Compare Versions - jose

npm / jose / Compare Versions

View on npm

From: → To:

6.2.2

Fixes

reject failed decompression with JWEInvalid error (043b181)

6.2.1

Refactor

reorganize internals, less files, smaller footprint (d4231f9)

6.2.0

Features

re-introduce JWE "zip" (Compression Algorithm) Header Parameter support (b13b446)

Documentation

clarify return of general jws and jwe (56682b4)

6.1.3

Refactor

avoid export * as for google closure's compiler sake (6303d98), closes #832

6.1.2

Refactor

fallback to checking instanceof for CryptoKey (901cd90), closes #765 #803 #821 #827 #828

6.1.1

Documentation

add link to RFC9864 (767edde)
link to ML-DSA for JOSE (ed4252c)
remove mention of Edge Runtime from the readme (94fdde7)
update README.md (25098ef)

Refactor

eliminate named exports in the source code (f6ae30d)
expose setKeyManagementParameters also on a GeneralEncrypt Recipient (16e6b23)
faster path for symmetric key checks (a44c2ec)
improve en/decoding overheads (daee426)

6.1.0

Features

support AKP JWKs in calculateJwkThumbprint and calculateJwkThumbprintUri (cf2092a)
support for the ML-DSA PQC Algorithm Identifiers (25ddce4)

6.0.13

Refactor

more readability in ecdhes.ts (84da9de)
update asn1.ts helpers (b4f8fb3)

6.0.12

Documentation

add known caveats to customFetch (02e1f1e)
mention the apu/apv parameter names in setKeyManagementParameters (6274d5a)
update compact setKeyManagementParameters (2f44381)
use GitHub Flavored Markdown for notes and warnings (f6b4ffc)

Refactor

createPublicKey is not a constructor (61ded78)
update asn1.ts helper functions (b2b611c)

6.0.11

Fixes

typ checking edge-cases when it contains a slash (/) character (31e4baf)

6.0.10

Refactor

removed unused claims methods (74719cf)
reorganize jwt claim set utils (1f12d88)

6.0.9

Documentation

add more symbol document, ignore ts-private fields (8b73687)
bump typedoc (6163a8b)
drop cdnjs links in README (a910038)
drop denoland/x links in README and add jsr (3662b9e)
fix key export links from docs/README.md (c8edfc2)

Refactor

always assume structuredClone is present (f7898a9)
hide internal private fields and drop ProduceJWT inheritance (ab18881)
less objects when JWE JWT Replicated Header Parameters are used (c763a0e)

6.0.8

Fixes

export [customFetch] symbol from the default entrypoint (1615614), closes #762

6.0.7

Documentation

improve generate key/secret and import function descriptions (cd06359)

Fixes

use [customFetch] when provided to createRemoteJWKSet (35f6509), closes #760

6.0.6

Refactor

move base64url around (e1350ef)

Documentation

add various exported symbol descriptions (3b8ff71)
add various exported symbol descriptions (fc4e7da)
add various exported symbol descriptions (74f02c8)
update base64url function descriptions (03d72c8)

6.0.5

Refactor

types: make JWKParameters.kty compatible with @types/node and @types/web (bb6ccfe)

Documentation

add various exported symbol descriptions (f52c2ff)

6.0.4

Refactor

optimize base64 with tc39/proposal-arraybuffer-base64 (8a0da69), closes #752
update getSPKI to use crypto.createPublicKey when available (92392a0), closes #752
use Double HMAC pattern for AES-CBC tag comparison (f3ba4c7), closes #752

6.0.3

Documentation

remove root module tag so that README.md shows up on jsr.io (ee70698)

6.0.2

Documentation

add module tags to all entrypoints (a5687aa)

6.0.1

Fixes

types: update build to include extensions in type imports (9b96672)

