How to use jose - 10 common examples
To help you get started, we’ve selected a few jose examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
panva / node-oidc-provider / test / run.js View on Github 
async function singleRun() {
clearRequireCache();
const jose = require('jose'); // eslint-disable-line global-require
global.keystore = new jose.JWKS.KeyStore();
await Promise.all([
global.keystore.generate('RSA', 2048),
global.keystore.generate('EC', 'P-256'),
runtimeSupport.EdDSA ? global.keystore.generate('OKP', 'Ed25519') : undefined,
]);
const DEFAULTS = require('../lib/helpers/defaults'); // eslint-disable-line global-require
if (this.format === 'jwt-ietf' || typeof this.format === 'function') {
DEFAULTS.features.ietfJWTAccessTokenProfile.enabled = true;
DEFAULTS.features.ietfJWTAccessTokenProfile.ack = 2;
}
DEFAULTS.formats.AccessToken = this.format;
DEFAULTS.formats.ClientCredentials = this.format;
process.env.MOUNT_VIA = process.env.MOUNT_VIA || '';
process.env.MOUNT_TO = process.env.MOUNT_TO || '/';const pem = require('https-pem');
const { Provider } = require('../../lib'); // require('oidc-provider');
const OFFICIAL_CERTIFICATION = 'https://www.certification.openid.net';
const { PORT = 3000, ISSUER = `http://localhost:${PORT}`, SUITE_BASE_URL = OFFICIAL_CERTIFICATION } = process.env;
const ALGS = ['PS256', 'ES256', 'EdDSA'];
const tokenEndpointAuthMethods = ['private_key_jwt', 'self_signed_tls_client_auth'];
const normalize = (cert) => cert.toString().replace(/(?:-----(?:BEGIN|END) CERTIFICATE-----|\s)/g, '');
const JWK_PKJWTONE = jose.JWK.asKey(readFileSync(path.join(__dirname, 'pkjwtone.key')), { alg: 'PS256', use: 'sig' }).toJWK();
const JWK_PKJWTTWO = jose.JWK.asKey(readFileSync(path.join(__dirname, 'pkjwttwo.key')), { alg: 'PS256', use: 'sig' }).toJWK();
const JWK_MTLSONE = jose.JWK.asKey(readFileSync(path.join(__dirname, 'mtlsone.key')), { x5c: [normalize(readFileSync(path.join(__dirname, 'mtlsone.crt')))], alg: 'PS256', use: 'sig' }).toJWK();
const JWK_MTLSTWO = jose.JWK.asKey(readFileSync(path.join(__dirname, 'mtlstwo.key')), { x5c: [normalize(readFileSync(path.join(__dirname, 'mtlstwo.crt')))], alg: 'PS256', use: 'sig' }).toJWK();
const fapi = new Provider(ISSUER, {
acrValues: ['urn:mace:incommon:iap:silver'],
routes: {
userinfo: '/accounts',
},
jwks: {
keys: [
{
alg: 'PS256',
d: 'dxzWeLBYGwOgNb-S-4RCDxz7U6lUPPZaIkrbmkpLsdDdZOkMXGg_jk2LIJ3tYgAvZkWm87ZQqKjN2ADzJmpHvu-vCLuh8ccpwaiTXfWTOjjii0-Cfq0-fT6aQpIglbwubVKi1Tqxz-AglrMnCkNICm-e0GsotXFskxhwybp8IAZP__Up1pg-G9Dg_Timtepw55HjO4xDhzY70zV2NqSDEIvKOleyIZj4JP5kCkwP4_FJw_KynXwlxKvCshtFC3U2IEWWUaUQmM8Yy1Hz2x3TqImLQTWs3EMm6oRuhS0Y4tg9VlzJqnetdd6Ulh-DFzSB37KnBZS1qvnGGG4Cri9IkQ',
