UNPKG

jose/types/index.d.ts

Version:

17.9 kBTypeScriptView Raw

1/// <reference types="node" />
2// TypeScript Version: 3.6
3
4import { KeyObject, PrivateKeyInput, PublicKeyInput } from 'crypto';
5
6export type use = 'sig' | 'enc';
7export type keyOperation = 'sign' | 'verify' | 'encrypt' | 'decrypt' | 'wrapKey' | 'unwrapKey' | 'deriveKey';
8export interface BasicParameters {
alg?: string;
use?: use;
kid?: string;
key_ops?: keyOperation[];
13}
14export interface KeyParameters extends BasicParameters {
x5c?: string[];
x5t?: string;
'x5t#S256'?: string;
18}
19export type ECCurve = 'P-256' | 'secp256k1' | 'P-384' | 'P-521';
20export type OKPCurve = 'Ed25519' | 'Ed448' | 'X25519' | 'X448';
21export type Curves = OKPCurve | ECCurve;
22export type keyType = 'RSA' | 'EC' | 'OKP' | 'oct';
23export type asymmetricKeyObjectTypes = 'private' | 'public';
24export type keyObjectTypes = asymmetricKeyObjectTypes | 'secret';
25export type JWTProfiles = 'id_token' | 'at+JWT' | 'logout_token';
26export type KeyInput = PrivateKeyInput | PublicKeyInput | string | Buffer;
27export type ProduceKeyInput = JWK.Key | KeyObject | KeyInput | JWKOctKey | JWKRSAKey | JWKECKey | JWKOKPKey;
28export type ConsumeKeyInput = ProduceKeyInput | JWKS.KeyStore;
29export type NoneKey = JWK.NoneKey;
30export type EmbeddedJWK = JWK.EmbeddedJWK;
31export type EmbeddedX5C = JWK.EmbeddedX5C;
32export type EmbeddedVerifyKeys = EmbeddedJWK | EmbeddedX5C;
33export type ProduceKeyInputWithNone = ProduceKeyInput | NoneKey;
34export type ConsumeKeyInputWithNone = ConsumeKeyInput | NoneKey;
35
36export interface JWKOctKey extends BasicParameters { // no x5c
kty: 'oct';
k?: string;
39}
40
41export interface JWKECKey extends KeyParameters {
kty: 'EC';
crv: ECCurve;
x: string;
y: string;
d?: string;
47}
48
49export interface JWKOKPKey extends KeyParameters {
kty: 'OKP';
crv: OKPCurve;
x: string;
d?: string;
54}
55
56export interface JWKRSAKey extends KeyParameters {
kty: 'RSA';
e: string;
n: string;
d?: string;
p?: string;
q?: string;
dp?: string;
dq?: string;
qi?: string;
66}
67
68export type JSONWebKey = JWKRSAKey | JWKOKPKey | JWKECKey | JWKOctKey;
69
70export interface JSONWebKeySet {
keys: JSONWebKey[];
72}
73
74export interface ImportOptions {
calculateMissingRSAPrimes?: boolean;
76}
77
78export namespace JWK {
interface pemEncodingOptions {
  type?: string;
  cipher?: string;
  passphrase?: string;
}
84
interface Key {
  readonly private: boolean;
  readonly public: boolean;
  readonly secret: boolean;
  readonly type: keyObjectTypes;
90
  readonly kty: keyType;
  readonly alg?: string;
  readonly use?: use;
  readonly key_ops?: ReadonlyArray<keyOperation>;
  readonly kid: string;
  readonly thumbprint: string;
  readonly x5c?: ReadonlyArray<string>;
  readonly x5t?: string;
  readonly 'x5t#S256'?: string;
  readonly keyObject: KeyObject;
101
  readonly crv?: ECCurve | OKPCurve;
  readonly d?: string;
  readonly dp?: string;
  readonly dq?: string;
  readonly e?: string;
  readonly k?: string;
  readonly n?: string;
  readonly p?: string;
  readonly q?: string;
  readonly qi?: string;
  readonly x?: string;
  readonly y?: string;
114
  toPEM(private?: boolean, encoding?: pemEncodingOptions): string;
116
  algorithms(operation?: keyOperation): Set<string>;
}
119
interface RSAKey extends Key {
  readonly secret: false;
  readonly type: asymmetricKeyObjectTypes;
123
  readonly kty: 'RSA';
125
  readonly e: string;
  readonly n: string;
  readonly d?: string;
  readonly p?: string;
  readonly q?: string;
  readonly dp?: string;
  readonly dq?: string;
  readonly qi?: string;
134
  readonly crv: undefined;
  readonly k: undefined;
  readonly x: undefined;
  readonly y: undefined;
139
  toJWK(private?: boolean): JWKRSAKey;
}
142
interface ECKey extends Key {
  readonly secret: false;
  readonly type: asymmetricKeyObjectTypes;
146
  readonly kty: 'EC';
148
  readonly crv: ECCurve;
  readonly x: string;
  readonly y: string;
  readonly d?: string;
153
  readonly dp: undefined;
  readonly dq: undefined;
  readonly e: undefined;
  readonly k: undefined;
  readonly n: undefined;
  readonly p: undefined;
  readonly q: undefined;
  readonly qi: undefined;
162
  toJWK(private?: boolean): JWKECKey;
}
165
interface OKPKey extends Key {
  readonly secret: false;
  readonly type: asymmetricKeyObjectTypes;
169
  readonly kty: 'OKP';
171
  readonly crv: OKPCurve;
  readonly x: string;
  readonly d?: string;
175
  readonly dp: undefined;
  readonly dq: undefined;
  readonly e: undefined;
  readonly k: undefined;
  readonly n: undefined;
  readonly p: undefined;
  readonly q: undefined;
  readonly qi: undefined;
