Feat: Check jwks_uri is a valid URL

package.json

@@ -1,6 +1,6 @@
 {
   "name": "ts-dpop",
-  "version": "0.3.0",
+  "version": "0.3.1",
   "description": "Verifies Solid access tokens via their WebID claim, and thus asserts ownership of WebIDs.",
   "license": "MIT",
   "keywords": [

src/lib/Issuer.ts

@@ -31,14 +31,21 @@ async function config(iss: URL): Promise<JSON> {
   );
 }
 
-async function jwksUri(iss: URL): Promise<string> {
+async function jwksUri(iss: URL): Promise<URL> {
   const issuerConfig = await config(iss);
 
   if (
     isObjectPropertyOf(issuerConfig, "jwks_uri") &&
     isString(issuerConfig.jwks_uri)
   ) {
-    return issuerConfig.jwks_uri;
+    try {
+      return new URL(issuerConfig.jwks_uri);
+    } catch (_) {
+      throw new SolidTokenVerifierError(
+        "SolidIdentityIssuerConfigError",
+        `Failed parsing jwks_uri from identity issuer configuration at URL ${iss.toString()} as a URL`
+      );
+    }
   }
 
   throw new SolidTokenVerifierError(
@@ -48,5 +55,5 @@ async function jwksUri(iss: URL): Promise<string> {
 }
 
 export const keySet: GetKeySetFunction = async function (iss: URL) {
-  return createRemoteJWKSet(new URL(await jwksUri(iss)));
+  return createRemoteJWKSet(await jwksUri(iss));
 };

test/Issuer.test.ts

@@ -44,7 +44,18 @@ describe("Issuer key set", () => {
     );
   });
 
-  it("Throws when Issuer doesn't", async () => {
+  it("Throws when Issuer's JWKS URI is not a URL", async () => {
+    (crossFetch as jest.Mock).mockResolvedValueOnce({
+      ok: true,
+      json: () => ({ jwks_uri: "not_a_URI" }),
+    });
+
+    await expect(keySet(issuer)).rejects.toThrow(
+      "Failed parsing jwks_uri from identity issuer configuration at URL https://example-issuer.com/ as a URL"
+    );
+  });
+
+  it("Throws when Issuer config fetch fails", async () => {
     (crossFetch as jest.Mock).mockResolvedValueOnce({
       status: 400,
       json: () => ({}),