( jwt: string | Uint8Array, key: types.CryptoKey | types.KeyObject | types.JWK | Uint8Array | JWTDecryptGetKey, options?: JWTDecryptOptions, )
| 67 | options?: JWTDecryptOptions, |
| 68 | ): Promise<types.JWTDecryptResult<PayloadType> & types.ResolvedKey> |
| 69 | export async function jwtDecrypt( |
| 70 | jwt: string | Uint8Array, |
| 71 | key: types.CryptoKey | types.KeyObject | types.JWK | Uint8Array | JWTDecryptGetKey, |
| 72 | options?: JWTDecryptOptions, |
| 73 | ) { |
| 74 | const decrypted = await compactDecrypt(jwt, key as Parameters<typeof compactDecrypt>[1], options) |
| 75 | const payload = validateClaimsSet(decrypted.protectedHeader, decrypted.plaintext, options) |
| 76 | |
| 77 | const { protectedHeader } = decrypted |
| 78 | |
| 79 | if (protectedHeader.iss !== undefined && protectedHeader.iss !== payload.iss) { |
| 80 | throw new JWTClaimValidationFailed( |
| 81 | 'replicated "iss" claim header parameter mismatch', |
| 82 | payload, |
| 83 | 'iss', |
| 84 | 'mismatch', |
| 85 | ) |
| 86 | } |
| 87 | |
| 88 | if (protectedHeader.sub !== undefined && protectedHeader.sub !== payload.sub) { |
| 89 | throw new JWTClaimValidationFailed( |
| 90 | 'replicated "sub" claim header parameter mismatch', |
| 91 | payload, |
| 92 | 'sub', |
| 93 | 'mismatch', |
| 94 | ) |
| 95 | } |
| 96 | |
| 97 | if ( |
| 98 | protectedHeader.aud !== undefined && |
| 99 | JSON.stringify(protectedHeader.aud) !== JSON.stringify(payload.aud) |
| 100 | ) { |
| 101 | throw new JWTClaimValidationFailed( |
| 102 | 'replicated "aud" claim header parameter mismatch', |
| 103 | payload, |
| 104 | 'aud', |
| 105 | 'mismatch', |
| 106 | ) |
| 107 | } |
| 108 | |
| 109 | const result = { payload, protectedHeader } |
| 110 | |
| 111 | if (typeof key === 'function') { |
| 112 | return { ...result, key: decrypted.key } |
| 113 | } |
| 114 | |
| 115 | return result |
| 116 | } |
searching dependent graphs…