  readonly y: undefined;
185
  toJWK(private?: boolean): JWKOKPKey;
}
188
interface OctKey extends Key {
  readonly private: false;
  readonly public: false;
  readonly secret: true;
  readonly type: 'secret';
194
  readonly kty: 'oct';
196
  readonly k?: string;
198
  readonly crv: undefined;
  readonly d: undefined;
  readonly dp: undefined;
  readonly dq: undefined;
  readonly e: undefined;
  readonly n: undefined;
  readonly p: undefined;
  readonly q: undefined;
  readonly qi: undefined;
  readonly x: undefined;
  readonly y: undefined;
210
  toJWK(private?: boolean): JWKOctKey;
}
213
interface NoneKey {
  readonly type: 'unsecured';
  readonly alg: 'none';
  algorithms(operation?: keyOperation): Set<string>;
}
219
const None: NoneKey;
221
interface EmbeddedJWK {
  readonly type: 'embedded';
  algorithms(operation?: keyOperation): Set<string>;
}
226
const EmbeddedJWK: EmbeddedJWK;
228
interface EmbeddedX5C {
  readonly type: 'embedded';
  algorithms(operation?: keyOperation): Set<string>;
}
233
const EmbeddedX5C: EmbeddedX5C;
235
function isKey(object: any): boolean;
237
function asKey(key: KeyObject | KeyInput, parameters?: KeyParameters): RSAKey | ECKey | OKPKey | OctKey;
function asKey(jwk: JWKOctKey): OctKey;
function asKey(jwk: JWKRSAKey, options?: ImportOptions): RSAKey;
function asKey(jwk: JWKECKey): ECKey;
function asKey(jwk: JWKOKPKey): OKPKey;
243
/*
 * @deprecated in favor of asKey
 */
function importKey(key: KeyObject | KeyInput, parameters?: KeyParameters): RSAKey | ECKey | OKPKey | OctKey;
function importKey(jwk: JWKOctKey): OctKey;
function importKey(jwk: JWKRSAKey): RSAKey;
function importKey(jwk: JWKECKey): ECKey;
function importKey(jwk: JWKOKPKey): OKPKey;
252
function generate(kty: keyType, crvOrSize?: Curves | number, parameters?: BasicParameters, private?: boolean): Promise<JWK.Key>;
function generate(kty: 'EC', crv?: ECCurve, parameters?: BasicParameters, private?: boolean): Promise<ECKey>;
function generate(kty: 'OKP', crv?: OKPCurve, parameters?: BasicParameters, private?: boolean): Promise<OKPKey>;
function generate(kty: 'RSA', bitlength?: number, parameters?: BasicParameters, private?: boolean): Promise<RSAKey>;
function generate(kty: 'oct', bitlength?: number, parameters?: BasicParameters): Promise<OctKey>;
258
function generateSync(kty: keyType, crvOrSize?: Curves | number, parameters?: BasicParameters, private?: boolean): JWK.Key;
function generateSync(kty: 'EC', crv?: ECCurve, parameters?: BasicParameters, private?: boolean): ECKey;
function generateSync(kty: 'OKP', crv?: OKPCurve, parameters?: BasicParameters, private?: boolean): OKPKey;
function generateSync(kty: 'RSA', bitlength?: number, parameters?: BasicParameters, private?: boolean): RSAKey;
function generateSync(kty: 'oct', bitlength?: number, parameters?: BasicParameters): OctKey;
264}
265
266export namespace JWKS {
interface KeyQuery extends BasicParameters {
  kty?: keyType;
  x5t?: string;
  'x5t#S256'?: string;
  crv?: string;
  thumbprint?: string;
}
274
class KeyStore {
  constructor(keys?: JWK.Key[]);
277
  readonly size: number;
279
  add(key: JWK.Key): void;
  remove(key: JWK.Key): void;
  all(parameters?: KeyQuery): JWK.Key[];
  get(parameters?: KeyQuery): JWK.Key;
284
  toJWKS(private?: boolean): JSONWebKeySet;
286
  generate(kty: keyType, crvOrSize?: Curves | number, parameters?: BasicParameters, private?: boolean): Promise<void>;
  generate(kty: 'EC', crv?: ECCurve, parameters?: BasicParameters, private?: boolean): Promise<void>;
  generate(kty: 'OKP', crv?: OKPCurve, parameters?: BasicParameters, private?: boolean): Promise<void>;
  generate(kty: 'RSA', bitlength?: number, parameters?: BasicParameters, private?: boolean): Promise<void>;
  generate(kty: 'oct', bitlength?: number, parameters?: BasicParameters): Promise<void>;
292
  generateSync(kty: keyType, crvOrSize?: Curves | number, parameters?: BasicParameters, private?: boolean): void;
  generateSync(kty: 'EC', crv?: ECCurve, parameters?: BasicParameters, private?: boolean): void;
  generateSync(kty: 'OKP', crv?: OKPCurve, parameters?: BasicParameters, private?: boolean): void;
  generateSync(kty: 'RSA', bitlength?: number, parameters?: BasicParameters, private?: boolean): void;
  generateSync(kty: 'oct', bitlength?: number, parameters?: BasicParameters): void;
298
  /*
   * @deprecated in favor of JWKS.asKeyStore
   */
  static fromJWKS(jwks: JSONWebKeySet): KeyStore;
}
304
interface JWKSImportOptions extends ImportOptions {
  ignoreErrors?: boolean;
}
308
function asKeyStore(jwks: JSONWebKeySet, options?: JWKSImportOptions): KeyStore;
310}
311
312export namespace JWS {
interface JWSJSON {
  payload: string;
