213    token: string,
214    secretOrPublicKey: Secret,
215    options?: VerifyOptions & { complete?: false },
216): JwtPayload | string;
217export function verify(token: string, secretOrPublicKey: Secret, options?: VerifyOptions): Jwt | JwtPayload | string;
218
219/**
220 * Asynchronously verify given token using a secret or a public key to get a decoded token
221 * token - JWT string to verify
222 * secretOrPublicKey - A string or buffer containing either the secret for HMAC algorithms,
223 * or the PEM encoded public key for RSA and ECDSA. If jwt.verify is called asynchronous,
224 * secretOrPublicKey can be a function that should fetch the secret or public key
225 * [options] - Options for the verification
226 * callback - Callback to get the decoded token on
227 */
228export function verify(
229    token: string,
230    secretOrPublicKey: Secret | GetPublicKeyOrSecret,
231    callback?: VerifyCallback<JwtPayload | string>,
232): void;
233export function verify(
234    token: string,
235    secretOrPublicKey: Secret | GetPublicKeyOrSecret,
236    options: VerifyOptions & { complete: true },
237    callback?: VerifyCallback<Jwt>,
238): void;
239export function verify(
240    token: string,
241    secretOrPublicKey: Secret | GetPublicKeyOrSecret,
242    options?: VerifyOptions & { complete?: false },
243    callback?: VerifyCallback<JwtPayload | string>,
244): void;
245export function verify(
246    token: string,
247    secretOrPublicKey: Secret | GetPublicKeyOrSecret,
248    options?: VerifyOptions,
249    callback?: VerifyCallback,
250): void;
251
252/**
253 * Returns the decoded payload without verifying if the signature is valid.
254 * token - JWT string to decode
255 * [options] - Options for decoding
256 * returns - The decoded Token
257 */
258export function decode(token: string, options: DecodeOptions & { complete: true }): null | Jwt;
259export function decode(token: string, options: DecodeOptions & { json: true }): null | JwtPayload;
260export function decode(token: string, options?: DecodeOptions): null | JwtPayload | string;

1	`/// <reference types="node" />`
2
3	`import { KeyObject } from "crypto";`
4
5	`export class JsonWebTokenError extends Error {`
6	`inner: Error;`
7
8	`constructor(message: string, error?: Error);`
9	`}`
10
11	`export class TokenExpiredError extends JsonWebTokenError {`
12	`expiredAt: Date;`
13
14	`constructor(message: string, expiredAt: Date);`
15	`}`
16
17	`/**`
18	`* Thrown if current time is before the nbf claim.`
19	`*/`
20	`export class NotBeforeError extends JsonWebTokenError {`
21	`date: Date;`
22
23	`constructor(message: string, date: Date);`
24	`}`
25
26	`export interface SignOptions {`
27	`/**`
28	`* Signature algorithm. Could be one of these values :`
29	`* - HS256: HMAC using SHA-256 hash algorithm (default)`
30	`* - HS384: HMAC using SHA-384 hash algorithm`
31	`* - HS512: HMAC using SHA-512 hash algorithm`
32	`* - RS256: RSASSA using SHA-256 hash algorithm`
33	`* - RS384: RSASSA using SHA-384 hash algorithm`
34	`* - RS512: RSASSA using SHA-512 hash algorithm`
35	`* - ES256: ECDSA using P-256 curve and SHA-256 hash algorithm`
36	`* - ES384: ECDSA using P-384 curve and SHA-384 hash algorithm`
37	`* - ES512: ECDSA using P-521 curve and SHA-512 hash algorithm`
38	`* - none: No digital signature or MAC value included`
39	`*/`
40	`algorithm?: Algorithm \| undefined;`
41	`keyid?: string \| undefined;`
42	`/** expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js). Eg: 60, "2 days", "10h", "7d" */`
43	`expiresIn?: string \| number;`
44	`/** expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js). Eg: 60, "2 days", "10h", "7d" */`
45	`notBefore?: string \| number \| undefined;`
46	`audience?: string \| string[] \| undefined;`
47	`subject?: string \| undefined;`
48	`issuer?: string \| undefined;`
49	`jwtid?: string \| undefined;`
50	`mutatePayload?: boolean \| undefined;`
51	`noTimestamp?: boolean \| undefined;`
52	`header?: JwtHeader \| undefined;`
53	`encoding?: string \| undefined;`
54	`allowInsecureKeySizes?: boolean \| undefined;`
55	`allowInvalidAsymmetricKeyTypes?: boolean \| undefined;`
56	`}`
57
58	`export interface VerifyOptions {`
59	`algorithms?: Algorithm[] \| undefined;`
60	`audience?: string \| RegExp \| Array<string \| RegExp> \| undefined;`
61	`clockTimestamp?: number \| undefined;`
62	`clockTolerance?: number \| undefined;`
63	/** return an object with the decoded `{ payload, header, signature }` instead of only the usual content of the payload. */
64	`complete?: boolean \| undefined;`
65	`issuer?: string \| string[] \| undefined;`
66	`ignoreExpiration?: boolean \| undefined;`
67	`ignoreNotBefore?: boolean \| undefined;`
68	`jwtid?: string \| undefined;`
69	`/**`
70	* If you want to check `nonce` claim, provide a string value here.
