An implementation of CBOR Web Tokens for node (TypeScript, JavaScript).
This was developed against draft-ietf-ace-cbor-web-token-08.
$ npm install @netnexus/node-cborwebtokenReturns a CWT (Cbor Web Token) as a base64 encoded string.
Example:
const payload = { iss: "coap://as.example.com", sub: "erikw", aud: "coap://light.example.com", exp: 1444064944, nbf: 1443944944, iat: 1443944944, cti: Buffer.from("0b71", "hex") };
const secret = "my-test-secret";
cwt.mac(payload, secret).then((token) => {
console.log(token);
});Returns the decoded payload if the signature (and optionally expiration) are valid. If not, it will throw an error.
Example:
const token = "2D3RhEOhAQSgWFCnAXVjb2FwOi8vYXMuZXhhbXBsZS5jb20CZWVyaWt3A3gYY29hcDovL2x"
+ "pZ2h0LmV4YW1wbGUuY29tBBqRrXiwBRpWENnwBhpWENnwB0ILcUgJMQHvbXiSAA==";
const secret = "my-invalid-secret";
cwt.verify(token, secret).then((payload) => {
console.log(payload);
});Returns the decoded payload without verifying if the signature is valid.
Example:
const token = "2D3RhEOhAQSgWFCnAXVjb2FwOi8vYXMuZXhhbXBsZS5jb20CZWVyaWt3A3gYY29hcDovL2x"
+ "pZ2h0LmV4YW1wbGUuY29tBBqRrXiwBRpWENnwBhpWENnwB0ILcUgJMQHvbXiSAA==";
const payload = cwt.decode(token);
console.log(payload);Possible errors thrown when creating a token:
KeyErrorin case a payload Key is invalid
Possible errors thrown when verifying a token:
TokenErrorin case the token is expired- Tag mismatch (thrown by underlying cose-js lib)
SHA-256_64
This project is licensed under the MIT license. See the LICENSE file for more info.