}
316
interface JWSRecipient {
  signature: string;
  protected?: string;
  header?: object;
}
322
interface FlattenedJWS extends JWSRecipient, JWSJSON {}
324
interface GeneralJWS extends JWSJSON {
  signatures: JWSRecipient[];
}
328
class Sign {
  constructor(payload: string | Buffer | object);
331
  recipient(key: ProduceKeyInputWithNone, protected?: object, header?: object): void;
333
  sign(serialization: 'compact'): string;
  sign(serialization: 'flattened'): FlattenedJWS;
  sign(serialization: 'general'): GeneralJWS;
}
338
function sign(payload: string | Buffer | object, key: ProduceKeyInputWithNone, protected?: object): string;
namespace sign {
  function flattened(payload: string | Buffer | object, key: ProduceKeyInputWithNone, protected?: object, header?: object): FlattenedJWS;
  function general(payload: string | Buffer | object, key: ProduceKeyInputWithNone, protected?: object, header?: object): GeneralJWS;
}
344
interface VerifyOptions<komplet = false, parse = true> {
  complete?: komplet;
  parse?: parse;
  encoding?: BufferEncoding;
  crit?: string[];
  algorithms?: string[];
}
352
interface completeVerification<T, T2> {
  payload: T;
  key: T2;
  protected?: object;
  header?: object;
}
359
function verify(jws: string | FlattenedJWS | GeneralJWS, key: ConsumeKeyInputWithNone | EmbeddedVerifyKeys, options?: VerifyOptions): string | object;
function verify(jws: string | FlattenedJWS | GeneralJWS, key: ConsumeKeyInputWithNone | EmbeddedVerifyKeys, options?: VerifyOptions<false, false>): Buffer;
function verify(jws: string | FlattenedJWS | GeneralJWS, key: ConsumeKeyInput | EmbeddedVerifyKeys, options?: VerifyOptions<true>): completeVerification<string | object, JWK.Key>;
function verify(jws: string | FlattenedJWS | GeneralJWS, key: ConsumeKeyInput | EmbeddedVerifyKeys, options?: VerifyOptions<true, false>): completeVerification<Buffer, JWK.Key>;
function verify(jws: string | FlattenedJWS | GeneralJWS, key: NoneKey, options?: VerifyOptions<true>): completeVerification<string | object, NoneKey>;
function verify(jws: string | FlattenedJWS | GeneralJWS, key: NoneKey, options?: VerifyOptions<true, false>): completeVerification<Buffer, NoneKey>;
366}
367
368export namespace JWE {
interface JWEJSON {
  protected?: string;
  unprotected?: object;
  ciphertext: string;
  tag: string;
  iv: string;
  aad?: string;
}
377
interface JWERecipient {
  header?: object;
  encrypted_key: string;
}
382
interface FlattenedJWE extends JWERecipient, JWEJSON {}
384
interface GeneralJWE extends JWEJSON {
  recipients: JWERecipient[];
}
388
class Encrypt {
  constructor(cleartext: string | Buffer, protected?: object, unprotected?: object, aad?: string);
391
  recipient(key: ProduceKeyInput, header?: object): void;
393
  encrypt(serialization: 'compact'): string;
  encrypt(serialization: 'flattened'): FlattenedJWE;
  encrypt(serialization: 'general'): GeneralJWE;
}
398
function encrypt(payload: string | Buffer, key: ProduceKeyInput, protected?: object): string;
namespace encrypt {
  function flattened(payload: string | Buffer, key: ProduceKeyInput, protected?: object, header?: object, aad?: string): FlattenedJWE;
  function general(payload: string | Buffer, key: ProduceKeyInput, protected?: object, header?: object, aad?: string): GeneralJWE;
}
404
interface DecryptOptions<komplet> {
  complete?: komplet;
  crit?: string[];
  algorithms?: string[];
}
410
interface completeDecrypt {
  cleartext: Buffer;
  key: JWK.Key;
  cek: JWK.OctKey;
  aad?: string;
  header?: object;
  unprotected?: object;
  protected?: object;
}
420
function decrypt(jwe: string | FlattenedJWE | GeneralJWE, key: ConsumeKeyInput, options?: DecryptOptions<false>): Buffer;
function decrypt(jwe: string | FlattenedJWE | GeneralJWE, key: ConsumeKeyInput, options?: DecryptOptions<true>): completeDecrypt;
423}
424
425export namespace JWT {
interface completeResult<T = JWK.Key> {
  payload: object;
  header: object;
  signature: string;
  key: T;
}
432
interface DecodeOptions<komplet> {
  complete?: komplet;
}
436
function decode(jwt: string, options?: DecodeOptions<false>): object;
function decode(jwt: string, options?: DecodeOptions<true>): completeResult<undefined>;
439
interface VerifyOptions<komplet> {
  complete?: komplet;
  ignoreExp?: boolean;
  ignoreNbf?: boolean;
  ignoreIat?: boolean;
  maxTokenAge?: string;
  subject?: string;
  issuer?: string;
  maxAuthAge?: string;
  jti?: string;
  clockTolerance?: string;
  audience?: string | string[];
  algorithms?: string[];
  nonce?: string;
  typ?: string;
  now?: Date;
  crit?: string[];
  profile?: JWTProfiles;
}
459
