Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable Key Lookup #41

Open
wants to merge 14 commits into
base: master
Choose a base branch
from
Open

Enable Key Lookup #41

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
399fee9
export Parser and test
jkevlin2 Dec 24, 2016
bd1761d
Merge pull request #1 from jkevlin/issues/39
jkevlin2 Dec 24, 2016
a73fc3a
allow Verifier.verify to accept a Jwt as a parameter to bypass parsing
jkevlin2 Dec 24, 2016
c6ea653
Merge pull request #2 from jkevlin/verfy-accept-jwt-param
jkevlin2 Dec 24, 2016
efbaab3
add setter for keyid and test
jkevlin2 Dec 24, 2016
6ca2671
Merge pull request #3 from jkevlin/add-setter-for-keyid
jkevlin2 Dec 24, 2016
a53b1d6
added test and example in README for using a keyid for a lookup
jkevlin2 Dec 25, 2016
07fc6cc
Merge pull request #4 from jkevlin/add-test-and-docs-for-keylookup
jkevlin2 Dec 25, 2016
cdeaa68
Per RFC changed from keyid to kid
jkevlin2 Dec 25, 2016
3f55b26
Merge pull request #5 from jkevlin/add-test-and-docs-for-keylookup
jkevlin2 Dec 25, 2016
30de400
added comment and trigger travis
jkevlin2 Dec 25, 2016
118a149
Merge pull request #6 from jkevlin/add-test-and-docs-for-keylookup
jkevlin2 Dec 25, 2016
b41cb5d
fixed typo in README
jkevlin2 Dec 25, 2016
07e14e7
Merge pull request #7 from jkevlin/add-test-and-docs-for-keylookup
jkevlin2 Dec 25, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 32 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -234,9 +234,40 @@ ES384 | ECDSA using P-384 curve and SHA-384 hash algorithm
ES512 | ECDSA using P-521 curve and SHA-512 hash algorithm
none | No digital signature or MAC value included

## Key Lookup

```javascript
var claims = {hello: 'world'}

var keys = [
{kid: 'key1', secret: '12345'},
{kid: 'key2',secret: 'abcd'}
];
var currentKey = 0

// create a token
var token = new nJwt.Jwt(claims)
.setSigningAlgorithm('HS256')
.setSigningKey(keys[currentKey].secret)
.setSigningKeyId(keys[currentKey].kid)
.compact();

// Parse the tokent
var jwt = new nJwt.Parser().parse(token);
// lookup the key
var found = keys.find(k => k.kid === jwt.header.kid)
// then verify
var verifier = new nJwt.Verifier()
.setSigningAlgorithm('HS256')
.setSigningKey(found.secret)
.verify(token, function (err, res) {
if (res.body.hello !== claims.hello)
throw(new Error('lookup didnt work'))
});
```

## Unsupported features

The following features are not yet supported by this library:

* Encrypting the JWT (aka JWE)
* Signing key resolver (using the `kid` field)
23 changes: 18 additions & 5 deletions index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -192,6 +192,11 @@ Jwt.prototype.setSigningKey = function setSigningKey(key) {
this.signingKey = key;
return this;
};
Jwt.prototype.setSigningKeyId = function setSigningKeyId(kid) {
this.header.kid = kid;
return this;
};

Jwt.prototype.setSigningAlgorithm = function setSigningAlgorithm(alg) {
if(!this.isSupportedAlg(alg)){
throw new JwtError(properties.errors.UNSUPPORTED_SIGNING_ALG);
Expand Down Expand Up @@ -258,6 +263,9 @@ Jwt.prototype.isNotBefore = function() {
};

function Parser(options){
if(!(this instanceof Parser)){
return new Parser(options);
}
return this;
}

Expand Down Expand Up @@ -328,12 +336,16 @@ Verifier.prototype.verify = function verify(jwtString,cb){

var done = handleError.bind(null,cb);

try {
jwt = new Parser().parse(jwtString);
} catch(e) {
return done(e);
if (jwtString instanceof Jwt) {
jwt = jwtString;
// console.log(jwt)
} else {
try {
jwt = new Parser().parse(jwtString);
} catch(e) {
return done(e);
}
}

var body = jwt.body;
var header = jwt.header;
var signature = jwt.signature;
Expand Down Expand Up @@ -402,6 +414,7 @@ var jwtLib = {
Jwt: Jwt,
JwtBody: JwtBody,
JwtHeader: JwtHeader,
Parser: Parser,
Verifier: Verifier,
base64urlEncode: base64urlEncode,
base64urlUnescape:base64urlUnescape,
Expand Down
9 changes: 9 additions & 0 deletions test/jwt.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,15 @@ describe('Jwt',function() {
});
});

