auth0 · adamjmcgrath · May 6, 2022 · May 5, 2022 · May 6, 2022 · May 6, 2022
@@ -1,6 +1,6 @@
-import { SecretCallback, SecretCallbackLong } from 'express-jwt';
 import { Agent as HttpAgent } from 'http';
 import { Agent as HttpsAgent } from 'https';
+import type {Jwt, Secret} from 'jsonwebtoken'
 
 declare function JwksRsa(options: JwksRsa.Options): JwksRsa.JwksClient;
 
@@ -55,7 +55,24 @@ declare namespace JwksRsa {
 
   type SigningKey = CertSigningKey | RsaSigningKey;
 
-  function expressJwtSecret(options: ExpressJwtOptions): SecretCallbackLong;
+  /**
+   * Types are duplicated from express-jwt@6/7
+   * due to numerous breaking changes in the lib's types
+   * whilst this lib supportd both <=6 & >=7  implementations
+   * 
+   * express-jwt's installed version (or its @types)
+   * will be the types used at transpilation time
+   */
+
+  /** Types from express-jwt@<=6 */
+  type secretType = string|Buffer;
+  type SecretCallbackLong = (req: Express.Request, header: any, payload: any, done: (err: any, secret?: secretType) => void) => void;
+  type SecretCallback = (req: Express.Request, payload: any, done: (err: any, secret?: secretType) => void) => void;
+
+  /** Types from express-jwt@>=7 */
+  type GetVerificationKey = (req: Express.Request, token: Jwt | undefined) => Secret | Promise<Secret>;
+
+  function expressJwtSecret(options: ExpressJwtOptions): SecretCallbackLong|GetVerificationKey;
 
   function passportJwtSecret(options: ExpressJwtOptions): SecretCallback;
 

@@ -12,14 +12,16 @@
     "node": ">=10 < 13 || >=14"
   },
   "dependencies": {
-    "@types/express-jwt": "0.0.42",
+    "@types/express": "^4.17.13",
     "debug": "^4.3.4",
     "jose": "^2.0.5",
     "limiter": "^1.1.5",
     "lru-memoizer": "^2.1.4"
   },
   "devDependencies": {
     "@types/chai": "^4.2.11",
+    "@types/express-jwt": "^6.0.4",
+    "@types/jsonwebtoken": "^8.5.8",
     "@types/mocha": "^5.2.7",
     "@types/nock": "^11.0.0",
     "@types/node": "^14.14.12",

@@ -1,11 +1,14 @@
 import * as jwksRsaType from '../index';
 import {expect} from 'chai';
+import expressjwt6 from "express-jwt";
+import { expressjwt as expressjwt7, GetVerificationKey } from "express-jwt-v7";
 const { jwksEndpoint } = require('../tests/mocks/jwks');
 const { publicKey } = require('../tests/mocks/keys');
+const { x5cSingle } = require('../tests/keys.js');
 const jwksRsa: typeof jwksRsaType = require('../src');
 
 describe('typescript definition', () => {
-  const jwksHost = 'http://my-authz-server';
+  const jwksHost = 'http://localhost';
 
   describe('hapiJwt2KeyAsync', () => {
     it('should return a secret provider function', async () => {
@@ -24,24 +27,31 @@ describe('typescript definition', () => {
     });
   });
 
-  describe('getKeysInterceptor', async () => {
-    const keySetResponse = {
-      keys: [
-        {
-          alg: 'RS256',
-          kty: 'RSA',
-          use: 'sig',
-          kid: 'NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA'
-        }
-      ]
-    };
-
+  it('getKeysInterceptor', async () => {
     const client = new jwksRsa.JwksClient({
       jwksUri: `${jwksHost}/.well-known/jwks.json`,
-      getKeysInterceptor: () => Promise.resolve(keySetResponse.keys)
+      getKeysInterceptor: () => Promise.resolve(x5cSingle.keys)
     });
 
     const key = await client.getSigningKey('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA');
     expect(key.kid).to.equal('NkFCNEE1NDFDNTQ5RTQ5OTE1QzRBMjYyMzY0NEJCQTJBMjJBQkZCMA');
   });
+
+  it('Types-Only Validation with express-jwt', () => {
+    expressjwt6({
+      algorithms: ["RS256"],
+      secret: jwksRsa.expressJwtSecret({
+        cache: true,
+        jwksUri: `https://my-authz-server/.well-known/jwks.json`
+      })
+    });
+
+    expressjwt7({
+      algorithms: ['RS256'],
+      secret: jwksRsa.expressJwtSecret({
+        cache: true,
+        jwksUri: `https://my-authz-server/.well-known/jwks.json`
+      }) as GetVerificationKey
+    });
+  })
 });