function verify(jwt: string, key: ConsumeKeyInputWithNone | EmbeddedVerifyKeys, options?: VerifyOptions<false>): object;
function verify(jwt: string, key: ConsumeKeyInput | EmbeddedVerifyKeys, options?: VerifyOptions<true>): completeResult;
function verify(jwt: string, key: NoneKey, options?: VerifyOptions<true>): completeResult<NoneKey>;
463
interface SignOptions {
  iat?: boolean;
  kid?: boolean;
  subject?: string;
  issuer?: string;
  audience?: string | string[];
  header?: object;
  algorithm?: string;
  expiresIn?: string;
  notBefore?: string;
  jti?: string;
  nonce?: string;
  now?: Date;
}
478
function sign(payload: object, key: ProduceKeyInputWithNone, options?: SignOptions): string;
480
interface VerifyProfileOptions<profile> {
  issuer: string;
  audience: string | string[];
  profile?: profile;
}
486
namespace IdToken {
  function verify(jwt: string, key: ConsumeKeyInputWithNone | EmbeddedVerifyKeys, options: VerifyOptions<false> & VerifyProfileOptions<'id_token'>): object;
  function verify(jwt: string, key: ConsumeKeyInput | EmbeddedVerifyKeys, options: VerifyOptions<true> & VerifyProfileOptions<'id_token'>): completeResult;
  function verify(jwt: string, key: NoneKey, options: VerifyOptions<true> & VerifyProfileOptions<'id_token'>): completeResult<NoneKey>;
}
492
namespace LogoutToken {
  function verify(jwt: string, key: ConsumeKeyInputWithNone | EmbeddedVerifyKeys, options: VerifyOptions<false> & VerifyProfileOptions<'logout_token'>): object;
  function verify(jwt: string, key: ConsumeKeyInput | EmbeddedVerifyKeys, options: VerifyOptions<true> & VerifyProfileOptions<'logout_token'>): completeResult;
  function verify(jwt: string, key: NoneKey, options: VerifyOptions<true> & VerifyProfileOptions<'logout_token'>): completeResult<NoneKey>;
}
498
namespace AccessToken {
  function verify(jwt: string, key: ConsumeKeyInputWithNone | EmbeddedVerifyKeys, options: VerifyOptions<false> & VerifyProfileOptions<'at+JWT'>): object;
  function verify(jwt: string, key: ConsumeKeyInput | EmbeddedVerifyKeys, options: VerifyOptions<true> & VerifyProfileOptions<'at+JWT'>): completeResult;
  function verify(jwt: string, key: NoneKey, options: VerifyOptions<true> & VerifyProfileOptions<'at+JWT'>): completeResult<NoneKey>;
}
504}
505
506export namespace errors {
class JOSEError<T = string> extends Error {
  code: T;
}
510
class JOSEInvalidEncoding extends JOSEError<'ERR_JOSE_INVALID_ENCODING'> {}
class JOSEMultiError extends JOSEError<'ERR_JOSE_MULTIPLE_ERRORS'> {}
513
class JOSEAlgNotWhitelisted extends JOSEError<'ERR_JOSE_ALG_NOT_WHITELISTED'> {}
class JOSECritNotUnderstood extends JOSEError<'ERR_JOSE_CRIT_NOT_UNDERSTOOD'> {}
class JOSENotSupported extends JOSEError<'ERR_JOSE_NOT_SUPPORTED'> {}
517
class JWEDecryptionFailed extends JOSEError<'ERR_JWE_DECRYPTION_FAILED'> {}
class JWEInvalid extends JOSEError<'ERR_JWE_INVALID'> {}
520
class JWKImportFailed extends JOSEError<'ERR_JWK_IMPORT_FAILED'> {}
class JWKInvalid extends JOSEError<'ERR_JWK_INVALID'> {}
class JWKKeySupport extends JOSEError<'ERR_JWK_KEY_SUPPORT'> {}
524
class JWKSNoMatchingKey extends JOSEError<'ERR_JWKS_NO_MATCHING_KEY'> {}
526
class JWSInvalid extends JOSEError<'ERR_JWS_INVALID'> {}
class JWSVerificationFailed extends JOSEError<'ERR_JWS_VERIFICATION_FAILED'> {}
529
class JWTClaimInvalid<T = 'ERR_JWT_CLAIM_INVALID'> extends JOSEError<T> {
  constructor(message?: string, claim?: string, reason?: string);
532
  claim: string;
  reason: 'prohibited' | 'missing' | 'invalid' | 'check_failed' | 'unspecified';
}
class JWTExpired extends JWTClaimInvalid<'ERR_JWT_EXPIRED'> {}
class JWTMalformed extends JOSEError<'ERR_JWT_MALFORMED'> {}
538}

1	`/// <reference types="node" />`
2	`// TypeScript Version: 3.6`
3
4	`import { KeyObject, PrivateKeyInput, PublicKeyInput } from 'crypto';`
5
6	`export type use = 'sig' \| 'enc';`
7	`export type keyOperation = 'sign' \| 'verify' \| 'encrypt' \| 'decrypt' \| 'wrapKey' \| 'unwrapKey' \| 'deriveKey';`
8	`export interface BasicParameters {`
9	`alg?: string;`
10	`use?: use;`
11	`kid?: string;`
12	`key_ops?: keyOperation[];`
13	`}`
14	`export interface KeyParameters extends BasicParameters {`
15	`x5c?: string[];`
16	`x5t?: string;`
17	`'x5t#S256'?: string;`
18	`}`
19	`export type ECCurve = 'P-256' \| 'secp256k1' \| 'P-384' \| 'P-521';`
20	`export type OKPCurve = 'Ed25519' \| 'Ed448' \| 'X25519' \| 'X448';`
21	`export type Curves = OKPCurve \| ECCurve;`
22	`export type keyType = 'RSA' \| 'EC' \| 'OKP' \| 'oct';`
23	`export type asymmetricKeyObjectTypes = 'private' \| 'public';`
24	`export type keyObjectTypes = asymmetricKeyObjectTypes \| 'secret';`
25	`export type JWTProfiles = 'id_token' \| 'at+JWT' \| 'logout_token';`
