1. module jwt-simple
   1. function jwt-simple.decode (token, key, noVerify, algorithm)
   2. function jwt-simple.encode (payload, key, algorithm, options)
   3. object jwt-simple.jwt
   4. string jwt-simple.version
2. module jwt-simple.jwt
   1. function jwt-simple.jwt.decode (token, key, noVerify, algorithm)
   2. function jwt-simple.jwt.encode (payload, key, algorithm, options)
   3. string jwt-simple.jwt.version

module jwt-simple

function jwt-simple.decode (token, key, noVerify, algorithm)

• description and source-code

  function jwt_decode(token, key, noVerify, algorithm) {
    // check token
    if (!token) {
      throw new Error('No token supplied');
    }
    // check segments
    var segments = token.split('.');
    if (segments.length !== 3) {
      throw new Error('Not enough or too many segments');
    }
  
    // All segment should be base64
    var headerSeg = segments[0];
    var payloadSeg = segments[1];
    var signatureSeg = segments[2];
  
    // base64 decode and parse JSON
    var header = JSON.parse(base64urlDecode(headerSeg));
    var payload = JSON.parse(base64urlDecode(payloadSeg));
  
    if (!noVerify) {
      var signingMethod = algorithmMap[algorithm || header.alg];
      var signingType = typeMap[algorithm || header.alg];
      if (!signingMethod || !signingType) {
        throw new Error('Algorithm not supported');
      }
  
      // verify signature. `sign` will return base64 string.
      var signingInput = [headerSeg, payloadSeg].join('.');
      if (!verify(signingInput, key, signingMethod, signingType, signatureSeg)) {
        throw new Error('Signature verification failed');
      }
  
      // Support for nbf and exp claims.
      // According to the RFC, they should be in seconds.
      if (payload.nbf && Date.now() < payload.nbf*1000) {
        throw new Error('Token not yet active');
      }
  
      if (payload.exp && Date.now() > payload.exp*1000) {
        throw new Error('Token expired');
      }
    }
  
    return payload;
  }

• example usage

  ...
  // HS256 secrets are typically 128-bit random strings, for example hex-encoded:
  // var secret = Buffer.from('fe1a1915a379f3be5394b64d14794932', 'hex)
  
  // encode
  var token = jwt.encode(payload, secret);
  
  // decode
  var decoded = jwt.decode(token, secret);
  console.log(decoded); //=> { foo: 'bar' }
  ```
  
  ### decode params
  
  ```javascript
  /*
  ...

function jwt-simple.encode (payload, key, algorithm, options)

• description and source-code

  function jwt_encode(payload, key, algorithm, options) {
    // Check key
    if (!key) {
      throw new Error('Require key');
    }
  
    // Check algorithm, default is HS256
    if (!algorithm) {
      algorithm = 'HS256';
    }
  
    var signingMethod = algorithmMap[algorithm];
    var signingType = typeMap[algorithm];
    if (!signingMethod || !signingType) {
      throw new Error('Algorithm not supported');
    }
  
    // header, typ is fixed value.
    var header = { typ: 'JWT', alg: algorithm };
    if (options && options.header) {
      assignProperties(header, options.header);
    }
  
    // create segments, all segments should be base64 string
    var segments = [];
    segments.push(base64urlEncode(JSON.stringify(header)));
    segments.push(base64urlEncode(JSON.stringify(payload)));
    segments.push(sign(segments.join('.'), key, signingMethod, signingType));
  
    return segments.join('.');
  }

• example usage

  ...
  var payload = { foo: 'bar' };
  var secret = 'xxx';
  
  // HS256 secrets are typically 128-bit random strings, for example hex-encoded:
  // var secret = Buffer.from('fe1a1915a379f3be5394b64d14794932', 'hex)
  
  // encode
  var token = jwt.encode(payload, secret);
  
  // decode
  var decoded = jwt.decode(token, secret);
  console.log(decoded); //=> { foo: 'bar' }
  ```
  
  ### decode params
  ...

module jwt-simple.jwt

function jwt-simple.jwt.decode (token, key, noVerify, algorithm)

• description and source-code

  function jwt_decode(token, key, noVerify, algorithm) {
    // check token
    if (!token) {
      throw new Error('No token supplied');
    }
    // check segments
    var segments = token.split('.');
    if (segments.length !== 3) {
      throw new Error('Not enough or too many segments');
    }
  
    // All segment should be base64
    var headerSeg = segments[0];
    var payloadSeg = segments[1];
    var signatureSeg = segments[2];
  
    // base64 decode and parse JSON
    var header = JSON.parse(base64urlDecode(headerSeg));
    var payload = JSON.parse(base64urlDecode(payloadSeg));
  
    if (!noVerify) {
      var signingMethod = algorithmMap[algorithm || header.alg];
      var signingType = typeMap[algorithm || header.alg];
      if (!signingMethod || !signingType) {
        throw new Error('Algorithm not supported');
      }
  
      // verify signature. `sign` will return base64 string.
      var signingInput = [headerSeg, payloadSeg].join('.');
      if (!verify(signingInput, key, signingMethod, signingType, signatureSeg)) {
        throw new Error('Signature verification failed');
      }
  
      // Support for nbf and exp claims.
      // According to the RFC, they should be in seconds.
      if (payload.nbf && Date.now() < payload.nbf*1000) {
        throw new Error('Token not yet active');
      }
  
      if (payload.exp && Date.now() > payload.exp*1000) {
        throw new Error('Token expired');
      }
    }
  
    return payload;
  }

• example usage

  ...
  // HS256 secrets are typically 128-bit random strings, for example hex-encoded:
  // var secret = Buffer.from('fe1a1915a379f3be5394b64d14794932', 'hex)
  
  // encode
  var token = jwt.encode(payload, secret);
  
  // decode
  var decoded = jwt.decode(token, secret);
  console.log(decoded); //=> { foo: 'bar' }
  ```
  
  ### decode params
  
  ```javascript
  /*
  ...

function jwt-simple.jwt.encode (payload, key, algorithm, options)

• description and source-code

  function jwt_encode(payload, key, algorithm, options) {
    // Check key
    if (!key) {
      throw new Error('Require key');
    }
  
    // Check algorithm, default is HS256
    if (!algorithm) {
      algorithm = 'HS256';
    }
  
    var signingMethod = algorithmMap[algorithm];
    var signingType = typeMap[algorithm];
    if (!signingMethod || !signingType) {
      throw new Error('Algorithm not supported');
    }
  
    // header, typ is fixed value.
    var header = { typ: 'JWT', alg: algorithm };
    if (options && options.header) {
      assignProperties(header, options.header);
    }
  
    // create segments, all segments should be base64 string
    var segments = [];
    segments.push(base64urlEncode(JSON.stringify(header)));
    segments.push(base64urlEncode(JSON.stringify(payload)));
    segments.push(sign(segments.join('.'), key, signingMethod, signingType));
  
    return segments.join('.');
  }

• example usage

  ...
  var payload = { foo: 'bar' };
  var secret = 'xxx';
  
  // HS256 secrets are typically 128-bit random strings, for example hex-encoded:
  // var secret = Buffer.from('fe1a1915a379f3be5394b64d14794932', 'hex)
  
  // encode
  var token = jwt.encode(payload, secret);
  
  // decode
  var decoded = jwt.decode(token, secret);
  console.log(decoded); //=> { foo: 'bar' }
  ```
  
  ### decode params
  ...