UNPKG

@types/jsonwebtoken/index.d.ts

Version:

9.12 kBTypeScriptView Raw

1/// <reference types="node" />
2
3import type { createPrivateKey, createPublicKey, KeyObject } from "crypto";
4
5export class JsonWebTokenError extends Error {
6    inner: Error;
7
8    constructor(message: string, error?: Error);
9}
10
11export class TokenExpiredError extends JsonWebTokenError {
12    expiredAt: Date;
13
14    constructor(message: string, expiredAt: Date);
15}
16
17/**
18 * Thrown if current time is before the nbf claim.
19 */
20export class NotBeforeError extends JsonWebTokenError {
21    date: Date;
22
23    constructor(message: string, date: Date);
24}
25
26export interface SignOptions {
27    /**
28     * Signature algorithm. Could be one of these values :
29     * - HS256:    HMAC using SHA-256 hash algorithm (default)
30     * - HS384:    HMAC using SHA-384 hash algorithm
31     * - HS512:    HMAC using SHA-512 hash algorithm
32     * - RS256:    RSASSA using SHA-256 hash algorithm
33     * - RS384:    RSASSA using SHA-384 hash algorithm
34     * - RS512:    RSASSA using SHA-512 hash algorithm
35     * - ES256:    ECDSA using P-256 curve and SHA-256 hash algorithm
36     * - ES384:    ECDSA using P-384 curve and SHA-384 hash algorithm
37     * - ES512:    ECDSA using P-521 curve and SHA-512 hash algorithm
38     * - none:     No digital signature or MAC value included
39     */
40    algorithm?: Algorithm | undefined;
41    keyid?: string | undefined;
42    /** expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js).  Eg: 60, "2 days", "10h", "7d" */
43    expiresIn?: string | number;
44    /** expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js).  Eg: 60, "2 days", "10h", "7d" */
45    notBefore?: string | number | undefined;
46    audience?: string | string[] | undefined;
47    subject?: string | undefined;
48    issuer?: string | undefined;
49    jwtid?: string | undefined;
50    mutatePayload?: boolean | undefined;
51    noTimestamp?: boolean | undefined;
52    header?: JwtHeader | undefined;
53    encoding?: string | undefined;
54    allowInsecureKeySizes?: boolean | undefined;
55    allowInvalidAsymmetricKeyTypes?: boolean | undefined;
56}
57
58export interface VerifyOptions {
59    algorithms?: Algorithm[] | undefined;
60    audience?: string | RegExp | Array<string | RegExp> | undefined;
61    clockTimestamp?: number | undefined;
62    clockTolerance?: number | undefined;
63    /** return an object with the decoded `{ payload, header, signature }` instead of only the usual content of the payload. */
64    complete?: boolean | undefined;
65    issuer?: string | string[] | undefined;
66    ignoreExpiration?: boolean | undefined;
67    ignoreNotBefore?: boolean | undefined;
68    jwtid?: string | undefined;
69    /**
70     * If you want to check `nonce` claim, provide a string value here.
71     * It is used on Open ID for the ID Tokens. ([Open ID implementation notes](https://openid.net/specs/openid-connect-core-1_0.html#NonceNotes))
72     */
73    nonce?: string | undefined;
74    subject?: string | undefined;
75    maxAge?: string | number | undefined;
76    allowInvalidAsymmetricKeyTypes?: boolean | undefined;
77}
78
79export interface DecodeOptions {
80    complete?: boolean | undefined;
81    json?: boolean | undefined;
82}
83export type VerifyErrors =
84    | JsonWebTokenError
85    | NotBeforeError
86    | TokenExpiredError;
87export type VerifyCallback<T = Jwt | JwtPayload | string> = (
88    error: VerifyErrors | null,
89    decoded: T | undefined,
90) => void;
91
92export type SignCallback = (
93    error: Error | null,
94    encoded: string | undefined,
95) => void;
96
97// standard names https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1
98export interface JwtHeader {
99    alg: string | Algorithm;
100    typ?: string | undefined;
101    cty?: string | undefined;
102    crit?: Array<string | Exclude<keyof JwtHeader, "crit">> | undefined;
103    kid?: string | undefined;
104    jku?: string | undefined;
105    x5u?: string | string[] | undefined;
106    "x5t#S256"?: string | undefined;
107    x5t?: string | undefined;
108    x5c?: string | string[] | undefined;
109}
110
111// standard claims https://datatracker.ietf.org/doc/html/rfc7519#section-4.1
112export interface JwtPayload {
113    [key: string]: any;
114    iss?: string | undefined;
115    sub?: string | undefined;
116    aud?: string | string[] | undefined;
117    exp?: number | undefined;
118    nbf?: number | undefined;
119    iat?: number | undefined;
120    jti?: string | undefined;
121}
122
123export interface Jwt {
124    header: JwtHeader;
125    payload: JwtPayload | string;
126    signature: string;
127}
128
