Skip to content

Commit

Permalink
feat: allow to modify issued JWT headers and payloads before signing
Browse files Browse the repository at this point in the history
  • Loading branch information
panva committed Sep 16, 2024
1 parent 006db55 commit 30931ba
Show file tree
Hide file tree
Showing 9 changed files with 282 additions and 44 deletions.
2 changes: 2 additions & 0 deletions docs/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,7 @@ Support from the community to continue maintaining and improving this module is
- [JWKS](interfaces/JWKS.md)
- [JWKSCacheOptions](interfaces/JWKSCacheOptions.md)
- [JWTAccessTokenClaims](interfaces/JWTAccessTokenClaims.md)
- [ModifyAssertionFunction](interfaces/ModifyAssertionFunction.md)
- [MTLSEndpointAliases](interfaces/MTLSEndpointAliases.md)
- [OAuth2Error](interfaces/OAuth2Error.md)
- [OAuth2TokenEndpointResponse](interfaces/OAuth2TokenEndpointResponse.md)
Expand Down Expand Up @@ -215,6 +216,7 @@ Support from the community to continue maintaining and improving this module is
- [expectNoNonce](variables/expectNoNonce.md)
- [expectNoState](variables/expectNoState.md)
- [jwksCache](variables/jwksCache.md)
- [modifyAssertion](variables/modifyAssertion.md)
- [skipAuthTimeCheck](variables/skipAuthTimeCheck.md)
- [skipStateCheck](variables/skipStateCheck.md)
- [skipSubjectCheck](variables/skipSubjectCheck.md)
Expand Down
12 changes: 12 additions & 0 deletions docs/interfaces/DPoPOptions.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,18 @@ The public key corresponding to [DPoPOptions.privateKey](DPoPOptions.md#privatek

***

### \[modifyAssertion\]?

`optional` **\[modifyAssertion\]**: [`ModifyAssertionFunction`](ModifyAssertionFunction.md)

Use to modify the DPoP Proof JWT right before it is signed.

#### See

[modifyAssertion](../variables/modifyAssertion.md)

***

### nonce?

`optional` **nonce**: `string`
Expand Down
20 changes: 20 additions & 0 deletions docs/interfaces/ModifyAssertionFunction.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# Interface: ModifyAssertionFunction()

[💗 Help the project](https://github.com/sponsors/panva)

Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by [becoming a sponsor](https://github.com/sponsors/panva).

***

**ModifyAssertionFunction**(`header`, `payload`): `void`

## Parameters

| Parameter | Type | Description |
| ------ | ------ | ------ |
| `header` | [`Record`](https://www.typescriptlang.org/docs/handbook/utility-types.html#recordkeys-type)\<`string`, `undefined` \| [`JsonValue`](../type-aliases/JsonValue.md)\> | JWS Header to modify right before it is signed. |
| `payload` | [`Record`](https://www.typescriptlang.org/docs/handbook/utility-types.html#recordkeys-type)\<`string`, `undefined` \| [`JsonValue`](../type-aliases/JsonValue.md)\> | JWT Claims Set to modify right before it is signed. |

## Returns

`void`
12 changes: 12 additions & 0 deletions docs/interfaces/PrivateKey.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,18 @@ Its algorithm must be compatible with a supported [JWS `alg` Algorithm](../type-

***

### \[modifyAssertion\]?

`optional` **\[modifyAssertion\]**: [`ModifyAssertionFunction`](ModifyAssertionFunction.md)

Use to modify the JWT signed by this key right before it is signed.

#### See

[modifyAssertion](../variables/modifyAssertion.md)

***

### kid?

`optional` **kid**: `string`
Expand Down
55 changes: 55 additions & 0 deletions docs/variables/modifyAssertion.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
# Variable: modifyAssertion

[💗 Help the project](https://github.com/sponsors/panva)

Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by [becoming a sponsor](https://github.com/sponsors/panva).

***

`const` **modifyAssertion**: unique `symbol`

Use to mutate JWT header and payload before they are signed. Its intended use is working around
non-conform server behaviours, such as modifying JWT "aud" (audience) claims, or otherwise
changing fixed claims used by this library.

## Examples

Changing Private Key JWT client assertion audience issued from an array to a string

```ts
import * as oauth from 'oauth4webapi'

// Prerequisites
let as!: oauth.AuthorizationServer
let client!: oauth.Client
let parameters!: URLSearchParams
let clientPrivateKey!: CryptoKey

const response = await oauth.pushedAuthorizationRequest(as, client, parameters, {
clientPrivateKey: {
key: clientPrivateKey,
[oauth.modifyAssertion](header, payload) {
payload.aud = as.issuer
},
},
})
```

Changing Request Object issued by [issueRequestObject](../functions/issueRequestObject.md) to have an expiration of 5 minutes

```ts
import * as oauth from 'oauth4webapi'

// Prerequisites
let as!: oauth.AuthorizationServer
let client!: oauth.Client
let parameters!: URLSearchParams
let jarPrivateKey!: CryptoKey

const request = await oauth.issueRequestObject(as, client, parameters, {
key: jarPrivateKey,
[oauth.modifyAssertion](header, payload) {
payload.exp = <number>payload.iat + 300
},
})
```
Loading

0 comments on commit 30931ba

Please sign in to comment.