ku4es-security

kodmunki Utilities for ECMAScript Security

Usage no npm install needed!

<script type="module">
  import ku4esSecurity from 'https://cdn.skypack.dev/ku4es-security';
</script>

README

Token

Kind: global class
Summary: a JSON Web Token

new Token(payload, [signature])

Param Type Description
payload Object A valid JSON Web Token payload
[signature] string | null Optional signature to verify token origin. This can be useful as an added security measure to ensure the token originated from the expected origin to prevent CSRF attacks. Generate a signature and store it in a secure location, e.g. HttpOnly cookie. Then, pass this signature value to the Token.verify static method upon verification to confirm token origin.

token.payload ⇒ Object

Kind: instance property of Token
Summary: An object value of this Token's payload. Although it is recommended to use the read and write methods of Token, this method can be useful if you use Token to store a flat data structure that you intend to operate on with other ES* methods.
Access: public

token.read([key]) ⇒ *

Kind: instance method of Token
Summary: Reads the value at specified key or returns the entire payload if no key is specified.
Access: public

Param Type Description
[key] string Key to read.

token.write(key, value) ⇒ Token

Kind: instance method of Token
Summary: Writes a value to the payload
Access: public

Param Type Description
key string Key for value to write.
value string Value to write.

token.remove(key) ⇒ Token

Kind: instance method of Token
Summary: Removes specified key.
Access: public

Param Type Description
key string Key to remove.

token.sign(key, [algorithm]) ⇒ Promise.<string>

Kind: instance method of Token
Summary: Returns a signed JWT
Access: public

Param Type Default Description
key Buffer The private key to sign this token.
[algorithm] string "'RS256'" The algorithm to use to sign.

token.verify(jwt, crt, [signature]) ⇒ Promise.<Token>

Kind: instance method of Token
Summary: Verifies a signed JWT and returns a Token if valid over the passed public certificate.
Access: public

Param Type Description
jwt string A signed JWT.
crt Buffer The public certificate to verify the passed value against
[signature] string Optional signature to verify origin of token. This can be useful as an added security measure to ensure the token originated from the expected origin to prevent CSRF attacks.