129// https://github.com/auth0/node-jsonwebtoken#algorithms-supported
130export type Algorithm =
131    | "HS256"
132    | "HS384"
133    | "HS512"
134    | "RS256"
135    | "RS384"
136    | "RS512"
137    | "ES256"
138    | "ES384"
139    | "ES512"
140    | "PS256"
141    | "PS384"
142    | "PS512"
143    | "none";
144
145export type SigningKeyCallback = (
146    error: Error | null,
147    signingKey?: Secret | PublicKey,
148) => void;
149
150export type GetPublicKeyOrSecret = (
151    header: JwtHeader,
152    callback: SigningKeyCallback,
153) => void;
154
155export type PublicKey = Parameters<typeof createPublicKey>[0];
156
157export type PrivateKey = Parameters<typeof createPrivateKey>[0];
158
159export type Secret =
160    | string
161    | Buffer
162    | KeyObject
163    | { key: string | Buffer; passphrase: string };
164
165/**
166 * Synchronously sign the given payload into a JSON Web Token string
167 * payload - Payload to sign, could be an literal, buffer or string
168 * secretOrPrivateKey - Either the secret for HMAC algorithms, or the PEM encoded private key for RSA and ECDSA.
169 * [options] - Options for the signature
170 * returns - The JSON Web Token string
171 */
172export function sign(
173    payload: string | Buffer | object,
174    secretOrPrivateKey: Secret | PrivateKey,
175    options?: SignOptions,
176): string;
177export function sign(
178    payload: string | Buffer | object,
179    secretOrPrivateKey: null,
180    options?: SignOptions & { algorithm: "none" },
181): string;
182
183/**
184 * Sign the given payload into a JSON Web Token string
185 * payload - Payload to sign, could be an literal, buffer or string
186 * secretOrPrivateKey - Either the secret for HMAC algorithms, or the PEM encoded private key for RSA and ECDSA.
187 * [options] - Options for the signature
188 * callback - Callback to get the encoded token on
189 */
190export function sign(
191    payload: string | Buffer | object,
192    secretOrPrivateKey: Secret | PrivateKey,
193    callback: SignCallback,
194): void;
195export function sign(
196    payload: string | Buffer | object,
197    secretOrPrivateKey: Secret | PrivateKey,
198    options: SignOptions,
199    callback: SignCallback,
200): void;
201export function sign(
202    payload: string | Buffer | object,
203    secretOrPrivateKey: null,
204    options: SignOptions & { algorithm: "none" },
205    callback: SignCallback,
206): void;
207
208/**
209 * Synchronously verify given token using a secret or a public key to get a decoded token
210 * token - JWT string to verify
211 * secretOrPublicKey - Either the secret for HMAC algorithms, or the PEM encoded public key for RSA and ECDSA.
212 * [options] - Options for the verification
213 * returns - The decoded token.
214 */
215export function verify(
216    token: string,
217    secretOrPublicKey: Secret | PublicKey,
218    options: VerifyOptions & { complete: true },
219): Jwt;
220export function verify(
221    token: string,
222    secretOrPublicKey: Secret | PublicKey,
223    options?: VerifyOptions & { complete?: false },
224): JwtPayload | string;
225export function verify(
226    token: string,
227    secretOrPublicKey: Secret | PublicKey,
228    options?: VerifyOptions,
229): Jwt | JwtPayload | string;
230
231/**
232 * Asynchronously verify given token using a secret or a public key to get a decoded token
233 * token - JWT string to verify
234 * secretOrPublicKey - A string or buffer containing either the secret for HMAC algorithms,
235 * or the PEM encoded public key for RSA and ECDSA. If jwt.verify is called asynchronous,
236 * secretOrPublicKey can be a function that should fetch the secret or public key
237 * [options] - Options for the verification
238 * callback - Callback to get the decoded token on
239 */
240export function verify(
241    token: string,
242    secretOrPublicKey: Secret | PublicKey | GetPublicKeyOrSecret,
243    callback?: VerifyCallback<JwtPayload | string>,
244): void;
245export function verify(
246    token: string,
247    secretOrPublicKey: Secret | PublicKey | GetPublicKeyOrSecret,
248    options: VerifyOptions & { complete: true },
249    callback?: VerifyCallback<Jwt>,
250): void;
251export function verify(
252    token: string,
253    secretOrPublicKey: Secret | PublicKey | GetPublicKeyOrSecret,
254    options?: VerifyOptions & { complete?: false },
255    callback?: VerifyCallback<JwtPayload | string>,
256): void;
257export function verify(
258    token: string,
259    secretOrPublicKey: Secret | PublicKey | GetPublicKeyOrSecret,
260    options?: VerifyOptions,
261    callback?: VerifyCallback,
262): void;
263
264/**
265 * Returns the decoded payload without verifying if the signature is valid.