dp: 'tc9sHeUoX1V1cedHpn0VUNiFwCSRTIn6IMzaSRS4f3IUMbLUHv6Ybt9MRco3hBRV1PrJv8K2YPWzZnNIoFF6gILIIsmz1EJX36lcHtIme0GLAt3BFNm_ofmxA6pLPawtDvo_uFpTBm-Z2frq-BSGeDGh5_Tr1cdlS1RT70RJzbk',
dq: 'FXlVWUgfSZ3HDqkuqcTGrFq4DPsPFOHEmnkUpT9TRFTXddWqSQe4IZvoWpidxORHD7a0-8x_DhXA40zLVZ42dOa8O7QUEweC9JQEY7DnD6ORZvbALc55CKBDrE52C9y5sk2FM2mWU2YudqDwt2SMZn3vGFTjygQ_P0EBFI08e80',
e: 'AQAB',
kty: 'RSA',
n: 'sUQ6a7yX-qCAIgqYl_pzn2yK5RsPb5zjxMG1v2bvlvf6l6LyvJkxEr4dWLAbn9WAV72GuyMkvWfVi13fu4cYl2vdkIFBt0JGT40QxkMUp0izHs4RiLK1GTrwJ2qX7H67EaNNWFeE9Yqh3sIRyQgHqQf6L9rZFWBSED-M3OaiwH-zdwrMzjQH6wCEjmuyTFiNLO2QI6Yr7dDl1rPjWvN9d8pHHWxkRMAnQrL5_mfvOD_j1Tr5blXYTMHHpThOHVM2Ibe4_5YDmPaRXFMgQrPjz6mlUa9d1EL7CuxLd19S3A_6XEMB2juo0RRCfaHK7ZORPJKa36qrVZVhXK3Geuqorw',const jose = require('jose');
const helmet = require('koa-helmet');
const pem = require('https-pem');
const { Provider } = require('../../lib'); // require('oidc-provider');
const OFFICIAL_CERTIFICATION = 'https://www.certification.openid.net';
const { PORT = 3000, ISSUER = `http://localhost:${PORT}`, SUITE_BASE_URL = OFFICIAL_CERTIFICATION } = process.env;
const ALGS = ['PS256', 'ES256', 'EdDSA'];
const tokenEndpointAuthMethods = ['private_key_jwt', 'self_signed_tls_client_auth'];
const normalize = (cert) => cert.toString().replace(/(?:-----(?:BEGIN|END) CERTIFICATE-----|\s)/g, '');
const JWK_PKJWTONE = jose.JWK.asKey(readFileSync(path.join(__dirname, 'pkjwtone.key')), { alg: 'PS256', use: 'sig' }).toJWK();
const JWK_PKJWTTWO = jose.JWK.asKey(readFileSync(path.join(__dirname, 'pkjwttwo.key')), { alg: 'PS256', use: 'sig' }).toJWK();
const JWK_MTLSONE = jose.JWK.asKey(readFileSync(path.join(__dirname, 'mtlsone.key')), { x5c: [normalize(readFileSync(path.join(__dirname, 'mtlsone.crt')))], alg: 'PS256', use: 'sig' }).toJWK();
const JWK_MTLSTWO = jose.JWK.asKey(readFileSync(path.join(__dirname, 'mtlstwo.key')), { x5c: [normalize(readFileSync(path.join(__dirname, 'mtlstwo.crt')))], alg: 'PS256', use: 'sig' }).toJWK();
const fapi = new Provider(ISSUER, {
acrValues: ['urn:mace:incommon:iap:silver'],
routes: {
userinfo: '/accounts',
},
jwks: {
keys: [
{
alg: 'PS256',
d: 'dxzWeLBYGwOgNb-S-4RCDxz7U6lUPPZaIkrbmkpLsdDdZOkMXGg_jk2LIJ3tYgAvZkWm87ZQqKjN2ADzJmpHvu-vCLuh8ccpwaiTXfWTOjjii0-Cfq0-fT6aQpIglbwubVKi1Tqxz-AglrMnCkNICm-e0GsotXFskxhwybp8IAZP__Up1pg-G9Dg_Timtepw55HjO4xDhzY70zV2NqSDEIvKOleyIZj4JP5kCkwP4_FJw_KynXwlxKvCshtFC3U2IEWWUaUQmM8Yy1Hz2x3TqImLQTWs3EMm6oRuhS0Y4tg9VlzJqnetdd6Ulh-DFzSB37KnBZS1qvnGGG4Cri9IkQ',
dp: 'tc9sHeUoX1V1cedHpn0VUNiFwCSRTIn6IMzaSRS4f3IUMbLUHv6Ybt9MRco3hBRV1PrJv8K2YPWzZnNIoFF6gILIIsmz1EJX36lcHtIme0GLAt3BFNm_ofmxA6pLPawtDvo_uFpTBm-Z2frq-BSGeDGh5_Tr1cdlS1RT70RJzbk',