6.0.0

⚠ BREAKING CHANGES

The PEMImportOptions type interface is renamed to KeyImportOptions.
all builds and bundles now use ES2022 as target
createRemoteJWKSet now uses fetch, because of that its Node.js only options.agent property has been removed and new fetch-related options were added
drop support for Ed448 and X448
drop support for JWK key_ops and CryptoKey usages "(un)wrapKey" and "deriveKey"
resolved keys returned as part of verify/decrypt operations (when get key functions are used) are always normalized to either Uint8Array / CryptoKey depending on what's more efficient for the executed operation
Key "Type" Generics are removed
CJS-style require is now only possible when require(esm) support is present in the Node.js runtime
private KeyObject instances can no longer be used for verify operations
private KeyObject instances can no longer be used for encryption operations
generateSecret, generateKeyPair, importPKCS8, importSPKI, importJWK, and importX509 now yield a CryptoKey instead of a KeyObject in Node.js
drop support for Node.js 18.x and earlier
runtime-specific npm releases (jose-browser-runtime, jose-node-cjs-runtime, and jose-node-esm-runtime) are no longer maintained or supported
removed secp256k1 JWS support
removed deprecated experimental APIs
removed RSA1_5 JWE support

Features

enable CryptoKey and KeyObject inputs in JWK thumbprint functions (6fc9c44)
JSON Web Key is now an allowed input everywhere (ebda967)

Refactor

always use infered CryptoKey (c4abaa2)
backport the Ed25519 JWS Algorithm Identifier support (7a94cb9)
drop support for Ed448 and X448 (2fae1c4)
drop support for JWK key_ops and CryptoKey usages "(un)wrapKey" and "deriveKey" (ef918be)
ensure export functions continue to work with KeyObject inputs (28e9e68)
hardcode the cryptoRuntime export since it is now always WebCryptoAPI (e00f273)
JWK import extractable default for public keys is now true (64dcebe)
PEM import extractable default for public keys is now true (4e9f114)
removed deprecated APIs (5352083)
removed secp256k1 JWS support (e2b58a5)
restructure src/lib and src/runtime now that runtime is fixed (9b236ce)
target is now ES2022 everywhere (aa590d5)
update importJWK args to align with other import functions (355a2dd)
WebCryptoAPI is now the only crypto used (161de46)

5.10.0

Features

support fully specified Ed25519 algorithm identifier (c39f57d)

5.9.6

Reverts

Revert "refactor(build): simplify package exports" (2ef3a52)

5.9.4

Refactor

types: update error definitions (510c5ca)

5.9.3

Refactor

use as Type for type assertions instead of <Type> (c4dc24d)

5.9.2

Refactor

types: remove index signatures from JWK interfaces (ccf0cda)

5.9.1

Fixes

types: add missing index signature on the convenience JWK types (90a93dc)

5.9.0

Features

allow JWK objects as "key" input to sign and verify (c6302ea)

This method of passing private or public keys does not yield the same performance as passing a CryptoKey or KeyObject instances, its main purpose is for convenience or for when you're not going to be re-using the same set of keys for the operation, in which case you should use one of the import key methods to obtain a CryptoKey or KeyObject.