266 * token - JWT string to decode
267 * [options] - Options for decoding
268 * returns - The decoded Token
269 */
270export function decode(token: string, options: DecodeOptions & { complete: true }): null | Jwt;
271export function decode(token: string, options: DecodeOptions & { json: true }): null | JwtPayload;
272export function decode(token: string, options?: DecodeOptions): null | JwtPayload | string;

1	`/// <reference types="node" />`
2
3	`import type { createPrivateKey, createPublicKey, KeyObject } from "crypto";`
4
5	`export class JsonWebTokenError extends Error {`
6	`inner: Error;`
7
8	`constructor(message: string, error?: Error);`
9	`}`
10
11	`export class TokenExpiredError extends JsonWebTokenError {`
12	`expiredAt: Date;`
13
14	`constructor(message: string, expiredAt: Date);`
15	`}`
16
17	`/**`
18	`* Thrown if current time is before the nbf claim.`
19	`*/`
20	`export class NotBeforeError extends JsonWebTokenError {`
21	`date: Date;`
22
23	`constructor(message: string, date: Date);`
24	`}`
25
26	`export interface SignOptions {`
27	`/**`
28	`* Signature algorithm. Could be one of these values :`
29	`* - HS256: HMAC using SHA-256 hash algorithm (default)`
30	`* - HS384: HMAC using SHA-384 hash algorithm`
31	`* - HS512: HMAC using SHA-512 hash algorithm`
32	`* - RS256: RSASSA using SHA-256 hash algorithm`
33	`* - RS384: RSASSA using SHA-384 hash algorithm`
34	`* - RS512: RSASSA using SHA-512 hash algorithm`
35	`* - ES256: ECDSA using P-256 curve and SHA-256 hash algorithm`
36	`* - ES384: ECDSA using P-384 curve and SHA-384 hash algorithm`
37	`* - ES512: ECDSA using P-521 curve and SHA-512 hash algorithm`
38	`* - none: No digital signature or MAC value included`
39	`*/`
40	`algorithm?: Algorithm \| undefined;`
41	`keyid?: string \| undefined;`
42	`/** expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js). Eg: 60, "2 days", "10h", "7d" */`
43	`expiresIn?: string \| number;`
44	`/** expressed in seconds or a string describing a time span [zeit/ms](https://github.com/zeit/ms.js). Eg: 60, "2 days", "10h", "7d" */`
45	`notBefore?: string \| number \| undefined;`
46	`audience?: string \| string[] \| undefined;`
47	`subject?: string \| undefined;`
48	`issuer?: string \| undefined;`
49	`jwtid?: string \| undefined;`
50	`mutatePayload?: boolean \| undefined;`
51	`noTimestamp?: boolean \| undefined;`
52	`header?: JwtHeader \| undefined;`
53	`encoding?: string \| undefined;`
54	`allowInsecureKeySizes?: boolean \| undefined;`
55	`allowInvalidAsymmetricKeyTypes?: boolean \| undefined;`
56	`}`
57
58	`export interface VerifyOptions {`
59	`algorithms?: Algorithm[] \| undefined;`
60	`audience?: string \| RegExp \| Array<string \| RegExp> \| undefined;`
61	`clockTimestamp?: number \| undefined;`
62	`clockTolerance?: number \| undefined;`
63	/** return an object with the decoded `{ payload, header, signature }` instead of only the usual content of the payload. */
64	`complete?: boolean \| undefined;`
65	`issuer?: string \| string[] \| undefined;`
66	`ignoreExpiration?: boolean \| undefined;`
67	`ignoreNotBefore?: boolean \| undefined;`
68	`jwtid?: string \| undefined;`
69	`/**`
70	* If you want to check `nonce` claim, provide a string value here.