26	`export type KeyInput = PrivateKeyInput \| PublicKeyInput \| string \| Buffer;`
27	`export type ProduceKeyInput = JWK.Key \| KeyObject \| KeyInput \| JWKOctKey \| JWKRSAKey \| JWKECKey \| JWKOKPKey;`
28	`export type ConsumeKeyInput = ProduceKeyInput \| JWKS.KeyStore;`
29	`export type NoneKey = JWK.NoneKey;`
30	`export type EmbeddedJWK = JWK.EmbeddedJWK;`
31	`export type EmbeddedX5C = JWK.EmbeddedX5C;`
32	`export type EmbeddedVerifyKeys = EmbeddedJWK \| EmbeddedX5C;`
33	`export type ProduceKeyInputWithNone = ProduceKeyInput \| NoneKey;`
34	`export type ConsumeKeyInputWithNone = ConsumeKeyInput \| NoneKey;`
35
36	`export interface JWKOctKey extends BasicParameters { // no x5c`
37	`kty: 'oct';`
38	`k?: string;`
39	`}`
40
41	`export interface JWKECKey extends KeyParameters {`
42	`kty: 'EC';`
43	`crv: ECCurve;`
44	`x: string;`
45	`y: string;`
46	`d?: string;`
47	`}`
48
49	`export interface JWKOKPKey extends KeyParameters {`
50	`kty: 'OKP';`
51	`crv: OKPCurve;`
52	`x: string;`
53	`d?: string;`
54	`}`
55
56	`export interface JWKRSAKey extends KeyParameters {`
57	`kty: 'RSA';`
58	`e: string;`
59	`n: string;`
60	`d?: string;`
61	`p?: string;`
62	`q?: string;`
63	`dp?: string;`
64	`dq?: string;`
65	`qi?: string;`
66	`}`
67
68	`export type JSONWebKey = JWKRSAKey \| JWKOKPKey \| JWKECKey \| JWKOctKey;`
69
70	`export interface JSONWebKeySet {`
71	`keys: JSONWebKey[];`
72	`}`
73
74	`export interface ImportOptions {`
75	`calculateMissingRSAPrimes?: boolean;`
76	`}`
77
78	`export namespace JWK {`
79	`interface pemEncodingOptions {`
80	`type?: string;`
81	`cipher?: string;`
82	`passphrase?: string;`
83	`}`
84
85	`interface Key {`
86	`readonly private: boolean;`
87	`readonly public: boolean;`
88	`readonly secret: boolean;`
89	`readonly type: keyObjectTypes;`
90
91	`readonly kty: keyType;`
92	`readonly alg?: string;`
93	`readonly use?: use;`
94	`readonly key_ops?: ReadonlyArray<keyOperation>;`
95	`readonly kid: string;`
96	`readonly thumbprint: string;`
97	`readonly x5c?: ReadonlyArray<string>;`
98	`readonly x5t?: string;`
99	`readonly 'x5t#S256'?: string;`
100	`readonly keyObject: KeyObject;`
101
102	`readonly crv?: ECCurve \| OKPCurve;`
103	`readonly d?: string;`
104	`readonly dp?: string;`
105	`readonly dq?: string;`
106	`readonly e?: string;`
107	`readonly k?: string;`
108	`readonly n?: string;`
109	`readonly p?: string;`
110	`readonly q?: string;`
111	`readonly qi?: string;`
112	`readonly x?: string;`
113	`readonly y?: string;`
114
115	`toPEM(private?: boolean, encoding?: pemEncodingOptions): string;`
116
117	`algorithms(operation?: keyOperation): Set<string>;`
118	`}`
119
120	`interface RSAKey extends Key {`
121	`readonly secret: false;`
122	`readonly type: asymmetricKeyObjectTypes;`
123
124	`readonly kty: 'RSA';`
125
126	`readonly e: string;`
127	`readonly n: string;`
128	`readonly d?: string;`
129	`readonly p?: string;`
130	`readonly q?: string;`
131	`readonly dp?: string;`
132	`readonly dq?: string;`
133	`readonly qi?: string;`
134
135	`readonly crv: undefined;`
136	`readonly k: undefined;`
137	`readonly x: undefined;`
138	`readonly y: undefined;`
139
140	`toJWK(private?: boolean): JWKRSAKey;`
141	`}`
142
143	`interface ECKey extends Key {`
144	`readonly secret: false;`
145	`readonly type: asymmetricKeyObjectTypes;`
146
147	`readonly kty: 'EC';`
148
149	`readonly crv: ECCurve;`
150	`readonly x: string;`
151	`readonly y: string;`
152	`readonly d?: string;`
153
154	`readonly dp: undefined;`
155	`readonly dq: undefined;`
156	`readonly e: undefined;`
157	`readonly k: undefined;`
158	`readonly n: undefined;`
159	`readonly p: undefined;`
160	`readonly q: undefined;`
161	`readonly qi: undefined;`
162
163	`toJWK(private?: boolean): JWKECKey;`
164	`}`
165
166	`interface OKPKey extends Key {`
167	`readonly secret: false;`
168	`readonly type: asymmetricKeyObjectTypes;`
169
170	`readonly kty: 'OKP';`
171
172	`readonly crv: OKPCurve;`
173	`readonly x: string;`
174	`readonly d?: string;`
175
176	`readonly dp: undefined;`
177	`readonly dq: undefined;`
178	`readonly e: undefined;`
179	`readonly k: undefined;`
180	`readonly n: undefined;`
181	`readonly p: undefined;`
182	`readonly q: undefined;`
183	`readonly qi: undefined;`
184	`readonly y: undefined;`
185
186	`toJWK(private?: boolean): JWKOKPKey;`
187	`}`
188
189	`interface OctKey extends Key {`
190	`readonly private: false;`
191	`readonly public: false;`
192	`readonly secret: true;`
193	`readonly type: 'secret';`
194
195	`readonly kty: 'oct';`
196
197	`readonly k?: string;`
198
199	`readonly crv: undefined;`
200	`readonly d: undefined;`
201	`readonly dp: undefined;`
202	`readonly dq: undefined;`
