@netnexus/node-cborwebtoken

Implementation of CBOR Web Tokens for node

Stats

stars 🌟issues ⚠️updated 🛠created 🐣size 🏋️‍♀️
40Apr 20, 2021Sep 6, 2017Minified + gzip package size for @netnexus/node-cborwebtoken in KB

Readme

node-cborwebtoken

Build Status

An implementation of CBOR Web Tokens for node (TypeScript, JavaScript).

This was developed against draft-ietf-ace-cbor-web-token-08.

Install

$ npm install @netnexus/node-cborwebtoken

Usage

cwt.mac(payload, secret)

Returns a CWT (Cbor Web Token) as a base64 encoded string.

Example:

const payload = { iss: "coap://as.example.com", sub: "erikw", aud: "coap://light.example.com", exp: 1444064944, nbf: 1443944944, iat: 1443944944, cti: Buffer.from("0b71", "hex") };
const secret = "my-test-secret";
cwt.mac(payload, secret).then((token) => {
    console.log(token);
});

cwt.verify(token, secret)

Returns the decoded payload if the signature (and optionally expiration) are valid. If not, it will throw an error.

Example:

const token = "2D3RhEOhAQSgWFCnAXVjb2FwOi8vYXMuZXhhbXBsZS5jb20CZWVyaWt3A3gYY29hcDovL2x"
    + "pZ2h0LmV4YW1wbGUuY29tBBqRrXiwBRpWENnwBhpWENnwB0ILcUgJMQHvbXiSAA==";
const secret = "my-invalid-secret";
cwt.verify(token, secret).then((payload) => {
   console.log(payload);
});

cwt.decode(token)

Returns the decoded payload without verifying if the signature is valid.

Example:

const token = "2D3RhEOhAQSgWFCnAXVjb2FwOi8vYXMuZXhhbXBsZS5jb20CZWVyaWt3A3gYY29hcDovL2x"
    + "pZ2h0LmV4YW1wbGUuY29tBBqRrXiwBRpWENnwBhpWENnwB0ILcUgJMQHvbXiSAA==";
const payload = cwt.decode(token);
console.log(payload);

Errors

Possible errors thrown when creating a token:

  • KeyError in case a payload Key is invalid

Possible errors thrown when verifying a token:

  • TokenError in case the token is expired
  • Tag mismatch (thrown by underlying cose-js lib)

Algorithms supported

SHA-256_64

License

This project is licensed under the MIT license. See the LICENSE file for more info.

If you find any bugs or have a feature request, please open an issue on github!

The npm package download data comes from npm's download counts api and package details come from npms.io.