dq: 'FXlVWUgfSZ3HDqkuqcTGrFq4DPsPFOHEmnkUpT9TRFTXddWqSQe4IZvoWpidxORHD7a0-8x_DhXA40zLVZ42dOa8O7QUEweC9JQEY7DnD6ORZvbALc55CKBDrE52C9y5sk2FM2mWU2YudqDwt2SMZn3vGFTjygQ_P0EBFI08e80',const fs = require("fs");
const express = require("express");
// const puppeteer = require('puppeteer');
const { Cluster } = require("puppeteer-cluster");
const jose = require("jose");
const PORT = process.env.PORT || 8080;
const TASKTIMEOUT = process.env.TASKTIMEOUT || 5000;
const NETIDLETIMEOUT = process.env.NETIDLETIMEOUT || 2000;
const NEWREQIDLETIMEOUT = process.env.NEWREQIDLETIMEOUT || 2000;
const MAXCONCURRENTY = process.env.MAXCONCURRENCY || 2;
const CTFDOMAIN = "." + process.env.CTFDOMAIN;
const app = express();
var publicKEY = jose.JWK.asKey(fs.readFileSync("/jwt.pub", "utf8"));
function sleep(ms) {
return new Promise((resolve) => setTimeout(resolve, ms));
}
// idle when there's no traffic in timeout, or no new request in reqtimeout
function waitForNetworkIdle(
page,
timeout,
reqtimeout,
maxInflightRequests = 0
) {
page.on("request", onRequestStarted);
page.on("requestfinished", onRequestFinished);
page.on("requestfailed", onRequestFinished);module.exports = function initializeKeystore(jwks) {
if (isEqual(jwks, DEV_KEYSTORE)) {
/* eslint-disable no-multi-str */
attention.warn('a quick start development-only signing keys are used, you are expected to \
provide your own in configuration "jwks" property');
/* eslint-enable */
}
let keystore;
try {
keystore = JWKS.asKeyStore(jwks);
} catch (err) {
throw new Error('keystore must be a JSON Web Key Set formatted object');
}
if (!runtimeSupport.shake256 && keystore.get({ kty: 'OKP', crv: 'Ed448' })) {
throw new Error('Ed448 keys are only fully supported to sign ID Tokens with in node runtime >= 12.8.0');
}
if (keystore.get({ kty: 'EC', crv: 'secp256k1' }) && !instance(this).configuration('features.secp256k1.enabled')) {
throw new Error('`features.secp256k1` must be enabled before adding secp256k1 EC keys');
}
instance(this).keystore = keystore;
let warned;
for (const key of keystore) { // eslint-disable-line no-restricted-syntax
if (!warned && keystore.all({ kid: key.kid }).length > 1) {const pull = require('lodash/pull');
const jose = require('jose');
const config = cloneDeep(require('../default.config'));
merge(config.features, {
requestObjects: { request: true },
encryption: { enabled: true },
introspection: { enabled: true },
jwtIntrospection: { enabled: true },
});
pull(config.whitelistedJWA.requestObjectEncryptionAlgValues, 'RSA-OAEP');
pull(config.whitelistedJWA.requestObjectEncryptionEncValues, 'A192CBC-HS384');
const k = jose.JWK.generateSync('RSA', 2048);
const privKey = {
keys: [k.toJWK(true)],
};
const pubKey = {
keys: [k.toJWK(false)],
};
module.exports = {
config,
