How to use jose - 10 common examples

To help you get started, we’ve selected a few jose examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github panva / node-oidc-provider / test / run.js View on Github external
async function singleRun() {
  clearRequireCache();
  const jose = require('jose'); // eslint-disable-line global-require
  global.keystore = new jose.JWKS.KeyStore();
  await Promise.all([
    global.keystore.generate('RSA', 2048),
    global.keystore.generate('EC', 'P-256'),
    runtimeSupport.EdDSA ? global.keystore.generate('OKP', 'Ed25519') : undefined,
  ]);
  const DEFAULTS = require('../lib/helpers/defaults'); // eslint-disable-line global-require
  if (this.format === 'jwt-ietf' || typeof this.format === 'function') {
    DEFAULTS.features.ietfJWTAccessTokenProfile.enabled = true;
    DEFAULTS.features.ietfJWTAccessTokenProfile.ack = 2;
  }
  DEFAULTS.formats.AccessToken = this.format;
  DEFAULTS.formats.ClientCredentials = this.format;

  process.env.MOUNT_VIA = process.env.MOUNT_VIA || '';
  process.env.MOUNT_TO = process.env.MOUNT_TO || '/';
github panva / node-oidc-provider / certification / fapi / index.js View on Github external
const pem = require('https-pem');

const { Provider } = require('../../lib'); // require('oidc-provider');

const OFFICIAL_CERTIFICATION = 'https://www.certification.openid.net';
const { PORT = 3000, ISSUER = `http://localhost:${PORT}`, SUITE_BASE_URL = OFFICIAL_CERTIFICATION } = process.env;

const ALGS = ['PS256', 'ES256', 'EdDSA'];
const tokenEndpointAuthMethods = ['private_key_jwt', 'self_signed_tls_client_auth'];

const normalize = (cert) => cert.toString().replace(/(?:-----(?:BEGIN|END) CERTIFICATE-----|\s)/g, '');

const JWK_PKJWTONE = jose.JWK.asKey(readFileSync(path.join(__dirname, 'pkjwtone.key')), { alg: 'PS256', use: 'sig' }).toJWK();
const JWK_PKJWTTWO = jose.JWK.asKey(readFileSync(path.join(__dirname, 'pkjwttwo.key')), { alg: 'PS256', use: 'sig' }).toJWK();
const JWK_MTLSONE = jose.JWK.asKey(readFileSync(path.join(__dirname, 'mtlsone.key')), { x5c: [normalize(readFileSync(path.join(__dirname, 'mtlsone.crt')))], alg: 'PS256', use: 'sig' }).toJWK();
const JWK_MTLSTWO = jose.JWK.asKey(readFileSync(path.join(__dirname, 'mtlstwo.key')), { x5c: [normalize(readFileSync(path.join(__dirname, 'mtlstwo.crt')))], alg: 'PS256', use: 'sig' }).toJWK();

