https://github.com/shgysk8zer0/jwk-utils
Use JWK and JWTs using the Crypto API
https://github.com/shgysk8zer0/jwk-utils
crypto jwk jwt
Last synced: 6 months ago
JSON representation
Use JWK and JWTs using the Crypto API
- Host: GitHub
- URL: https://github.com/shgysk8zer0/jwk-utils
- Owner: shgysk8zer0
- License: mit
- Created: 2024-08-30T21:53:42.000Z (about 1 year ago)
- Default Branch: master
- Last Pushed: 2025-04-10T15:26:08.000Z (7 months ago)
- Last Synced: 2025-04-15T05:46:57.878Z (6 months ago)
- Topics: crypto, jwk, jwt
- Language: JavaScript
- Homepage: https://www.npmjs.com/package/@shgysk8zer0/jwk-utils
- Size: 589 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: .github/CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: .github/CODE_OF_CONDUCT.md
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# @shgysk8zer0/jwk-utils
Use JWK and JWTs using the Crypto API
[](https://jwt.io/)
[](https://github.com/shgysk8zer0/jwk-utils/actions/workflows/codeql-analysis.yml)
[](https://github.com/shgysk8zer0/jwk-utils/blob/master/LICENSE)
[](https://github.com/shgysk8zer0/jwk-utils/commits/master)
[](https://github.com/shgysk8zer0/jwk-utils/releases)
[](https://github.com/sponsors/shgysk8zer0)
[](https://www.npmjs.com/package/@shgysk8zer0/jwk-utils)
[](https://www.npmjs.com/package/@shgysk8zer0/jwk-utils)
[](https://github.com/shgysk8zer0)
[](https://twitter.com/shgysk8zer0)
[](https://liberapay.com/shgysk8zer0/donate "Donate using Liberapay")
- - -
- [Code of Conduct](./.github/CODE_OF_CONDUCT.md)
- [Contributing](./.github/CONTRIBUTING.md)
## Installation
```bash
npm i @shgysk8zer0/jwk-utils
```
## About
This library provides [JWK](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey#json_web_key)
and [JWT](https://jwt.io/) support via the [`crypto` API](https://developer.mozilla.org/en-US/docs/Web/API/Crypto).
### Supported Algorithms
- RS256
- RS384
- RS512
- ES256
- ES384
- ES512
- HS256
- HS384
- HS512
- PS256
- PS384
- PS512
- EdDSA
> [!Note]
> EdDSA is currently experimental in Node.js and is only suported in Safari. See [Browser Compatibility on MDN](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/sign#browser_compatibility).
## Not Supported
- ES256K
### Example
```js
import { generateJWK, createJWT, verifyJWT } from '@shgysk8zer0/jwt-jwk';
// Generate a JWK pair
const { publicKey, privateKey } = await generateJWK();
// JWTs use Unix timestamps - seconds, not ms.
const now = Math.floor(Date.now() / 1000);
// Create a JWT
const token = await createJWT({
iss: 'Some issuer',
sub: 'The Subject',
iat: now,
exp: now + 60,
nbf: now,
jti: crypto.randomUUID(),
scope: 'api',
entitlements: ['db:read'],
}, privateKey);
// Verify the JWT
const verifiedPayload = await verifyJWT(token, publicKey, { entitlements: ['db:read'] });
```
## Limitations
Due to using JWKs and public/private keys, this currently does not support algorithms
not suppported by `crypto.subtle`.
> [!Note]
> Polyfills, especially for `Unit8Array.fromBase64()` & `Uint8Array.prototype.toBase64()` are required. They are
> provided by `@shgysk8zer0/polyfills`, which is imported in the main package (`@shgysk8zer0/jwk-utils`). However,
for compatibility with client-side usage and to avoid conflicts, it is not imported by direct imports.