Example Signing

const alg = "RS256";
const jwk = {
  kty: "RSA",
  n: "whYOFK2Ocbbpb_zVypi9SeKiNUqKQH0zTKN1-6fpCTu6ZalGI82s7XK3tan4dJt90ptUPKD2zvxqTzFNfx4HHHsrYCf2-FMLn1VTJfQazA2BvJqAwcpW1bqRUEty8tS_Yv4hRvWfQPcc2Gc3-_fQOOW57zVy-rNoJc744kb30NjQxdGp03J2S3GLQu7oKtSDDPooQHD38PEMNnITf0pj-KgDPjymkMGoJlO3aKppsjfbt_AH6GGdRghYRLOUwQU-h-ofWHR3lbYiKtXPn5dN24kiHy61e3VAQ9_YAZlwXC_99GGtw_NpghFAuM4P1JDn0DppJldy3PGFC0GfBCZASw",
  e: "AQAB",
  d: "VuVE_KEP6323WjpbBdAIv7HGahGrgGANvbxZsIhm34lsVOPK0XDegZkhAybMZHjRhp-gwVxX5ChC-J3cUpOBH5FNxElgW6HizD2Jcq6t6LoLYgPSrfEHm71iHg8JsgrqfUnGYFzMJmv88C6WdCtpgG_qJV1K00_Ly1G1QKoBffEs-v4fAMJrCbUdCz1qWto-PU-HLMEo-krfEpGgcmtZeRlDADh8cETMQlgQfQX2VWq_aAP4a1SXmo-j0cvRU4W5Fj0RVwNesIpetX2ZFz4p_JmB5sWFEj_fC7h5z2lq-6Bme2T3BHtXkIxoBW0_pYVnASC8P2puO5FnVxDmWuHDYQ",
  p: "07rgXd_tLUhVRF_g1OaqRZh5uZ8hiLWUSU0vu9coOaQcatSqjQlIwLW8UdKv_38GrmpIfgcEVQjzq6rFBowUm9zWBO9Eq6enpasYJBOeD8EMeDK-nsST57HjPVOCvoVC5ZX-cozPXna3iRNZ1TVYBY3smn0IaxysIK-zxESf4pM",
  q: "6qrE9TPhCS5iNR7QrKThunLu6t4H_8CkYRPLbvOIt2MgZyPLiZCsvdkTVSOX76QQEXt7Y0nTNua69q3K3Jhf-YOkPSJsWTxgrfOnjoDvRKzbW3OExIMm7D99fVBODuNWinjYgUwGSqGAsb_3TKhtI-Gr5ls3fn6B6oEjVL0dpmk",
  dp: "mHqjrFdgelT2OyiFRS3dAAPf3cLxJoAGC4gP0UoQyPocEP-Y17sQ7t-ygIanguubBy65iDFLeGXa_g0cmSt2iAzRAHrDzI8P1-pQl2KdWSEg9ssspjBRh_F_AiJLLSPRWn_b3-jySkhawtfxwO8Kte1QsK1My765Y0zFvJnjPws",
  dq: "KmjaV4YcsVAUp4z-IXVa5htHWmLuByaFjpXJOjABEUN0467wZdgjn9vPRp-8Ia8AyGgMkJES_uUL_PDDrMJM9gb4c6P4-NeUkVtreLGMjFjA-_IQmIMrUZ7XywHsWXx0c2oLlrJqoKo3W-hZhR0bPFTYgDUT_mRWjk7wV6wl46E",
  qi: "iYltkV_4PmQDfZfGFpzn2UtYEKyhy-9t3Vy8Mw2VHLAADKGwJvVK5ficQAr2atIF1-agXY2bd6KV-w52zR8rmZfTr0gobzYIyqHczOm13t7uXJv2WygY7QEC2OGjdxa2Fr9RnvS99ozMa5nomZBqTqT7z5QV33czjPRCjvg6FcE",
};

const jwt = await new jose.SignJWT({ "urn:example:claim": true })
  .setProtectedHeader({ alg })
  .setIssuedAt()
  .setIssuer("urn:example:issuer")
  .setAudience("urn:example:audience")
  .setExpirationTime("2h")
  .sign(jwk);

console.log(jwt);

Example Verification

const alg = "RS256";
const jwk = {
  kty: "RSA",
  n: "whYOFK2Ocbbpb_zVypi9SeKiNUqKQH0zTKN1-6fpCTu6ZalGI82s7XK3tan4dJt90ptUPKD2zvxqTzFNfx4HHHsrYCf2-FMLn1VTJfQazA2BvJqAwcpW1bqRUEty8tS_Yv4hRvWfQPcc2Gc3-_fQOOW57zVy-rNoJc744kb30NjQxdGp03J2S3GLQu7oKtSDDPooQHD38PEMNnITf0pj-KgDPjymkMGoJlO3aKppsjfbt_AH6GGdRghYRLOUwQU-h-ofWHR3lbYiKtXPn5dN24kiHy61e3VAQ9_YAZlwXC_99GGtw_NpghFAuM4P1JDn0DppJldy3PGFC0GfBCZASw",
  e: "AQAB",
};