const fapi = new Provider(ISSUER, {
  acrValues: ['urn:mace:incommon:iap:silver'],
  routes: {
    userinfo: '/accounts',
  },
  jwks: {
    keys: [
      {
        alg: 'PS256',
        d: 'dxzWeLBYGwOgNb-S-4RCDxz7U6lUPPZaIkrbmkpLsdDdZOkMXGg_jk2LIJ3tYgAvZkWm87ZQqKjN2ADzJmpHvu-vCLuh8ccpwaiTXfWTOjjii0-Cfq0-fT6aQpIglbwubVKi1Tqxz-AglrMnCkNICm-e0GsotXFskxhwybp8IAZP__Up1pg-G9Dg_Timtepw55HjO4xDhzY70zV2NqSDEIvKOleyIZj4JP5kCkwP4_FJw_KynXwlxKvCshtFC3U2IEWWUaUQmM8Yy1Hz2x3TqImLQTWs3EMm6oRuhS0Y4tg9VlzJqnetdd6Ulh-DFzSB37KnBZS1qvnGGG4Cri9IkQ',
        dp: 'tc9sHeUoX1V1cedHpn0VUNiFwCSRTIn6IMzaSRS4f3IUMbLUHv6Ybt9MRco3hBRV1PrJv8K2YPWzZnNIoFF6gILIIsmz1EJX36lcHtIme0GLAt3BFNm_ofmxA6pLPawtDvo_uFpTBm-Z2frq-BSGeDGh5_Tr1cdlS1RT70RJzbk',
        dq: 'FXlVWUgfSZ3HDqkuqcTGrFq4DPsPFOHEmnkUpT9TRFTXddWqSQe4IZvoWpidxORHD7a0-8x_DhXA40zLVZ42dOa8O7QUEweC9JQEY7DnD6ORZvbALc55CKBDrE52C9y5sk2FM2mWU2YudqDwt2SMZn3vGFTjygQ_P0EBFI08e80',
        e: 'AQAB',
        kty: 'RSA',
        n: 'sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw',
github panva / node-oidc-provider / certification / fapi / index.js View on Github external
const jose = require('jose');
const helmet = require('koa-helmet');
const pem = require('https-pem');

const { Provider } = require('../../lib'); // require('oidc-provider');

const OFFICIAL_CERTIFICATION = 'https://www.certification.openid.net';
const { PORT = 3000, ISSUER = `http://localhost:${PORT}`, SUITE_BASE_URL = OFFICIAL_CERTIFICATION } = process.env;

const ALGS = ['PS256', 'ES256', 'EdDSA'];
const tokenEndpointAuthMethods = ['private_key_jwt', 'self_signed_tls_client_auth'];

const normalize = (cert) => cert.toString().replace(/(?:-----(?:BEGIN|END) CERTIFICATE-----|\s)/g, '');

const JWK_PKJWTONE = jose.JWK.asKey(readFileSync(path.join(__dirname, 'pkjwtone.key')), { alg: 'PS256', use: 'sig' }).toJWK();
const JWK_PKJWTTWO = jose.JWK.asKey(readFileSync(path.join(__dirname, 'pkjwttwo.key')), { alg: 'PS256', use: 'sig' }).toJWK();
const JWK_MTLSONE = jose.JWK.asKey(readFileSync(path.join(__dirname, 'mtlsone.key')), { x5c: [normalize(readFileSync(path.join(__dirname, 'mtlsone.crt')))], alg: 'PS256', use: 'sig' }).toJWK();
const JWK_MTLSTWO = jose.JWK.asKey(readFileSync(path.join(__dirname, 'mtlstwo.key')), { x5c: [normalize(readFileSync(path.join(__dirname, 'mtlstwo.crt')))], alg: 'PS256', use: 'sig' }).toJWK();

const fapi = new Provider(ISSUER, {
  acrValues: ['urn:mace:incommon:iap:silver'],
  routes: {
    userinfo: '/accounts',
  },
  jwks: {
    keys: [
      {
        alg: 'PS256',
        d: 'dxzWeLBYGwOgNb-S-4RCDxz7U6lUPPZaIkrbmkpLsdDdZOkMXGg_jk2LIJ3tYgAvZkWm87ZQqKjN2ADzJmpHvu-vCLuh8ccpwaiTXfWTOjjii0-Cfq0-fT6aQpIglbwubVKi1Tqxz-AglrMnCkNICm-e0GsotXFskxhwybp8IAZP__Up1pg-G9Dg_Timtepw55HjO4xDhzY70zV2NqSDEIvKOleyIZj4JP5kCkwP4_FJw_KynXwlxKvCshtFC3U2IEWWUaUQmM8Yy1Hz2x3TqImLQTWs3EMm6oRuhS0Y4tg9VlzJqnetdd6Ulh-DFzSB37KnBZS1qvnGGG4Cri9IkQ',
        dp: 'tc9sHeUoX1V1cedHpn0VUNiFwCSRTIn6IMzaSRS4f3IUMbLUHv6Ybt9MRco3hBRV1PrJv8K2YPWzZnNIoFF6gILIIsmz1EJX36lcHtIme0GLAt3BFNm_ofmxA6pLPawtDvo_uFpTBm-Z2frq-BSGeDGh5_Tr1cdlS1RT70RJzbk',
        dq: 'FXlVWUgfSZ3HDqkuqcTGrFq4DPsPFOHEmnkUpT9TRFTXddWqSQe4IZvoWpidxORHD7a0-8x_DhXA40zLVZ42dOa8O7QUEweC9JQEY7DnD6ORZvbALc55CKBDrE52C9y5sk2FM2mWU2YudqDwt2SMZn3vGFTjygQ_P0EBFI08e80',
github adamyi / CTFProxy / infra / xssbot / server.js View on Github external
const fs = require("fs");
const express = require("express");
// const puppeteer = require('puppeteer');
const { Cluster } = require("puppeteer-cluster");
const jose = require("jose");

