Name: idtoken-verifier
Owner: Auth0
Description: Lightweight RSA JWT verification
Created: 2016-12-29 18:36:42.0
Updated: 2018-05-14 10:45:35.0
Pushed: 2018-05-04 21:43:35.0
Size: 674
Language: JavaScript
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
A lightweight library to decode and verify RS JWT meant for the browser.
IdTokenVerifier = require('idtoken-verifier');
verifier = new IdTokenVerifier({
issuer: 'https://my.auth0.com/',
audience: 'gYSNlU4YC4V1YPdqq8zPQcup6rJw1Mbt'
fier.verify(id_token, nonce, function(error, payload) {
...
decoded = verifier.decode(id_token);
Initializes the verifier.
Parameters:
/.well-known/jwks.json
endpoint each time it verifies a token. You can provide a cache to store the keys and avoid repeated requests. For the contract, check this example.${id_token.iss}/.well-known/jwks.json
This method will decode the token, verify the issuer, audience, expiration, algorithm and nonce claims and after that will verify the token signature.
Parameters
This method will decode the token header and payload WITHOUT doing any verification.
Parameters
Return
To make it as lightweight as posible, it only provides support for RS256 tokens. It can be easily extensible to other RS* algorithms.
If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
This project is licensed under the MIT license. See the LICENSE file for more info.