const jwt =
  "eyJhbGciOiJSUzI1NiJ9.eyJ1cm46ZXhhbXBsZTpjbGFpbSI6dHJ1ZSwiaWF0IjoxNjY5MDU2NDg4LCJpc3MiOiJ1cm46ZXhhbXBsZTppc3N1ZXIiLCJhdWQiOiJ1cm46ZXhhbXBsZTphdWRpZW5jZSJ9.gXrPZ3yM_60dMXGE69dusbpzYASNA-XIOwsb5D5xYnSxyj6_D6OR_uR_1vqhUm4AxZxcrH1_-XJAve9HCw8az_QzHcN-nETt-v6stCsYrn6Bv1YOc-mSJRZ8ll57KVqLbCIbjKwerNX5r2_Qg2TwmJzQdRs-AQDhy-s_DlJd8ql6wR4n-kDZpar-pwIvz4fFIN0Fj57SXpAbLrV6Eo4Byzl0xFD8qEYEpBwjrMMfxCZXTlAVhAq6KCoGlDTwWuExps342-0UErEtyIqDnDGcrfNWiUsoo8j-29IpKd-w9-C388u-ChCxoHz--H8WmMSZzx3zTXsZ5lXLZ9IKfanDKg";

const { payload, protectedHeader } = await jose.jwtVerify(jwt, jwk, {
  issuer: "urn:example:issuer",
  audience: "urn:example:audience",
});

console.log(protectedHeader);
console.log(payload);

5.8.0

Features

add subpath module exports (72ecff6)

Refactor

omit LocalJWKSet export since it's no longer needed for RemoteJWKSet (c502731)

5.7.0

Features

graduate jwksCache to stable API (0f09c12)

5.6.3

Fixes

add sideEffects:false to nested ESM package.json files (f3aff1c)

5.6.2

Refactor

CryptoKey normalization is not always async (b7751f5)
weak cache normalized CryptoKey instances (32b25a5)

Fixes

ensure KeyObject type in Web API encrypt/decrypt (b7920bd)

5.6.1

Refactor

normalize is always defined for Web API runtimes (7bcb103)

Fixes

workaround turbo's eager optimizations (723a042), closes #690

5.6.0

Features

support KeyObject inputs in WebCryptoAPI runtimes given compatibility (e178b8f)

5.5.0

Features

add experimental support for edge compute runtimes JWKS caching (ab166e2), closes #551 #661 #653 #415
- see docs

5.4.1

Fixes

ensure latest release on npm is v5.x (a9b2a30)

5.4.0

Features

expose JWT's payload in JWTClaimValidationFailed instances (58bcffb), closes #680

Refactor

add explicit return types everywhere (cc2b2d7)

5.3.0

Features

allow observing remote JWKS resolver state and its manual reload (fa8b639)

Refactor

if should not be the only statement in else blocks (a6b716b)

5.2.4

Refactor

use createLocalJWKSet instead of LocalJWKSet in createRemoteJWKSet (a7c566c)

5.2.3

Refactor

move iv generation and optional outputs around (05c4351)

5.2.2

Fixes

types: iv and tag is optional in JSON serializations (53019cd)

5.2.1

Fixes

build: refactor export targets for browser, node cjs, and node esm builds (50cbc65)

5.2.0

Features

extend JWT NumericDate setter syntax (ae363c3)

5.1.3

Build

add errors and base64url submodule exports (564412d)

5.1.2

Fixes

do not mutate JWTVerifyOptions.requiredClaims (1bf9cec), closes #610

5.1.1

Refactor

deprecate the RSA1_5 JWE Algorithm (f746da1)

5.1.0

Features

add payload generics to jose.decodeJwt (9de49e2), closes #604

5.0.2

Fixes

createRemoteJWKSet: ensure a default user-agent header is present (887dd3c), closes #600

5.0.1

Fixes

also use ES2020 in the CDN bundles (8c4d390)

5.0.0

⚠ BREAKING CHANGES

Node.js: return Uint8Array (not a Buffer) from base64url.decode
Browser distribution is now built using ES2020 as a target
Node.js distribution is now built using ES2022 as a target
types: jwtVerify and jwtDecrypt type argument for the resolved KeyLike type is now a second optional type argument following a type for the JWT Claims Set (aka payload)
PBES2 Key Management Algorithms' use in decrypt functions now requires the use of the keyManagementAlgorithms option to explicitly opt-in for their use.
importJWK "octAsKeyObject" option was removed. importJWK will no longer return CryptoKey or KeyObject for "oct" (octet sequence) JWK key types, it will instead always return a Uint8Array formed from the "k" (Key Value) Parameter regardless of the other JWK Parameters that may be present.
End-Of-Life versions of Node.js as of October 2023 are no longer supported. Node.js 18, 20, 21, and future releases are the ones that remain supported.
The JWE "zip" (Compression Algorithm) Header Parameter is no longer supported by this JOSE implementation.

