Class JwtRsaVerifierBase<SpecificVerifyProperties, IssuerConfig, MultiIssuer>Abstract

Abstract class representing a verifier for JWTs signed with RSA (e.g. RS256, RS384, RS512)

A class is used, because there is state:

  • The JWKS is fetched (downloaded) from the JWKS URI and cached in memory
  • Verification properties at verifier level, are used as default options for individual verify calls

When instantiating this class, relevant type parameters should be provided, for your concrete case:

Param: StillToProvide

The verification options that you want callers of verify to provide on individual verify calls

Type Parameters

  • SpecificVerifyProperties extends Record<string | number, unknown>

    The verification options that you'll use

  • IssuerConfig extends JwtRsaVerifierProperties<SpecificVerifyProperties>

    The issuer config that you'll use (config options are used as default verification options)

  • MultiIssuer extends boolean

    Verify multiple issuers (true) or just a single one (false)

Hierarchy (view full)

Constructors

constructor

Accessors

expectedIssuers

Methods

cacheJwks getIssuerConfig getVerifyParameters hydrate verify verifyDecomposedJwt verifyDecomposedJwtSync verifySync

Constructors

Protected constructor

Accessors

Protected expectedIssuers

  • get expectedIssuers(): string[]

  • Returns string[]

Methods

cacheJwks

  • cacheJwks(...__namedParameters): void

  • This method loads a JWKS that you provide, into the JWKS cache, so that it is available for JWT verification. Use this method to speed up the first JWT verification (when the JWKS would otherwise have to be downloaded from the JWKS uri), or to provide the JWKS in case the JwtVerifier does not have internet access to download the JWKS

    Parameters

    • Rest ...__namedParameters: MultiIssuer extends false
          ? [jwks: Jwks, issuer?: string]
          : [jwks: Jwks, issuer: string]

    Returns void

    void

Protected getIssuerConfig

  • getIssuerConfig(issuer?): IssuerConfig & {
        jwksUri: string;
    }

  • Parameters

    • Optional issuer: string

    Returns IssuerConfig & {
        jwksUri: string;
    }

Protected getVerifyParameters

hydrate

  • hydrate(): Promise<void>

  • Hydrate the JWKS cache for (all of) the configured issuer(s). This will fetch and cache the latest and greatest JWKS for concerned issuer(s).

    Returns Promise<void>

    void

verify

  • verify(...__namedParameters): Promise<JwtPayload>

  • Verify (asynchronously) a JWT that is signed using RS256 / RS384 / RS512. This call is asynchronous, and the JWKS will be fetched from the JWKS uri, in case it is not yet available in the cache.

    Parameters

    Returns Promise<JwtPayload>

    Promise that resolves to the payload of the JWT––if the JWT is valid, otherwise the promise rejects

Protected verifyDecomposedJwt

  • verifyDecomposedJwt(decomposedJwt, jwksUri, verifyProperties): Promise<JwtPayload>

  • Verify (asynchronously) an already decomposed JWT, that is signed using RS256 / RS384 / RS512.

    Parameters

    Returns Promise<JwtPayload>

    The payload of the JWT––if the JWT is valid, otherwise an error is thrown

Protected verifyDecomposedJwtSync

  • verifyDecomposedJwtSync(decomposedJwt, jwksUri, verifyProperties): JwtPayload

  • Verify (synchronously) an already decomposed JWT, that is signed using RS256 / RS384 / RS512.

    Parameters

    Returns JwtPayload

    The payload of the JWT––if the JWT is valid, otherwise an error is thrown

verifySync

Settings

Member Visibility

Theme

On This Page