1.0.1 • Published 1 year ago
@zod-jwt/jwt-kms-hs-provider v1.0.1
@jwt-zod/jwt-kms-hs-provider
The @jwt-zod/jwt-kms-hs-provider lets you sign, verify, and decode JWTs with the HS256, HS384, and HS512 algorithms.
Getting Started
1. Create you AWS KMS Key
- Log into the AWS KMS Console
- Select
Symmetricfor theKey type - Select
Generate and verify MACfor theKey usage - Select
HMAC_256,HMAC_384, orHMAC_512for theKey spec
2. Install
zod, @aws-sdk/client-kms and @zod-jwt/core are peer dependencies to this package and you must install all three in order to get started.
pnpm i zod @zod-jwt/core @zod-jwt/jwt-kms-hs-providernpm i zod @zod-jwt/core @zod-jwt/jwt-kms-hs-provideryarn add zod @zod-jwt/core @zod-jwt/jwt-kms-hs-provider3. Create your provider and start signing and verifying tokens
// provider.ts
import { JwtKmsHsProvider } from '@zod-jwt/jwt-kms-hs-provider';
import { z } from 'zod';
export const provider = new JwtKmsHsProvider({
algorithms: ['HS256', 'HS384', 'HS512'],
credentials: {
region: process.env.AWS_REGION as string,
account: process.env.AWS_ACCOUNT as string,
credentials: {
accessKeyId: process.env.AWS_ACCESS_KEY_ID as string,
secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY as string,
kms: {
HS256: {
keyAlias: 'MY_ALIAS' // or { keyId: 'mrk-abcd...' }
}
}
},
},
publicClaimsSchema: z.object({
iss: z.literal('auth.example.com'),
aud: z.literal('example.com'),
sub: z.string(),
}),
privateClaimsSchema: z.object({
firstName: z.string(),
lastName: z.string(),
}),
});
const token = await provider.sign({
algorithm: 'HS256',
publicClaims: {
iss: 'auth.example.com',
aud: 'example.com',
sub: 'user_1234'
},
privateClaims: {
firstName: 'John',
lastName: 'Doe',
},
});
const const { header, privateClaims, publicClaims } = await provider.verify({
token,
});Please refer back to the main @zod-jwt docs for the more advanced options for signing and decoding tokens.