const PORT = process.env.PORT || 8080;
const TASKTIMEOUT = process.env.TASKTIMEOUT || 5000;
const NETIDLETIMEOUT = process.env.NETIDLETIMEOUT || 2000;
const NEWREQIDLETIMEOUT = process.env.NEWREQIDLETIMEOUT || 2000;
const MAXCONCURRENTY = process.env.MAXCONCURRENCY || 2;
const CTFDOMAIN = "." + process.env.CTFDOMAIN;
const app = express();

var publicKEY = jose.JWK.asKey(fs.readFileSync("/jwt.pub", "utf8"));

function sleep(ms) {
  return new Promise((resolve) => setTimeout(resolve, ms));
}

// idle when there's no traffic in timeout, or no new request in reqtimeout
function waitForNetworkIdle(
  page,
  timeout,
  reqtimeout,
  maxInflightRequests = 0
) {
  page.on("request", onRequestStarted);
  page.on("requestfinished", onRequestFinished);
  page.on("requestfailed", onRequestFinished);
github panva / node-oidc-provider / lib / helpers / initialize_keystore.js View on Github external
module.exports = function initializeKeystore(jwks) {
  if (isEqual(jwks, DEV_KEYSTORE)) {
    /* eslint-disable no-multi-str */
    attention.warn('a quick start development-only signing keys are used, you are expected to \
provide your own in configuration "jwks" property');
    /* eslint-enable */
  }

  let keystore;
  try {
    keystore = JWKS.asKeyStore(jwks);
  } catch (err) {
    throw new Error('keystore must be a JSON Web Key Set formatted object');
  }

  if (!runtimeSupport.shake256 && keystore.get({ kty: 'OKP', crv: 'Ed448' })) {
    throw new Error('Ed448 keys are only fully supported to sign ID Tokens with in node runtime >= 12.8.0');
  }

  if (keystore.get({ kty: 'EC', crv: 'secp256k1' }) && !instance(this).configuration('features.secp256k1.enabled')) {
    throw new Error('`features.secp256k1` must be enabled before adding secp256k1 EC keys');
  }

  instance(this).keystore = keystore;
  let warned;
  for (const key of keystore) { // eslint-disable-line no-restricted-syntax
    if (!warned && keystore.all({ kid: key.kid }).length > 1) {
github panva / node-oidc-provider / test / encryption / encryption.config.js View on Github external
const pull = require('lodash/pull');
const jose = require('jose');

const config = cloneDeep(require('../default.config'));

merge(config.features, {
  requestObjects: { request: true },
  encryption: { enabled: true },
  introspection: { enabled: true },
  jwtIntrospection: { enabled: true },
});

pull(config.whitelistedJWA.requestObjectEncryptionAlgValues, 'RSA-OAEP');
pull(config.whitelistedJWA.requestObjectEncryptionEncValues, 'A192CBC-HS384');

const k = jose.JWK.generateSync('RSA', 2048);

