{"id":19030099,"url":"https://github.com/streamplace/dove-jwt","last_synced_at":"2026-06-20T19:32:22.301Z","repository":{"id":57215647,"uuid":"77881022","full_name":"streamplace/dove-jwt","owner":"streamplace","description":"Domain Verified JSON Web Tokens","archived":false,"fork":false,"pushed_at":"2018-01-26T22:42:15.000Z","size":740,"stargazers_count":2,"open_issues_count":3,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-10-04T03:33:16.394Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/streamplace.png","metadata":{"files":{"readme":"Readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-01-03T03:32:30.000Z","updated_at":"2020-09-25T23:06:08.000Z","dependencies_parsed_at":"2022-08-24T21:00:55.820Z","dependency_job_id":null,"html_url":"https://github.com/streamplace/dove-jwt","commit_stats":null,"previous_names":["streamkitchen/dove-jwt"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/streamplace/dove-jwt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/streamplace%2Fdove-jwt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/streamplace%2Fdove-jwt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/streamplace%2Fdove-jwt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/streamplace%2Fdove-jwt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/streamplace","download_url":"https://codeload.github.com/streamplace/dove-jwt/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/streamplace%2Fdove-jwt/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34583589,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-20T02:00:06.407Z","response_time":98,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T21:16:32.146Z","updated_at":"2026-06-20T19:32:22.283Z","avatar_url":"https://github.com/streamplace.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# dove-jwt\n\n[![Build Status](https://travis-ci.org/streamkitchen/dove-jwt.svg?branch=master)](https://travis-ci.org/streamkitchen/dove-jwt)\n\n(That stands for **Do**main **Ve**rified **J**SON **W**eb **T**okens.)\n\n## What is?\n\n[JWTs](https://jwt.io/) are good. One of the ways JWTs may be signed and verified are with an RSA public/private keypair.\n\nWith dove-jwt, we take this to its logical conclusion and use your TLS key as the private key, and your CA-verified TLS certificate chain as the public key. The following things are true of a valid `dove-jwt`:\n\n* The JWT is signed using the RS265 algorithm.\n* [The x5c header](https://tools.ietf.org/html/rfc7515#section-4.1.6) contains a CA-verified certificate chain.\n* The first certificate in this chain validates as the correct public key for the JWT.\n* [The iss (issuer) claim](https://tools.ietf.org/html/rfc7519#section-4.1.1) matches the Common Name [CN] on the signing certificate.\n\nThus, through the magic of the global X.509 key infrastructure, you can be reasonably confident that posession of a valid dove-jwt indicates that it really was signed by the issuer specified in the `iss` header.\n\n## How use?\n\n**Signing:**\n\n```javascript\nimport dove from \"dove-jwt\";\nimport fs from \"fs\";\n\nconst cert = fs.readFileSync(\"example-com-cert.pem\", \"utf8\");\nconst key = fs.readFileSync\n\n# Unless you're doing something with self-signed CAs, you'll want to use the system certs.\ndove.useSystemCertAuthorities();\n\n// The \"options\" field is passed through to jsonwebtoken.\nconst token = dove.sign({foo: \"bar\", key, cert, {/* options */});\n\nexport default token;\n```\n\n**Verifying:**\n\n```javascript\nimport dove from \"dove-jwt\";\nimport token from \"./signing.js\";\n\ndove.useSystemCertAuthorities();\n\nconst parsed = dove.verify(token); // will throw an error unless valid\nconsole.log(parsed.foo) // bar\n```\n\n## Current Limitations\n\n* Only works with RSA, not ECC keys. This is a limitation of node-forge.\n* Currently only can use system certificates on Linux, not Mac or Windows. ([#2](https://github.com/streamkitchen/dove-jwt/issues/2))\n* Only works with the common name (CN) record on the cert, not any Subject Alternative Names ([#3](https://github.com/streamkitchen/dove-jwt/issues/3))\n* Only supports `RS256` encryption algorithm. We could probably support the other `RS` algorithms without much trouble, just have to test it.\n\nTests\n-----\n\n`npm run test`\n\nCurrently we're using jasmine-es6 rather than jest because of [a bug in node-forge](https://github.com/digitalbazaar/forge/issues/362).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstreamplace%2Fdove-jwt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstreamplace%2Fdove-jwt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstreamplace%2Fdove-jwt/lists"}