Features

add Date as valid input to timestamp setting functions (bd830a4)
default to an empty payload in JWT producing constructors (98d6ca1)
types: add optional Generics for JWT verify and decrypt (61bd2a0), closes #568

Reverts

Revert "test: fix test under lts/erbium" (b64b6c7)

Refactor

Browser distribution is now built using ES2020 as a target (1836684)
drop support for EOL Node.js versions (b5aee54)
importJWK always returns a Uint8Array for symmetric key inputs (163e1b0)
Node.js distribution is now built using ES2022 as a target (239697a)
Node.js: return Uint8Array (not a Buffer) from base64url.decode (02d5182)
PBES2 Algorithms require explicit opt-in during verification (e2da031)
remove support for JWE "zip" (Compression Algorithm) Header Parameter (16998b1)
types: rename type parameters for the KeyLike returns (eddd400)
update allow list error messages (fe8114c)

4.15.9

Fixes

add sideEffects:false to nested ESM package.json files (17eef5f)

4.15.7

Fixes

add a workerd package.json target (e36d69e)

4.15.5

Fixes

add a maxOutputLength option to zlib inflate (1b91d88), fixes CVE-2024-28176

4.15.4

Fixes

types: export GetKeyFunction (#592) (936c9df), closes #591

4.15.3

This release contains only Node.js CITGM related test updates.

Fixes https://github.com/nodejs/citgm/issues/1011

4.15.2

Fixes

build: add a node target for jose-browser-runtime releases (abb63d0)

4.15.1

Fixes

resolve missing types for the cryptoRuntime const (1627965)

4.15.0

Features

export the used crypto runtime as a constant (0681dda)

4.14.6

Fixes

build: publish bundle and umd files with jose-browser-runtime module (62fcbcc), closes #571

4.14.5

Refactor

catch type error when decoding base64url signature (#569) (935e920)
catch type errors when decoding various base64url strings (9024e87)

4.14.4

Refactor

cleanup NODE-ED25519 workerd workarounds (072e83d)

4.14.3

Reverts

Revert "fix(types): headers and payloads may only be JSON values and primitives" (06d8101), closes #534

4.14.2

Fixes

types: headers and payloads may only be JSON values and primitives (24f306e)

4.14.1

This release is to start using provenance statements.

4.14.0

Features

add requiredClaims JWT validation option (eeea91d)

4.13.2

This release contains only minor code refactoring, documentation, and IntelliSense updates.

4.13.1

Fixes

workerd: avoid "The script will never generate a response" edge cases completely (96a8c99), closes #355 #509

4.13.0

Features

types: allow generics to aid in CryptoKey or KeyObject narrowing of KeyLike (6effa4d)

Fixes

make jose.EmbeddedJWK arguments optional (20610a9)

4.12.2

Fixes

types: declare explicit return from EmbeddedJWK (46934ac)

4.12.1

Refactor

clarify when alg is used and required on key imports (19e525f)
node: have node:crypto deal with x509 parsing (45bb45d)

4.12.0

Features

enable key iteration over JWKSMultipleMatchingKeys (a278acd)

const JWKS = jose.createRemoteJWKSet(new URL('https://www.googleapis.com/oauth2/v3/certs'))

const options = {
  issuer: 'urn:example:issuer',
  audience: 'urn:example:audience',
}
const { payload, protectedHeader } = await jose
  .jwtVerify(jwt, JWKS, options)
  .catch(async (error) => {
    if (error?.code === 'ERR_JWKS_MULTIPLE_MATCHING_KEYS') {
      for await (const publicKey of error) {
        try {
          return await jose.jwtVerify(jwt, publicKey, options)
        } catch (innerError) {
          if (innerError?.code === 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED') {
            continue
          }
          throw innerError
        }
      }
      throw new jose.errors.JWSSignatureVerificationFailed()
    }

    throw error
  })
console.log(protectedHeader)
console.log(payload)