71	`* It is used on Open ID for the ID Tokens. ([Open ID implementation notes](https://openid.net/specs/openid-connect-core-1_0.html#NonceNotes))`
72	`*/`
73	`nonce?: string \| undefined;`
74	`subject?: string \| undefined;`
75	`maxAge?: string \| number \| undefined;`
76	`allowInvalidAsymmetricKeyTypes?: boolean \| undefined;`
77	`}`
78
79	`export interface DecodeOptions {`
80	`complete?: boolean \| undefined;`
81	`json?: boolean \| undefined;`
82	`}`
83	`export type VerifyErrors =`
84	`\| JsonWebTokenError`
85	`\| NotBeforeError`
86	`\| TokenExpiredError;`
87	`export type VerifyCallback<T = Jwt \| JwtPayload \| string> = (`
88	`error: VerifyErrors \| null,`
89	`decoded: T \| undefined,`
90	`) => void;`
91
92	`export type SignCallback = (`
93	`error: Error \| null,`
94	`encoded: string \| undefined,`
95	`) => void;`
96
97	`// standard names https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1`
98	`export interface JwtHeader {`
99	`alg: string \| Algorithm;`
100	`typ?: string \| undefined;`
101	`cty?: string \| undefined;`
102	`crit?: Array<string \| Exclude<keyof JwtHeader, "crit">> \| undefined;`
103	`kid?: string \| undefined;`
104	`jku?: string \| undefined;`
105	`x5u?: string \| string[] \| undefined;`
106	`"x5t#S256"?: string \| undefined;`
107	`x5t?: string \| undefined;`
108	`x5c?: string \| string[] \| undefined;`
109	`}`
110
111	`// standard claims https://datatracker.ietf.org/doc/html/rfc7519#section-4.1`
112	`export interface JwtPayload {`
113	`[key: string]: any;`
114	`iss?: string \| undefined;`
115	`sub?: string \| undefined;`
116	`aud?: string \| string[] \| undefined;`
117	`exp?: number \| undefined;`
118	`nbf?: number \| undefined;`
119	`iat?: number \| undefined;`
120	`jti?: string \| undefined;`
121	`}`
122
123	`export interface Jwt {`
124	`header: JwtHeader;`
125	`payload: JwtPayload \| string;`
126	`signature: string;`
127	`}`
128
129	`// https://github.com/auth0/node-jsonwebtoken#algorithms-supported`
130	`export type Algorithm =`
131	`\| "HS256"`
132	`\| "HS384"`
133	`\| "HS512"`
134	`\| "RS256"`
135	`\| "RS384"`
136	`\| "RS512"`
137	`\| "ES256"`
138	`\| "ES384"`
139	`\| "ES512"`
140	`\| "PS256"`
141	`\| "PS384"`
142	`\| "PS512"`
143	`\| "none";`
144
145	`export type SigningKeyCallback = (`
146	`error: Error \| null,`
147	`signingKey?: Secret \| PublicKey,`
148	`) => void;`
149
150	`export type GetPublicKeyOrSecret = (`
151	`header: JwtHeader,`
152	`callback: SigningKeyCallback,`
153	`) => void;`
154
155	`export type PublicKey = Parameters<typeof createPublicKey>[0];`
156
157	`export type PrivateKey = Parameters<typeof createPrivateKey>[0];`
158
159	`export type Secret =`
160	`\| string`
161	`\| Buffer`
162	`\| KeyObject`
163	`\| { key: string \| Buffer; passphrase: string };`
164
165	`/**`
166	`* Synchronously sign the given payload into a JSON Web Token string`
167	`* payload - Payload to sign, could be an literal, buffer or string`
168	`* secretOrPrivateKey - Either the secret for HMAC algorithms, or the PEM encoded private key for RSA and ECDSA.`
169	`* [options] - Options for the signature`
170	`* returns - The JSON Web Token string`
171	`*/`
172	`export function sign(`
173	`payload: string \| Buffer \| object,`
174	`secretOrPrivateKey: Secret \| PrivateKey,`
175	`options?: SignOptions,`
176	`): string;`
177	`export function sign(`
178	`payload: string \| Buffer \| object,`
179	`secretOrPrivateKey: null,`
180	`options?: SignOptions & { algorithm: "none" },`
181	`): string;`
182
183	`/**`
184	`* Sign the given payload into a JSON Web Token string`
185	`* payload - Payload to sign, could be an literal, buffer or string`
