@luolapeikko/oidc-jwt-verify
v0.0.2
Published
Simple asymmetric JWT validation for OIDC tokens
Maintainers
mharjReadme
@luolapeikko/oidc-jwt-verify
Json Webtoken Utility to validate OpenID JWT tokens against issuer public ssl keys
- Can build public PEM cert from modulus + exponent (i.e. Google OIDC)
- Caches issuer OpenID Connector configuration 24h
- New Token "kid" forces reloading OpenID Connector jwks_uri data.
Note: if running NodeJS less than 18.0.0 you need to install and use cross-fetch polyfill
Usage example
// with Bearer header
try {
const { body, isCached } = await jwtBearerVerify(req.headers.authorization);
} catch (err) {
console.log(err);
}
// or Just token
try {
const { body, isCached } = await jwtVerify(process.env.GOOGLE_ID_TOKEN);
} catch (err) {
console.log(err);
}
// attach logger to see http requests (console and log4js should be working)
setJwtLogger(console);Enable public cert file caching
const certCacheSchema = z.object({certs: z.record(z.string(), z.record(z.string(), z.string())), _ts: z.number()}) satisfies StandardSchemaV1<
unknown,
CertRecords
>;
await useCache(new FileCertCache({fileName: './certCache.json', schema: certCacheSchema}));
// or with Tachyon storage driver
await useCache(new TachyonCertCache(new FileStorageDriver({name: 'FileCertCacheDriver', fileName: './unitTestCache.json'}, certCacheBufferSerializer(certCacheSchema))));Enable verified token persist caching (Tachyon storage driver with encryption)
import {
isRawJwtToken,
type RawJwtToken,
setTokenCache,
} from "@luolapeikko/oidc-jwt-verify";
import { buildTokenCacheBufferSerializer } from "@luolapeikko/oidc-jwt-verify-tachyon";
import {
CryptoBufferProcessor,
FileStorageDriver,
} from "tachyon-drive-node-fs";
import { TachyonExpireCache } from "tachyon-expire-cache";
import { z } from "zod";
const tokenBodySchema = z.object({}).loose(); // or build token payload schema
const tokenCacheMapSchema = z.map(
z.string().refine(isRawJwtToken),
z.object({ expires: z.number(), data: tokenBodySchema }),
);
const bufferSerializer = buildTokenCacheBufferSerializer(tokenCacheMapSchema);
// const stringSerializer = buildTokenCacheStringSerializer<TokenPayload>(tokenCacheMapSchema); // if using string based Tachyon drivers
const processor = new CryptoBufferProcessor(Buffer.from("some-secret-key"));
const driver = new FileStorageDriver(
{ name: "TokenStorageDriver", fileName: "./tokenCache.aes" },
bufferSerializer,
processor,
);
const cache = new TachyonExpireCache<
z.infer<typeof tokenBodySchema>,
RawJwtToken
>({ name: "TachyonExpireCache" }, driver);
setTokenCache(cache);