71	`* It is used on Open ID for the ID Tokens. ([Open ID implementation notes](https://openid.net/specs/openid-connect-core-1_0.html#NonceNotes))`
72	`*/`
73	`nonce?: string \| undefined;`
74	`subject?: string \| undefined;`
75	`maxAge?: string \| number \| undefined;`
76	`allowInvalidAsymmetricKeyTypes?: boolean \| undefined;`
77	`}`
78
79	`export interface DecodeOptions {`
80	`complete?: boolean \| undefined;`
81	`json?: boolean \| undefined;`
82	`}`
83	`export type VerifyErrors =`
84	`\| JsonWebTokenError`
85	`\| NotBeforeError`
86	`\| TokenExpiredError;`
87	`export type VerifyCallback<T = Jwt \| JwtPayload \| string> = (`
88	`error: VerifyErrors \| null,`
89	`decoded: T \| undefined,`
90	`) => void;`
91
92	`export type SignCallback = (`
93	`error: Error \| null,`
94	`encoded: string \| undefined,`
95	`) => void;`
96
97	`// standard names https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1`
98	`export interface JwtHeader {`
99	`alg: string \| Algorithm;`
100	`typ?: string \| undefined;`
101	`cty?: string \| undefined;`
102	`crit?: Array<string \| Exclude<keyof JwtHeader, "crit">> \| undefined;`
103	`kid?: string \| undefined;`
104	`jku?: string \| undefined;`
105	`x5u?: string \| string[] \| undefined;`
106	`"x5t#S256"?: string \| undefined;`
107	`x5t?: string \| undefined;`
108	`x5c?: string \| string[] \| undefined;`
109	`}`
110
111	`// standard claims https://datatracker.ietf.org/doc/html/rfc7519#section-4.1`
112	`export interface JwtPayload {`
113	`[key: string]: any;`
114	`iss?: string \| undefined;`
115	`sub?: string \| undefined;`
116	`aud?: string \| string[] \| undefined;`
117	`exp?: number \| undefined;`
118	`nbf?: number \| undefined;`
119	`iat?: number \| undefined;`
120	`jti?: string \| undefined;`
121	`}`
122
123	`export interface Jwt {`
124	`header: JwtHeader;`
125	`payload: JwtPayload \| string;`
126	`signature: string;`
127	`}`
128
129	`// https://github.com/auth0/node-jsonwebtoken#algorithms-supported`
130	`export type Algorithm =`
131	`\| "HS256"`
132	`\| "HS384"`
133	`\| "HS512"`
134	`\| "RS256"`
135	`\| "RS384"`
136	`\| "RS512"`
137	`\| "ES256"`
138	`\| "ES384"`
139	`\| "ES512"`
140	`\| "PS256"`
141	`\| "PS384"`
142	`\| "PS512"`
143	`\| "none";`
144
145	`export type SigningKeyCallback = (`
146	`error: Error \| null,`
147	`signingKey?: Secret,`
148	`) => void;`
149
150	`export type GetPublicKeyOrSecret = (`
151	`header: JwtHeader,`
152	`callback: SigningKeyCallback,`
153	`) => void;`
154
155	`export type Secret =`
156	`\| string`
157	`\| Buffer`
158	`\| KeyObject`
159	`\| { key: string \| Buffer; passphrase: string };`
160
161	`/**`
162	`* Synchronously sign the given payload into a JSON Web Token string`
163	`* payload - Payload to sign, could be an literal, buffer or string`
164	`* secretOrPrivateKey - Either the secret for HMAC algorithms, or the PEM encoded private key for RSA and ECDSA.`
165	`* [options] - Options for the signature`
166	`* returns - The JSON Web Token string`
167	`*/`
168	`export function sign(`
169	`payload: string \| Buffer \| object,`
170	`secretOrPrivateKey: Secret,`
171	`options?: SignOptions,`
172	`): string;`
173	`export function sign(`
174	`payload: string \| Buffer \| object,`
175	`secretOrPrivateKey: null,`
176	`options?: SignOptions & { algorithm: "none" },`
177	`): string;`
178
179	`/**`
180	`* Sign the given payload into a JSON Web Token string`
181	`* payload - Payload to sign, could be an literal, buffer or string`
