mharj-jwt-util

Json Webtoken Utility to validate OpenID tokens against issuer public ssl keys

• Can build public PEM cert from modulus + exponent (i.e. Google)
• Caches issuer OpenID configuration 24h
• New Token "kid" forces reloading jwks_uri data.

Note: if running NodeJS less than 18.0.0 you need to install and use cross-fetch polyfill

Usage example

// with Bearer header
try {
	const {body, isCached} = await jwtBearerVerify(req.headers.authorization);
} catch (err) {
	console.log(err);
}
// or Just token
try {
	const {body, isCached} = await jwtVerify(process.env.GOOGLE_ID_TOKEN);
} catch (err) {
	console.log(err);
}

// attach logger to see http requests (console and log4js should be working)
setJwtLogger(console);

Enable public cert file caching

await useCache(new FileCertCache({fileName: './certCache.json'}));

// or with Tachyon storage driver
await useCache(new TachyonCertCache(new FileStorageDriver('FileCertCacheDriver', './certCache.json', certCacheBufferSerializer)));

Enable verified token persist caching (Tachyon storage driver with encryption)

import {z} from 'zod';
import {TachyonExpireCache} from 'tachyon-expire-cache';
import {CryptoBufferProcessor, FileStorageDriver} from 'tachyon-drive-node-fs';
import {buildTokenCacheBufferSerializer, setTokenCache} from 'mharj-jwt-util';

const anyObjectSchema = z.object({}).passthrough(); // or build token payload schema
const bufferSerializer = buildTokenCacheBufferSerializer<TokenPayload>(anyObjectSchema);
// const stringSerializer = buildTokenCacheStringSerializer<TokenPayload>(anyObjectSchema); // if using string based Tachyon drivers
const processor = new CryptoBufferProcessor(Buffer.from('some-secret-key'));
const driver = new FileStorageDriver('TokenStorageDriver', {fileName: './tokenCache.aes'}, bufferSerializer, processor);
const cache = new TachyonExpireCache<TokenPayload, RawJwtToken>('TachyonExpireCache', driver);
setTokenCache(cache);