2.0.1 • Published 2 years ago

jwt-on-kms v2.0.1

Weekly downloads
-
License
MIT
Repository
github
Last release
2 years ago

JWT on KMS

Tests

This package is designed to be able to verify JWT tokens offline by first downloading the public key from KMS. This is done to reduce latency and cost.

Usage

import { sign, verify } from 'jwt-on-kms';
import { KMSClient } from '@aws-sdk/client-kms';

const signedToken = sign(
  {
    hello: 'world',
  },
  kmsKeyId
);

const { isValid } = verify(signedToken, kmsKeyId);

To use a custom client / use client options call setClient(yourClient).

Testing

To generate test fixtures, you need to create a KMS key in your AWS account that allows signing and verification with RSASSA_PSS_SHA_256. Set the KMS_KEY_ID environment variable to the ID of the key and AWS_REGION to region the key is in. Then run yarn generate-fixtures and then yarn test.

Bugs

If you find a security vulnerability, please report it privately to me via email. Other bugs should be reported via GitHub.

jwtkmsaws
@aws-sdk/client-kms
@everything-registry/sub-chunk-1997@infinitebrahmanuniverse/nolb-jw@zalastax/nolb-jw
1.2.8

2 years ago

1.2.7

2 years ago

1.2.6

2 years ago

1.2.5

2 years ago

1.2.4

2 years ago

1.2.3

2 years ago

1.3.1

2 years ago

1.2.2

2 years ago

1.3.0

2 years ago

1.2.1

2 years ago

1.2.9

2 years ago

1.2.10

2 years ago

1.2.11

2 years ago

2.0.1

2 years ago

2.0.0

2 years ago

1.1.8

2 years ago

1.1.2

2 years ago

1.1.1

2 years ago

1.1.0

2 years ago

1.0.0

2 years ago