53 lines
1.4 KiB
JavaScript
53 lines
1.4 KiB
JavaScript
import { CompactSign } from '../jws/compact/sign.js';
|
|
import { JWTInvalid } from '../util/errors.js';
|
|
import { JWTClaimsBuilder } from '../lib/jwt_claims_set.js';
|
|
export class SignJWT {
|
|
#protectedHeader;
|
|
#jwt;
|
|
constructor(payload = {}) {
|
|
this.#jwt = new JWTClaimsBuilder(payload);
|
|
}
|
|
setIssuer(issuer) {
|
|
this.#jwt.iss = issuer;
|
|
return this;
|
|
}
|
|
setSubject(subject) {
|
|
this.#jwt.sub = subject;
|
|
return this;
|
|
}
|
|
setAudience(audience) {
|
|
this.#jwt.aud = audience;
|
|
return this;
|
|
}
|
|
setJti(jwtId) {
|
|
this.#jwt.jti = jwtId;
|
|
return this;
|
|
}
|
|
setNotBefore(input) {
|
|
this.#jwt.nbf = input;
|
|
return this;
|
|
}
|
|
setExpirationTime(input) {
|
|
this.#jwt.exp = input;
|
|
return this;
|
|
}
|
|
setIssuedAt(input) {
|
|
this.#jwt.iat = input;
|
|
return this;
|
|
}
|
|
setProtectedHeader(protectedHeader) {
|
|
this.#protectedHeader = protectedHeader;
|
|
return this;
|
|
}
|
|
async sign(key, options) {
|
|
const sig = new CompactSign(this.#jwt.data());
|
|
sig.setProtectedHeader(this.#protectedHeader);
|
|
if (Array.isArray(this.#protectedHeader?.crit) &&
|
|
this.#protectedHeader.crit.includes('b64') &&
|
|
this.#protectedHeader.b64 === false) {
|
|
throw new JWTInvalid('JWTs MUST NOT use unencoded payload');
|
|
}
|
|
return sig.sign(key, options);
|
|
}
|
|
}
|