A client library that verifies a JWT token by retrieve signing keys from a JWKS (JSON Web Key Set) endpoint written in TypeScript.
You'll provide the client with the JWKS endpoint which exposes your signing keys. Using the verify
you can if a JWT token.
import jwksClient from "jwt-jwks-client";
// or using require
const jwksClient = require('jwt-jwks-client');
const client = jwksClient({
secure: true, // Default value
jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json',
rateLimit: 0; // Optional, num of request per min, 0 means no limit
requestHeaders: {}, // Optional
requestAgentOptions: {}, // Optional
timeout: 30000, // Optional, default 30s
});
// throws error if token not valid
await client.verify(jwtToken);
await client.verify(jwtToken, verifyOptions);
interface VerifyOptions {
iat?: boolean;
kid?: boolean;
subject?: string;
issuer?: string;
audience?: string | string[];
header?: object;
algorithm?: string;
expiresIn?: string;
notBefore?: string;
jti?: string;
now?: Date;
}
For details, see jose library
The requestAgentOptions
property can be used to configure SSL/TLS options. An
example use case is providing a trusted private (i.e. enterprise/corporate) root
certificate authority to establish TLS communication with the jwks_uri
.
import jwksClient from "jwt-jwks-client";
const client = jwksClient({
strictSsl: true, // Default value
jwksUri: 'https://my-enterprise-id-provider/.well-known/jwks.json',
requestHeaders: {}, // Optional
requestAgentOptions: {
ca: fs.readFileSync(caFile)
}
});
For more information, see the NodeJS request library agentOptions
documentation.
To show trace logs you can set the following environment variable:
DEBUG=jwks
Check out my other JWT Auth library that supports not only regular JWT token generation, but also key rotation and key revocation.