1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
# Interface: JWTDecryptOptions
[💗 Help the project](https://github.com/sponsors/panva)
Combination of JWE Decryption options and JWT Claims Set verification options.
## Table of contents
### Properties
- [audience](jwt_decrypt.JWTDecryptOptions.md#audience)
- [clockTolerance](jwt_decrypt.JWTDecryptOptions.md#clocktolerance)
- [contentEncryptionAlgorithms](jwt_decrypt.JWTDecryptOptions.md#contentencryptionalgorithms)
- [crit](jwt_decrypt.JWTDecryptOptions.md#crit)
- [currentDate](jwt_decrypt.JWTDecryptOptions.md#currentdate)
- [inflateRaw](jwt_decrypt.JWTDecryptOptions.md#inflateraw)
- [issuer](jwt_decrypt.JWTDecryptOptions.md#issuer)
- [keyManagementAlgorithms](jwt_decrypt.JWTDecryptOptions.md#keymanagementalgorithms)
- [maxPBES2Count](jwt_decrypt.JWTDecryptOptions.md#maxpbes2count)
- [maxTokenAge](jwt_decrypt.JWTDecryptOptions.md#maxtokenage)
- [subject](jwt_decrypt.JWTDecryptOptions.md#subject)
- [typ](jwt_decrypt.JWTDecryptOptions.md#typ)
## Properties
### audience
• `Optional` **audience**: `string` \| `string`[]
Expected JWT "aud" (Audience) Claim value(s).
___
### clockTolerance
• `Optional` **clockTolerance**: `string` \| `number`
Expected clock tolerance
- In seconds when number (e.g. 5)
- Parsed as seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours").
___
### contentEncryptionAlgorithms
• `Optional` **contentEncryptionAlgorithms**: `string`[]
A list of accepted JWE "enc" (Encryption Algorithm) Header Parameter values. By default all
"enc" (Encryption Algorithm) values applicable for the used key/secret are allowed.
___
### crit
• `Optional` **crit**: `Object`
An object with keys representing recognized "crit" (Critical) Header Parameter names. The value
for those is either `true` or `false`. `true` when the Header Parameter MUST be integrity
protected, `false` when it's irrelevant.
This makes the "Extension Header Parameter "..." is not recognized" error go away.
Use this when a given JWS/JWT/JWE profile requires the use of proprietary non-registered "crit"
(Critical) Header Parameters. This will only make sure the Header Parameter is syntactically
correct when provided and that it is optionally integrity protected. It will not process the
Header Parameter in any way or reject the operation if it is missing. You MUST still verify the
Header Parameter was present and process it according to the profile's validation steps after
the operation succeeds.
The JWS extension Header Parameter `b64` is always recognized and processed properly. No other
registered Header Parameters that need this kind of default built-in treatment are currently
available.
___
### currentDate
• `Optional` **currentDate**: `Date`
Date to use when comparing NumericDate claims, defaults to `new Date()`.
___
### inflateRaw
• `Optional` **inflateRaw**: [`InflateFunction`](types.InflateFunction.md)
In a browser runtime you have to provide an implementation for Inflate Raw when you expect JWEs
with compressed plaintext.
___
### issuer
• `Optional` **issuer**: `string` \| `string`[]
Expected JWT "iss" (Issuer) Claim value(s).
___
### keyManagementAlgorithms
• `Optional` **keyManagementAlgorithms**: `string`[]
A list of accepted JWE "alg" (Algorithm) Header Parameter values.
___
### maxPBES2Count
• `Optional` **maxPBES2Count**: `number`
(PBES2 Key Management Algorithms only) Maximum allowed "p2c" (PBES2 Count) Header Parameter
value. The PBKDF2 iteration count defines the algorithm's computational expense. By default
this value is set to 10000.
___
### maxTokenAge
• `Optional` **maxTokenAge**: `string` \| `number`
Maximum time elapsed (in seconds) from the JWT "iat" (Issued At) Claim value.
- In seconds when number (e.g. 5)
- Parsed as seconds when a string (e.g. "5 seconds", "10 minutes", "2 hours").
___
### subject
• `Optional` **subject**: `string`
Expected JWT "sub" (Subject) Claim value.
___
### typ
• `Optional` **typ**: `string`
Expected JWT "typ" (Type) Header Parameter value.
|