186	`* secretOrPrivateKey - Either the secret for HMAC algorithms, or the PEM encoded private key for RSA and ECDSA.`
187	`* [options] - Options for the signature`
188	`* callback - Callback to get the encoded token on`
189	`*/`
190	`export function sign(`
191	`payload: string \| Buffer \| object,`
192	`secretOrPrivateKey: Secret \| PrivateKey,`
193	`callback: SignCallback,`
194	`): void;`
195	`export function sign(`
196	`payload: string \| Buffer \| object,`
197	`secretOrPrivateKey: Secret \| PrivateKey,`
198	`options: SignOptions,`
199	`callback: SignCallback,`
200	`): void;`
201	`export function sign(`
202	`payload: string \| Buffer \| object,`
203	`secretOrPrivateKey: null,`
204	`options: SignOptions & { algorithm: "none" },`
205	`callback: SignCallback,`
206	`): void;`
207
208	`/**`
209	`* Synchronously verify given token using a secret or a public key to get a decoded token`
210	`* token - JWT string to verify`
211	`* secretOrPublicKey - Either the secret for HMAC algorithms, or the PEM encoded public key for RSA and ECDSA.`
212	`* [options] - Options for the verification`
213	`* returns - The decoded token.`
214	`*/`
215	`export function verify(`
216	`token: string,`
217	`secretOrPublicKey: Secret \| PublicKey,`
218	`options: VerifyOptions & { complete: true },`
219	`): Jwt;`
220	`export function verify(`
221	`token: string,`
222	`secretOrPublicKey: Secret \| PublicKey,`
223	`options?: VerifyOptions & { complete?: false },`
224	`): JwtPayload \| string;`
225	`export function verify(`
226	`token: string,`
227	`secretOrPublicKey: Secret \| PublicKey,`
228	`options?: VerifyOptions,`
229	`): Jwt \| JwtPayload \| string;`
230
231	`/**`
232	`* Asynchronously verify given token using a secret or a public key to get a decoded token`
233	`* token - JWT string to verify`
234	`* secretOrPublicKey - A string or buffer containing either the secret for HMAC algorithms,`
235	`* or the PEM encoded public key for RSA and ECDSA. If jwt.verify is called asynchronous,`
236	`* secretOrPublicKey can be a function that should fetch the secret or public key`
237	`* [options] - Options for the verification`
238	`* callback - Callback to get the decoded token on`
239	`*/`
240	`export function verify(`
241	`token: string,`
242	`secretOrPublicKey: Secret \| PublicKey \| GetPublicKeyOrSecret,`
243	`callback?: VerifyCallback<JwtPayload \| string>,`
244	`): void;`
245	`export function verify(`
246	`token: string,`
247	`secretOrPublicKey: Secret \| PublicKey \| GetPublicKeyOrSecret,`
248	`options: VerifyOptions & { complete: true },`
249	`callback?: VerifyCallback<Jwt>,`
250	`): void;`
251	`export function verify(`
252	`token: string,`
253	`secretOrPublicKey: Secret \| PublicKey \| GetPublicKeyOrSecret,`
254	`options?: VerifyOptions & { complete?: false },`
255	`callback?: VerifyCallback<JwtPayload \| string>,`
256	`): void;`
257	`export function verify(`
258	`token: string,`
259	`secretOrPublicKey: Secret \| PublicKey \| GetPublicKeyOrSecret,`
260	`options?: VerifyOptions,`
261	`callback?: VerifyCallback,`
262	`): void;`
263
264	`/**`
265	`* Returns the decoded payload without verifying if the signature is valid.`
266	`* token - JWT string to decode`
267	`* [options] - Options for decoding`
268	`* returns - The decoded Token`
269	`*/`
270	`export function decode(token: string, options: DecodeOptions & { complete: true }): null \| Jwt;`
271	`export function decode(token: string, options: DecodeOptions & { json: true }): null \| JwtPayload;`
272	`export function decode(token: string, options?: DecodeOptions): null \| JwtPayload \| string;`