203	`readonly e: undefined;`
204	`readonly n: undefined;`
205	`readonly p: undefined;`
206	`readonly q: undefined;`
207	`readonly qi: undefined;`
208	`readonly x: undefined;`
209	`readonly y: undefined;`
210
211	`toJWK(private?: boolean): JWKOctKey;`
212	`}`
213
214	`interface NoneKey {`
215	`readonly type: 'unsecured';`
216	`readonly alg: 'none';`
217	`algorithms(operation?: keyOperation): Set<string>;`
218	`}`
219
220	`const None: NoneKey;`
221
222	`interface EmbeddedJWK {`
223	`readonly type: 'embedded';`
224	`algorithms(operation?: keyOperation): Set<string>;`
225	`}`
226
227	`const EmbeddedJWK: EmbeddedJWK;`
228
229	`interface EmbeddedX5C {`
230	`readonly type: 'embedded';`
231	`algorithms(operation?: keyOperation): Set<string>;`
232	`}`
233
234	`const EmbeddedX5C: EmbeddedX5C;`
235
236	`function isKey(object: any): boolean;`
237
238	`function asKey(key: KeyObject \| KeyInput, parameters?: KeyParameters): RSAKey \| ECKey \| OKPKey \| OctKey;`
239	`function asKey(jwk: JWKOctKey): OctKey;`
240	`function asKey(jwk: JWKRSAKey, options?: ImportOptions): RSAKey;`
241	`function asKey(jwk: JWKECKey): ECKey;`
242	`function asKey(jwk: JWKOKPKey): OKPKey;`
243
244	`/*`
245	`* @deprecated in favor of asKey`
246	`*/`
247	`function importKey(key: KeyObject \| KeyInput, parameters?: KeyParameters): RSAKey \| ECKey \| OKPKey \| OctKey;`
248	`function importKey(jwk: JWKOctKey): OctKey;`
249	`function importKey(jwk: JWKRSAKey): RSAKey;`
250	`function importKey(jwk: JWKECKey): ECKey;`
251	`function importKey(jwk: JWKOKPKey): OKPKey;`
252
253	`function generate(kty: keyType, crvOrSize?: Curves \| number, parameters?: BasicParameters, private?: boolean): Promise<JWK.Key>;`
254	`function generate(kty: 'EC', crv?: ECCurve, parameters?: BasicParameters, private?: boolean): Promise<ECKey>;`
255	`function generate(kty: 'OKP', crv?: OKPCurve, parameters?: BasicParameters, private?: boolean): Promise<OKPKey>;`
256	`function generate(kty: 'RSA', bitlength?: number, parameters?: BasicParameters, private?: boolean): Promise<RSAKey>;`
257	`function generate(kty: 'oct', bitlength?: number, parameters?: BasicParameters): Promise<OctKey>;`
258
259	`function generateSync(kty: keyType, crvOrSize?: Curves \| number, parameters?: BasicParameters, private?: boolean): JWK.Key;`
260	`function generateSync(kty: 'EC', crv?: ECCurve, parameters?: BasicParameters, private?: boolean): ECKey;`
261	`function generateSync(kty: 'OKP', crv?: OKPCurve, parameters?: BasicParameters, private?: boolean): OKPKey;`
262	`function generateSync(kty: 'RSA', bitlength?: number, parameters?: BasicParameters, private?: boolean): RSAKey;`
263	`function generateSync(kty: 'oct', bitlength?: number, parameters?: BasicParameters): OctKey;`
264	`}`
265
266	`export namespace JWKS {`
267	`interface KeyQuery extends BasicParameters {`
268	`kty?: keyType;`
269	`x5t?: string;`
270	`'x5t#S256'?: string;`
271	`crv?: string;`
272	`thumbprint?: string;`
273	`}`
274
275	`class KeyStore {`
276	`constructor(keys?: JWK.Key[]);`
277
278	`readonly size: number;`
279
280	`add(key: JWK.Key): void;`
281	`remove(key: JWK.Key): void;`
282	`all(parameters?: KeyQuery): JWK.Key[];`
283	`get(parameters?: KeyQuery): JWK.Key;`
284
285	`toJWKS(private?: boolean): JSONWebKeySet;`
286
287	`generate(kty: keyType, crvOrSize?: Curves \| number, parameters?: BasicParameters, private?: boolean): Promise<void>;`
288	`generate(kty: 'EC', crv?: ECCurve, parameters?: BasicParameters, private?: boolean): Promise<void>;`
289	`generate(kty: 'OKP', crv?: OKPCurve, parameters?: BasicParameters, private?: boolean): Promise<void>;`
290	`generate(kty: 'RSA', bitlength?: number, parameters?: BasicParameters, private?: boolean): Promise<void>;`
291	`generate(kty: 'oct', bitlength?: number, parameters?: BasicParameters): Promise<void>;`
292
293	`generateSync(kty: keyType, crvOrSize?: Curves \| number, parameters?: BasicParameters, private?: boolean): void;`
294	`generateSync(kty: 'EC', crv?: ECCurve, parameters?: BasicParameters, private?: boolean): void;`
295	`generateSync(kty: 'OKP', crv?: OKPCurve, parameters?: BasicParameters, private?: boolean): void;`
296	`generateSync(kty: 'RSA', bitlength?: number, parameters?: BasicParameters, private?: boolean): void;`
297	`generateSync(kty: 'oct', bitlength?: number, parameters?: BasicParameters): void;`
298
299	`/*`
300	`* @deprecated in favor of JWKS.asKeyStore`
301	`*/`
302	`static fromJWKS(jwks: JSONWebKeySet): KeyStore;`
303	`}`
304
305	`interface JWKSImportOptions extends ImportOptions {`
306	`ignoreErrors?: boolean;`
307	`}`
308
309	`function asKeyStore(jwks: JSONWebKeySet, options?: JWKSImportOptions): KeyStore;`
310	`}`
311