const privKey = {
  keys: [k.toJWK(true)],
};

const pubKey = {
  keys: [k.toJWK(false)],
};

module.exports = {
  config,
  privKey,
  clients: [
    {
      client_id: 'client',
      client_secret: 'secret',
github panva / node-openid-client / lib / client.js View on Github external
if (!this.client_secret) {
      throw new TypeError('client_secret is required');
    }
    if (/^A(\d{3})(?:GCM)?KW$/.test(alg)) {
      return this.derivedKey(parseInt(RegExp.$1, 10));
    }

    if (/^A(\d{3})(?:GCM|CBC-HS(\d{3}))$/.test(alg)) {
      return this.derivedKey(parseInt(RegExp.$2 || RegExp.$1, 10));
    }

    if (instance(this).has('jose_secret')) {
      return instance(this).get('jose_secret');
    }

    const key = jose.JWK.asKey({ k: base64url.encode(this.client_secret), kty: 'oct' });
    instance(this).set('jose_secret', key);

    return key;
  }
github panva / node-oidc-provider / lib / models / client.js View on Github external
value(opts) {
              if (opts && opts.alg && algs.has(opts.alg)) {
                let key;
                if (opts.alg.startsWith('HS')) {
                  key = jose.JWK.asKey({
                    alg: opts.alg, use: 'sig', kty: 'oct', k: base64url.encode(this.client.clientSecret),
                  });
                } else if (/^A(\d{3})(?:GCM)?KW$/.test(opts.alg)) {
                  const len = parseInt(RegExp.$1, 10) / 8;
                  key = jose.JWK.asKey({
                    alg: opts.alg, use: 'enc', kty: 'oct', k: deriveKey(this.client.clientSecret, len),
                  });
                } else if (/^A(\d{3})(?:GCM|CBC-HS(\d{3}))$/.test(opts.alg)) {
                  const len = parseInt(RegExp.$2 || RegExp.$1, 10) / 8;
                  key = jose.JWK.asKey({
                    alg: opts.alg, use: 'enc', kty: 'oct', k: deriveKey(this.client.clientSecret, len),
                  });
                } else if (opts.alg.startsWith('PBES2')) {
                  key = jose.JWK.asKey({
                    alg: opts.alg, use: 'enc', kty: 'oct', k: base64url.encode(this.client.clientSecret),
                  });
                }

                algs.delete(opts.alg);
                if (algs.size === 0) {
                  delete instance(client).lazyAlgs;
github adamyi / CTFProxy / infra / xssbot / server.js View on Github external
app.get("/", async function (req, res) {
    console.log("incoming request");
    let token = req.headers["x-ctfproxy-jwt"];
    console.log(token);
    var djwt;
    if (token) {
      try {
        djwt = jose.JWT.verify(token, publicKEY);
      } catch (err) {
        console.log("token invalid");
        return res.json({ success: false, message: "Token is not valid" });
      }
    } else {
      console.log("auth token not supplied");
      return res.json({
        success: false,
        message: "Auth token is not supplied",
      });
    }

    if (!req.query.url) {
      console.log("no url");
      return res.json({ success: false, message: "url invalid" });
    }
github panva / node-openid-client / lib / issuer.js View on Github external
async keystore(reload = false) {
    assertIssuerConfiguration(this, 'jwks_uri');

    const keystore = instance(this).get('keystore');
    const cache = instance(this).get('cache');

    if (reload || !keystore) {
      cache.reset();
      const response = await request.call(this, {
        method: 'GET',
        json: true,
        url: this.jwks_uri,
      });
      const jwks = processResponse(response);

      const joseKeyStore = jose.JWKS.asKeyStore(jwks, { ignoreErrors: true });
      cache.set('throttle', true, 60 * 1000);
      instance(this).set('keystore', joseKeyStore);
      return joseKeyStore;
    }

    return keystore;
  }

jose

JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes

MIT
Latest version published 2 months ago

Package Health Score

91 / 100
Full package analysis