describe('.setSigningKeyId()',function(){
it('should accept a kid',function(){
var kid = '1234'
var jwt = new nJwt.Jwt({}, false)
.setSigningKeyId(kid);
assert.equal(jwt.header.kid, kid);
});
});

describe('.sign()',function(){
it('should throw if you give it an unknown algoritm',function(){
assert.throws(function(){
Expand Down
75 changes: 75 additions & 0 deletions test/key-lookup.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
var assert = require('chai').assert;
var uuid = require('uuid');
var nJwt = require('../');

describe('demonstrate a key lookup on verify', function () {
describe('and given an signed token', function () {
var result;
var claims = {hello: 'world'}
var keys = [
{kid: 'key1', secret: '12345'},
{kid: 'key2',secret: 'abcd'}
];
var currentKey = 0
var expectedSecret = keys[currentKey].secret

var token = new nJwt.Jwt(claims)
.setSigningAlgorithm('HS256')
.setSigningKey(expectedSecret)
.setSigningKeyId(keys[currentKey].kid)
.compact();

var jwt = new nJwt.Parser().parse(token);
var found = keys.find(k => k.kid === jwt.header.kid)

assert.equal(found.secret, expectedSecret);

before(function (done) {
var verifier = new nJwt.Verifier()
.setSigningAlgorithm('HS256')
.setSigningKey(found.secret)
verifier.verify(token, function (err, res) {
result = [err, res];
done();
});
});

it('the jwt should be equal', function () {
assert.equal(result[1].body.hello, claims.hello);
});
});


describe('demo key lookup', function () {
var claims = {hello: 'world'}

var keys = [
{kid: 'key1', secret: '12345'},
{kid: 'key2',secret: 'abcd'}
];
var currentKey = 0

// ENCODE
// create a token
var token = new nJwt.Jwt(claims)
.setSigningAlgorithm('HS256')
.setSigningKey(keys[currentKey].secret)
.setSigningKeyId(keys[currentKey].kid)
.compact();

// DECODE
// Parse the tokent
var jwt = new nJwt.Parser().parse(token);
// lookup the key
var found = keys.find(k => k.kid === jwt.header.kid)
// then verify
var verifier = new nJwt.Verifier()
.setSigningAlgorithm('HS256')
.setSigningKey(found.secret)
.verify(token, function (err, res) {
if (res.body.hello !== claims.hello)
throw(new Error('lookup didnt work'))
});
});

});
43 changes: 43 additions & 0 deletions test/parser.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
var assert = require('chai').assert;
var uuid = require('uuid');
var nJwt = require('../');


describe('Parser', function () {
it('should construct itself if called without new', function () {
assert(nJwt.Parser() instanceof nJwt.Parser);
});
});

describe('Parser.parse(token)', function () {
var result = null
var claims = { hello: 'world' }
var token = new nJwt.Jwt(claims, false)
.setSigningAlgorithm('none')
.compact();
it('should parse a valid token', function () {
var jwt = new nJwt.Parser().parse(token);
assert.equal(jwt.body.hello, claims.hello);
});

});

describe('Parser.parse(token, cb)', function () {
var result = null
var claims = { hello: 'world' }
before(function (done) {
var token = new nJwt.Jwt(claims, false)
.setSigningAlgorithm('none')
.compact();
var parser = nJwt.Parser();
parser.parse(token, function (err, res) {
result = [err, res];
done();
});
});
it('should parse a valid token', function () {
assert.isNull(result[0], 'An error was not returned');
assert.equal(result[1].body.hello, claims.hello);
});

});
23 changes: 23 additions & 0 deletions test/verifier.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -328,4 +328,27 @@ describe('Verifier().verify() ',function(){
assert.equal(result[0].userMessage,properties.errors.SIGNATURE_MISMTACH);
});
});

describe('verify an existing Jwt object', function () {
var result = null
var claims = { hello: 'world' }

before(function(done){
var token = new nJwt.Jwt(claims, false)
.setSigningAlgorithm('none')
.compact();
var jwt = new nJwt.Parser().parse(token);
var verifier = new nJwt.Verifier()
.setSigningAlgorithm('none')
verifier.verify(jwt, function(err,res){
result = [err,res];
done();
});
});
it('should accept a valid Jwt as first param', function () {
assert.equal(result[1].body.hello, claims.hello);
});

});

});