312	`export namespace JWS {`
313	`interface JWSJSON {`
314	`payload: string;`
315	`}`
316
317	`interface JWSRecipient {`
318	`signature: string;`
319	`protected?: string;`
320	`header?: object;`
321	`}`
322
323	`interface FlattenedJWS extends JWSRecipient, JWSJSON {}`
324
325	`interface GeneralJWS extends JWSJSON {`
326	`signatures: JWSRecipient[];`
327	`}`
328
329	`class Sign {`
330	`constructor(payload: string \| Buffer \| object);`
331
332	`recipient(key: ProduceKeyInputWithNone, protected?: object, header?: object): void;`
333
334	`sign(serialization: 'compact'): string;`
335	`sign(serialization: 'flattened'): FlattenedJWS;`
336	`sign(serialization: 'general'): GeneralJWS;`
337	`}`
338
339	`function sign(payload: string \| Buffer \| object, key: ProduceKeyInputWithNone, protected?: object): string;`
340	`namespace sign {`
341	`function flattened(payload: string \| Buffer \| object, key: ProduceKeyInputWithNone, protected?: object, header?: object): FlattenedJWS;`
342	`function general(payload: string \| Buffer \| object, key: ProduceKeyInputWithNone, protected?: object, header?: object): GeneralJWS;`
343	`}`
344
345	`interface VerifyOptions<komplet = false, parse = true> {`
346	`complete?: komplet;`
347	`parse?: parse;`
348	`encoding?: BufferEncoding;`
349	`crit?: string[];`
350	`algorithms?: string[];`
351	`}`
352
353	`interface completeVerification<T, T2> {`
354	`payload: T;`
355	`key: T2;`
356	`protected?: object;`
357	`header?: object;`
358	`}`
359
360	`function verify(jws: string \| FlattenedJWS \| GeneralJWS, key: ConsumeKeyInputWithNone \| EmbeddedVerifyKeys, options?: VerifyOptions): string \| object;`
361	`function verify(jws: string \| FlattenedJWS \| GeneralJWS, key: ConsumeKeyInputWithNone \| EmbeddedVerifyKeys, options?: VerifyOptions<false, false>): Buffer;`
362	`function verify(jws: string \| FlattenedJWS \| GeneralJWS, key: ConsumeKeyInput \| EmbeddedVerifyKeys, options?: VerifyOptions<true>): completeVerification<string \| object, JWK.Key>;`
363	`function verify(jws: string \| FlattenedJWS \| GeneralJWS, key: ConsumeKeyInput \| EmbeddedVerifyKeys, options?: VerifyOptions<true, false>): completeVerification<Buffer, JWK.Key>;`
364	`function verify(jws: string \| FlattenedJWS \| GeneralJWS, key: NoneKey, options?: VerifyOptions<true>): completeVerification<string \| object, NoneKey>;`
365	`function verify(jws: string \| FlattenedJWS \| GeneralJWS, key: NoneKey, options?: VerifyOptions<true, false>): completeVerification<Buffer, NoneKey>;`
366	`}`
367
368	`export namespace JWE {`
369	`interface JWEJSON {`
370	`protected?: string;`
371	`unprotected?: object;`
372	`ciphertext: string;`
373	`tag: string;`
374	`iv: string;`
375	`aad?: string;`
376	`}`
377
378	`interface JWERecipient {`
379	`header?: object;`
380	`encrypted_key: string;`
381	`}`
382
383	`interface FlattenedJWE extends JWERecipient, JWEJSON {}`
384
385	`interface GeneralJWE extends JWEJSON {`
386	`recipients: JWERecipient[];`
387	`}`
388
389	`class Encrypt {`
390	`constructor(cleartext: string \| Buffer, protected?: object, unprotected?: object, aad?: string);`
391
392	`recipient(key: ProduceKeyInput, header?: object): void;`
393
394	`encrypt(serialization: 'compact'): string;`
395	`encrypt(serialization: 'flattened'): FlattenedJWE;`
396	`encrypt(serialization: 'general'): GeneralJWE;`
397	`}`
398
399	`function encrypt(payload: string \| Buffer, key: ProduceKeyInput, protected?: object): string;`
400	`namespace encrypt {`
401	`function flattened(payload: string \| Buffer, key: ProduceKeyInput, protected?: object, header?: object, aad?: string): FlattenedJWE;`
402	`function general(payload: string \| Buffer, key: ProduceKeyInput, protected?: object, header?: object, aad?: string): GeneralJWE;`
403	`}`
404
405	`interface DecryptOptions<komplet> {`
406	`complete?: komplet;`
407	`crit?: string[];`
408	`algorithms?: string[];`
409	`}`
410
411	`interface completeDecrypt {`
412	`cleartext: Buffer;`
413	`key: JWK.Key;`
414	`cek: JWK.OctKey;`
415	`aad?: string;`
416	`header?: object;`
417	`unprotected?: object;`
418	`protected?: object;`
419	`}`
420
421	`function decrypt(jwe: string \| FlattenedJWE \| GeneralJWE, key: ConsumeKeyInput, options?: DecryptOptions<false>): Buffer;`
422	`function decrypt(jwe: string \| FlattenedJWE \| GeneralJWE, key: ConsumeKeyInput, options?: DecryptOptions<true>): completeDecrypt;`
423	`}`
424
425	`export namespace JWT {`
426	`interface completeResult<T = JWK.Key> {`
427	`payload: object;`
428	`header: object;`
429	`signature: string;`
430	`key: T;`
431	`}`
432
433	`interface DecodeOptions<komplet> {`
434	`complete?: komplet;`
435	`}`
436
