| 24 | } |
| 25 | |
| 26 | export async function sign(payload, key, alg, options = {}) { |
| 27 | const protectedHeader = { |
| 28 | alg, |
| 29 | typ: options.typ, |
| 30 | ...options.fields, |
| 31 | }; |
| 32 | const timestamp = epochTime(); |
| 33 | |
| 34 | const iat = options.noIat ? undefined : timestamp; |
| 35 | |
| 36 | Object.assign(payload, { |
| 37 | aud: options.audience !== undefined ? options.audience : payload.aud, |
| 38 | exp: options.expiresIn !== undefined ? timestamp + options.expiresIn : payload.exp, |
| 39 | iat: payload.iat !== undefined ? payload.iat : iat, |
| 40 | iss: options.issuer !== undefined ? options.issuer : payload.iss, |
| 41 | sub: options.subject !== undefined ? options.subject : payload.sub, |
| 42 | }); |
| 43 | |
| 44 | if (key instanceof ExternalSigningKey) { |
| 45 | const parts = [ |
| 46 | base64url.encode(JSON.stringify(protectedHeader)), |
| 47 | base64url.encode(JSON.stringify(payload)), |
| 48 | ]; |
| 49 | const data = Buffer.from(parts.join('.')); |
| 50 | parts.push(base64url.encodeBuffer(await key.sign(data))); |
| 51 | return parts.join('.'); |
| 52 | } |
| 53 | |
| 54 | return new CompactSign(Buffer.from(JSON.stringify(payload))) |
| 55 | .setProtectedHeader(protectedHeader) |
| 56 | .sign(key); |
| 57 | } |
| 58 | |
| 59 | export function decode(input) { |
| 60 | let jwt; |