MCPcopy
hub / github.com/panva/jose / jwtDecrypt

Function jwtDecrypt

src/jwt/decrypt.ts:69–116  ·  view source on GitHub ↗
(
  jwt: string | Uint8Array,
  key: types.CryptoKey | types.KeyObject | types.JWK | Uint8Array | JWTDecryptGetKey,
  options?: JWTDecryptOptions,
)

Source from the content-addressed store, hash-verified

67 options?: JWTDecryptOptions,
68): Promise<types.JWTDecryptResult<PayloadType> & types.ResolvedKey>
69export async function jwtDecrypt(
70 jwt: string | Uint8Array,
71 key: types.CryptoKey | types.KeyObject | types.JWK | Uint8Array | JWTDecryptGetKey,
72 options?: JWTDecryptOptions,
73) {
74 const decrypted = await compactDecrypt(jwt, key as Parameters<typeof compactDecrypt>[1], options)
75 const payload = validateClaimsSet(decrypted.protectedHeader, decrypted.plaintext, options)
76
77 const { protectedHeader } = decrypted
78
79 if (protectedHeader.iss !== undefined && protectedHeader.iss !== payload.iss) {
80 throw new JWTClaimValidationFailed(
81 'replicated "iss" claim header parameter mismatch',
82 payload,
83 'iss',
84 'mismatch',
85 )
86 }
87
88 if (protectedHeader.sub !== undefined && protectedHeader.sub !== payload.sub) {
89 throw new JWTClaimValidationFailed(
90 'replicated "sub" claim header parameter mismatch',
91 payload,
92 'sub',
93 'mismatch',
94 )
95 }
96
97 if (
98 protectedHeader.aud !== undefined &&
99 JSON.stringify(protectedHeader.aud) !== JSON.stringify(payload.aud)
100 ) {
101 throw new JWTClaimValidationFailed(
102 'replicated "aud" claim header parameter mismatch',
103 payload,
104 'aud',
105 'mismatch',
106 )
107 }
108
109 const result = { payload, protectedHeader }
110
111 if (typeof key === 'function') {
112 return { ...result, key: decrypted.key }
113 }
114
115 return result
116}

Callers 6

zip.test.tsFile · 0.85
decrypt.test.tsFile · 0.85
numericDateNumberFunction · 0.85
failingNumericDateFunction · 0.85
replicatedClaimCheckFunction · 0.85
encrypt.test.tsFile · 0.85

Calls 2

compactDecryptFunction · 0.85
validateClaimsSetFunction · 0.85

Tested by 3

numericDateNumberFunction · 0.68
failingNumericDateFunction · 0.68
replicatedClaimCheckFunction · 0.68

Used in the wild real call sites across dependent graphs

searching dependent graphs…