437	`function decode(jwt: string, options?: DecodeOptions<false>): object;`
438	`function decode(jwt: string, options?: DecodeOptions<true>): completeResult<undefined>;`
439
440	`interface VerifyOptions<komplet> {`
441	`complete?: komplet;`
442	`ignoreExp?: boolean;`
443	`ignoreNbf?: boolean;`
444	`ignoreIat?: boolean;`
445	`maxTokenAge?: string;`
446	`subject?: string;`
447	`issuer?: string;`
448	`maxAuthAge?: string;`
449	`jti?: string;`
450	`clockTolerance?: string;`
451	`audience?: string \| string[];`
452	`algorithms?: string[];`
453	`nonce?: string;`
454	`typ?: string;`
455	`now?: Date;`
456	`crit?: string[];`
457	`profile?: JWTProfiles;`
458	`}`
459
460	`function verify(jwt: string, key: ConsumeKeyInputWithNone \| EmbeddedVerifyKeys, options?: VerifyOptions<false>): object;`
461	`function verify(jwt: string, key: ConsumeKeyInput \| EmbeddedVerifyKeys, options?: VerifyOptions<true>): completeResult;`
462	`function verify(jwt: string, key: NoneKey, options?: VerifyOptions<true>): completeResult<NoneKey>;`
463
464	`interface SignOptions {`
465	`iat?: boolean;`
466	`kid?: boolean;`
467	`subject?: string;`
468	`issuer?: string;`
469	`audience?: string \| string[];`
470	`header?: object;`
471	`algorithm?: string;`
472	`expiresIn?: string;`
473	`notBefore?: string;`
474	`jti?: string;`
475	`nonce?: string;`
476	`now?: Date;`
477	`}`
478
479	`function sign(payload: object, key: ProduceKeyInputWithNone, options?: SignOptions): string;`
480
481	`interface VerifyProfileOptions<profile> {`
482	`issuer: string;`
483	`audience: string \| string[];`
484	`profile?: profile;`
485	`}`
486
487	`namespace IdToken {`
488	`function verify(jwt: string, key: ConsumeKeyInputWithNone \| EmbeddedVerifyKeys, options: VerifyOptions<false> & VerifyProfileOptions<'id_token'>): object;`
489	`function verify(jwt: string, key: ConsumeKeyInput \| EmbeddedVerifyKeys, options: VerifyOptions<true> & VerifyProfileOptions<'id_token'>): completeResult;`
490	`function verify(jwt: string, key: NoneKey, options: VerifyOptions<true> & VerifyProfileOptions<'id_token'>): completeResult<NoneKey>;`
491	`}`
492
493	`namespace LogoutToken {`
494	`function verify(jwt: string, key: ConsumeKeyInputWithNone \| EmbeddedVerifyKeys, options: VerifyOptions<false> & VerifyProfileOptions<'logout_token'>): object;`
495	`function verify(jwt: string, key: ConsumeKeyInput \| EmbeddedVerifyKeys, options: VerifyOptions<true> & VerifyProfileOptions<'logout_token'>): completeResult;`
496	`function verify(jwt: string, key: NoneKey, options: VerifyOptions<true> & VerifyProfileOptions<'logout_token'>): completeResult<NoneKey>;`
497	`}`
498
499	`namespace AccessToken {`
500	`function verify(jwt: string, key: ConsumeKeyInputWithNone \| EmbeddedVerifyKeys, options: VerifyOptions<false> & VerifyProfileOptions<'at+JWT'>): object;`
501	`function verify(jwt: string, key: ConsumeKeyInput \| EmbeddedVerifyKeys, options: VerifyOptions<true> & VerifyProfileOptions<'at+JWT'>): completeResult;`
502	`function verify(jwt: string, key: NoneKey, options: VerifyOptions<true> & VerifyProfileOptions<'at+JWT'>): completeResult<NoneKey>;`
503	`}`
504	`}`
505
506	`export namespace errors {`
507	`class JOSEError<T = string> extends Error {`
508	`code: T;`
509	`}`
510
511	`class JOSEInvalidEncoding extends JOSEError<'ERR_JOSE_INVALID_ENCODING'> {}`
512	`class JOSEMultiError extends JOSEError<'ERR_JOSE_MULTIPLE_ERRORS'> {}`
513
514	`class JOSEAlgNotWhitelisted extends JOSEError<'ERR_JOSE_ALG_NOT_WHITELISTED'> {}`
515	`class JOSECritNotUnderstood extends JOSEError<'ERR_JOSE_CRIT_NOT_UNDERSTOOD'> {}`
516	`class JOSENotSupported extends JOSEError<'ERR_JOSE_NOT_SUPPORTED'> {}`
517
518	`class JWEDecryptionFailed extends JOSEError<'ERR_JWE_DECRYPTION_FAILED'> {}`
519	`class JWEInvalid extends JOSEError<'ERR_JWE_INVALID'> {}`
520
521	`class JWKImportFailed extends JOSEError<'ERR_JWK_IMPORT_FAILED'> {}`
522	`class JWKInvalid extends JOSEError<'ERR_JWK_INVALID'> {}`
523	`class JWKKeySupport extends JOSEError<'ERR_JWK_KEY_SUPPORT'> {}`
524
525	`class JWKSNoMatchingKey extends JOSEError<'ERR_JWKS_NO_MATCHING_KEY'> {}`
526
527	`class JWSInvalid extends JOSEError<'ERR_JWS_INVALID'> {}`
528	`class JWSVerificationFailed extends JOSEError<'ERR_JWS_VERIFICATION_FAILED'> {}`
529
530	`class JWTClaimInvalid<T = 'ERR_JWT_CLAIM_INVALID'> extends JOSEError<T> {`
531	`constructor(message?: string, claim?: string, reason?: string);`
532
533	`claim: string;`
534	`reason: 'prohibited' \| 'missing' \| 'invalid' \| 'check_failed' \| 'unspecified';`
535	`}`
536	`class JWTExpired extends JWTClaimInvalid<'ERR_JWT_EXPIRED'> {}`
537	`class JWTMalformed extends JOSEError<'ERR_JWT_MALFORMED'> {}`
538	`}`