node
Node.js / TypeScript implementation of the aice-auth contract; currently provides a JOSE-based JWT verifier.
git@gitlab.com:aice-lab/auth/node.git
Latest release
v1.0.0 ·
README
aice-auth — Node.js implementation
Node.js / TypeScript implementation of the aice-auth specification. Verifies JWTs issued by an aice-auth OIDC issuer and (over time) covers the rest of the contract.
This package is published to npm as @aice-lab/auth.
Install
npm install @aice-lab/auth
Requires Node.js ≥ 20.
Quickstart — verify a JWT
import { Jwks, verify } from '@aice-lab/auth';
const jwks = await Jwks.fromJson(jwksDoc);
const claims = await verify(token, jwks, {
issuer: 'https://id.example.com',
audience: 'example-app',
});
console.log(claims.sub);
verify enforces:
- algorithm is
ES256(rejectsnone, HS*, and any non-ES256 alg); - a
kidheader is present and resolves in the JWKS; - the signature is valid;
issandaudmatch the supplied options;- the token is within
nbf…exp.
Failures throw a typed subclass of JwtVerificationError (UnknownKidError, AlgRejectedError, ExpiredError, IssuerMismatchError, AudienceMismatchError).
Status
| Capability | Shipped |
|---|---|
| JWT verification (ES256 + JWKS) | yes |
| OIDC discovery / token / userinfo / introspect / revoke | not yet |
| Refresh-token rotation client | not yet |
| Step-up flows | not yet |
The rest of the surface lands as the spec’s conformance categories are wired up.
License
Source: FSL-1.1-Apache-2.0 (see LICENSE and LICENSE.FAQ.md).
Documentation
Full documentation: https://auth.aice-lab.org
Contributing
See CONTRIBUTING.md. All commits require DCO sign-off.
Reporting security issues
See SECURITY.md. Do not open public issues for vulnerabilities.
This is a snapshot generated from GitLab. For the live README, see the project page.