privKey,
clients: [
{
client_id: 'client',
client_secret: 'secret',if (!this.client_secret) {
throw new TypeError('client_secret is required');
}
if (/^A(\d{3})(?:GCM)?KW$/.test(alg)) {
return this.derivedKey(parseInt(RegExp.$1, 10));
}
if (/^A(\d{3})(?:GCM|CBC-HS(\d{3}))$/.test(alg)) {
return this.derivedKey(parseInt(RegExp.$2 || RegExp.$1, 10));
}
if (instance(this).has('jose_secret')) {
return instance(this).get('jose_secret');
}
const key = jose.JWK.asKey({ k: base64url.encode(this.client_secret), kty: 'oct' });
instance(this).set('jose_secret', key);
return key;
}value(opts) {
if (opts && opts.alg && algs.has(opts.alg)) {
let key;
if (opts.alg.startsWith('HS')) {
key = jose.JWK.asKey({
alg: opts.alg, use: 'sig', kty: 'oct', k: base64url.encode(this.client.clientSecret),
});
} else if (/^A(\d{3})(?:GCM)?KW$/.test(opts.alg)) {
const len = parseInt(RegExp.$1, 10) / 8;
key = jose.JWK.asKey({
alg: opts.alg, use: 'enc', kty: 'oct', k: deriveKey(this.client.clientSecret, len),
});
} else if (/^A(\d{3})(?:GCM|CBC-HS(\d{3}))$/.test(opts.alg)) {
const len = parseInt(RegExp.$2 || RegExp.$1, 10) / 8;
key = jose.JWK.asKey({
alg: opts.alg, use: 'enc', kty: 'oct', k: deriveKey(this.client.clientSecret, len),
});
} else if (opts.alg.startsWith('PBES2')) {
key = jose.JWK.asKey({
alg: opts.alg, use: 'enc', kty: 'oct', k: base64url.encode(this.client.clientSecret),
});
}
algs.delete(opts.alg);
if (algs.size === 0) {
delete instance(client).lazyAlgs;app.get("/", async function (req, res) {
console.log("incoming request");
let token = req.headers["x-ctfproxy-jwt"];
console.log(token);
var djwt;
if (token) {
try {
djwt = jose.JWT.verify(token, publicKEY);
} catch (err) {
console.log("token invalid");
return res.json({ success: false, message: "Token is not valid" });
}
} else {
console.log("auth token not supplied");
return res.json({
success: false,
message: "Auth token is not supplied",
});
}
if (!req.query.url) {
console.log("no url");
return res.json({ success: false, message: "url invalid" });
}async keystore(reload = false) {
assertIssuerConfiguration(this, 'jwks_uri');
const keystore = instance(this).get('keystore');
const cache = instance(this).get('cache');
if (reload || !keystore) {
cache.reset();
const response = await request.call(this, {
method: 'GET',
json: true,
url: this.jwks_uri,
});
const jwks = processResponse(response);
const joseKeyStore = jose.JWKS.asKeyStore(jwks, { ignoreErrors: true });
cache.set('throttle', true, 60 * 1000);
instance(this).set('keystore', joseKeyStore);
return joseKeyStore;
}
return keystore;
}jose
JWA, JWS, JWE, JWT, JWK, JWKS for Node.js, Browser, Cloudflare Workers, Deno, Bun, and other Web-interoperable runtimes
