v4.14.3

Reverts

• Revert "fix(types): headers and payloads may only be JSON values and primitives" (06d8101), closes #534

v4.14.2

Fixes

• types: headers and payloads may only be JSON values and primitives (24f306e)

v4.14.1

This release is to start using provenance statements.

v4.14.0

Features

• add requiredClaims JWT validation option (eeea91d)

v4.13.2

This release contains only minor code refactoring, documentation, and IntelliSense updates.

v4.13.1

Fixes

• workerd: avoid "The script will never generate a response" edge cases completely (96a8c99), closes #355 #509

v4.13.0

Features

• types: allow generics to aid in CryptoKey or KeyObject narrowing of KeyLike (6effa4d)

Fixes

• make jose.EmbeddedJWK arguments optional (20610a9)

v4.12.2

Fixes

• types: declare explicit return from EmbeddedJWK (46934ac)

v4.12.1

Refactor

• clarify when alg is used and required on key imports (19e525f)
• node: have node:crypto deal with x509 parsing (45bb45d)

v4.12.0

Features

• enable key iteration over JWKSMultipleMatchingKeys (a278acd)

const JWKS = jose.createRemoteJWKSet(new URL('https://www.googleapis.com/oauth2/v3/certs'))

const options = {
  issuer: 'urn:example:issuer',
  audience: 'urn:example:audience',
}
const { payload, protectedHeader } = await jose
  .jwtVerify(jwt, JWKS, options)
  .catch(async (error) => {
    if (error?.code === 'ERR_JWKS_MULTIPLE_MATCHING_KEYS') {
      for await (const publicKey of error) {
        try {
          return await jose.jwtVerify(jwt, publicKey, options)
        } catch (innerError) {
          if (innerError?.code === 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED') {
            continue
          }
          throw innerError
        }
      }
      throw new jose.errors.JWSSignatureVerificationFailed()
    }

    throw error
  })
console.log(protectedHeader)
console.log(payload)