funky-jwt v1.1.1

Native JWT validation

Using nothing but what modern browsers provide, this package can decode and validate JWT, even those signed using RS256.

Supported Algorithms

• HS256
• HS384
• HS512
• RS256
• RS384
• RS512

Note: RS algorithms only support keys in JWK format, currently.

Usage

let jwt = new JWT(token, options);
try {
    jwt.is_valid()
} catch {
    // :(
};

Options

• hostname : used to retrieve public JWK from well known URI.
• secret : Base64Url encoded secret for HS algorithms.
• keys: known JWK objects for RS algorithms.
• alg : specify to restrict acceptable algorithm.
• aud : specify to validate the audience claim.