182	`* secretOrPrivateKey - Either the secret for HMAC algorithms, or the PEM encoded private key for RSA and ECDSA.`
183	`* [options] - Options for the signature`
184	`* callback - Callback to get the encoded token on`
185	`*/`
186	`export function sign(`
187	`payload: string \| Buffer \| object,`
188	`secretOrPrivateKey: Secret,`
189	`callback: SignCallback,`
190	`): void;`
191	`export function sign(`
192	`payload: string \| Buffer \| object,`
193	`secretOrPrivateKey: Secret,`
194	`options: SignOptions,`
195	`callback: SignCallback,`
196	`): void;`
197	`export function sign(`
198	`payload: string \| Buffer \| object,`
199	`secretOrPrivateKey: null,`
200	`options: SignOptions & { algorithm: "none" },`
201	`callback: SignCallback,`
202	`): void;`
203
204	`/**`
205	`* Synchronously verify given token using a secret or a public key to get a decoded token`
206	`* token - JWT string to verify`
207	`* secretOrPublicKey - Either the secret for HMAC algorithms, or the PEM encoded public key for RSA and ECDSA.`
208	`* [options] - Options for the verification`
209	`* returns - The decoded token.`
210	`*/`
211	`export function verify(token: string, secretOrPublicKey: Secret, options: VerifyOptions & { complete: true }): Jwt;`
212	`export function verify(`
213	`token: string,`
214	`secretOrPublicKey: Secret,`
215	`options?: VerifyOptions & { complete?: false },`
216	`): JwtPayload \| string;`
217	`export function verify(token: string, secretOrPublicKey: Secret, options?: VerifyOptions): Jwt \| JwtPayload \| string;`
218
219	`/**`
220	`* Asynchronously verify given token using a secret or a public key to get a decoded token`
221	`* token - JWT string to verify`
222	`* secretOrPublicKey - A string or buffer containing either the secret for HMAC algorithms,`
223	`* or the PEM encoded public key for RSA and ECDSA. If jwt.verify is called asynchronous,`
224	`* secretOrPublicKey can be a function that should fetch the secret or public key`
225	`* [options] - Options for the verification`
226	`* callback - Callback to get the decoded token on`
227	`*/`
228	`export function verify(`
229	`token: string,`
230	`secretOrPublicKey: Secret \| GetPublicKeyOrSecret,`
231	`callback?: VerifyCallback<JwtPayload \| string>,`
232	`): void;`
233	`export function verify(`
234	`token: string,`
235	`secretOrPublicKey: Secret \| GetPublicKeyOrSecret,`
236	`options: VerifyOptions & { complete: true },`
237	`callback?: VerifyCallback<Jwt>,`
238	`): void;`
239	`export function verify(`
240	`token: string,`
241	`secretOrPublicKey: Secret \| GetPublicKeyOrSecret,`
242	`options?: VerifyOptions & { complete?: false },`
243	`callback?: VerifyCallback<JwtPayload \| string>,`
244	`): void;`
245	`export function verify(`
246	`token: string,`
247	`secretOrPublicKey: Secret \| GetPublicKeyOrSecret,`
248	`options?: VerifyOptions,`
249	`callback?: VerifyCallback,`
250	`): void;`
251
252	`/**`
253	`* Returns the decoded payload without verifying if the signature is valid.`
254	`* token - JWT string to decode`
255	`* [options] - Options for decoding`
256	`* returns - The decoded Token`
257	`*/`
258	`export function decode(token: string, options: DecodeOptions & { complete: true }): null \| Jwt;`
259	`export function decode(token: string, options: DecodeOptions & { json: true }): null \| JwtPayload;`
260	`export function decode(token: string, options?: DecodeOptions): null \| JwtPayload \| string;`