coolaj86/oauth3.js
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

changed jwt.verify to not directly use WebCrypto

Browse Source
This commit is contained in:
tigerbot 2017-03-20 18:18:47 -06:00
parent 695df45a1d
commit 06411918a7
1 changed files with 3 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
oauth3.core.js
View File

@ -213,21 +213,12 @@
return { header: jsons[0], payload: jsons[1] }; return { header: jsons[0], payload: jsons[1] };
} }
, verify: function (str, pubKey) { , verify: function (jwk, token) {
var parts = str.split(/\./g); var parts = token.split(/\./g);
var data = OAUTH3._binStr.binStrToBuffer(parts.slice(0, 2).join('.')); var data = OAUTH3._binStr.binStrToBuffer(parts.slice(0, 2).join('.'));
var signature = OAUTH3._base64.urlSafeToBuffer(parts[2]); var signature = OAUTH3._base64.urlSafeToBuffer(parts[2]);
var keyPromise; return OAUTH3.crypto.core.verify(jwk, data, signature);
if (pubKey instanceof OAUTH3._browser.window.CryptoKey) {
keyPromise = OAUTH3.PromiseA.resolve(pubKey);
} else {
keyPromise = OAUTH3._browser.window.crypto.subtle.importKey('jwk', pubKey, {name: 'ECDSA', namedCurve: pubKey.crv}, false, ['verify']);
}
return keyPromise.then(function (key) {
return OAUTH3._browser.window.crypto.subtle.verify({name: 'ECDSA', hash: {name: 'SHA-256'}}, key, signature, data);
});
} }
, freshness: function (tokenMeta, staletime, _now) { , freshness: function (tokenMeta, staletime, _now) {
staletime = staletime || (15 * 60); staletime = staletime || (15 * 60);