4.11.4

Fixes

build: ignore deno files in npm publishes (b3d6a11)

4.11.3

Fixes

CF Workers: improve miniflare compat with different Node.js versions, get ready for future non-proprietary support (3406b9f), closes #446 #495 #497

4.11.2

Refactor

node: dry node version checks (aff2f7c)

4.11.1

This release contains only code refactoring, documentation updates, and Node.js CITGM related test updates.

4.11.0

Features

add bun as a supported runtime (3a63631)

Fixes

respect JWK ext for symmetric keys (20557fc)

4.10.4

Fixes

typo in importPKSC8 error message (#468) (746bc64)
workaround for invalid use checks on CF Workers and Deno (e4d04eb)

4.10.3

v4.10.1, v4.10.2, and v4.10.3 contain only code refactoring, documentation updates, and updates necessary to include jose in the Node.js CITGM builds.

4.10.0

Features

Curve25519, and Curve448 support for WebCryptoAPI runtimes based on Secure Curves in the Web Cryptography API (fea359a)

Fixes

importX509: handle length encodings better (47d0d77), closes #459

4.9.3

Refactor

update CEK length validation error message (81a92a9)
update key input validation error messages (2eac34a)
update keylike description for WinterCG (6741679)

4.9.2

Fixes

limit default PBES2 alg's computational expense (03d6d01)

4.9.1

Fixes

deno: add a Deno package entrypoint (9f3c459)

4.9.0

Features

add support for RFC 9278 - JWK Thumbprint URI (d06ce65)

Refactor

consume some base64url decode errors (#436) (caaf2c3)
unify JOSENotSupported throw on key export (fe5d093)

4.8.3

This release contains only code refactoring and documentation updates.

4.8.1

Fixes

typescript: add types export for nodenext module resolution (#406) (5a6d8f0)

4.8.0

Features

add "worker" export in package.json (#400) (c58c80a)
optional headers options for createRemoteJWKSet (#397) (b4612f5)

4.7.0

Features

add createRemoteJWKSet cacheMaxAge option (5017d95), closes #394

4.6.2

Fixes

dont check JWT iat is in the past unless maxTokenAge is used (96d85c7)

4.6.1

This release contains only code refactoring and documentation updates.

4.6.0

Features

mark APIs and parameters that can lead to footguns as deprecated (0ddbcc6)
types: include JSDoc in the types (74187a9)

4.5.3

Fixes

web api runtime: rely on default fetch init values (df6d966)

4.5.2

Fixes

decrypting empty ciphertext compact JWEs (#374) (95fe597)

4.5.1

Fixes

typescript: allow synchronous get key functions (7c99153)

4.5.0

Features

add jose.decodeJwt utility (3d2a2b8)

Fixes

concurrent fetch await in cloudflare (e44cd18), closes #355

4.4.0

Features

add createLocalJWKSet, resolver to verify using a local JWKSet (bd7bf37)

4.3.9

Fixes

only add y to the epk header parameter when EC keys are used (dd6775e), closes #348

4.3.8

This release contains only code refactoring and documentation updates.

4.3.7

Fixes

typescript: b64: true is fine to use in JWT, its useless, but allowed (#324) (ee401c9)

4.3.6

Fixes

electron: rsa-pss keys are never supported (188c1f7)

4.3.5

Fixes

typescript: b64 header regression (#324) (9da0a7f)

4.3.4

Fixes

Compact JWS verification handles a zero-length payload string (7c70e7b)

4.3.3

Fixes

typescript: apply updated compact and jwt headers to compact/jwt verify and decrypt results (0c1946c)

4.3.2

Fixes

createRemoteJWKSet handles all JWS syntaxes (aaba8f3)
typescript: Compact JWS Header Parameters has alg and enc as required (0fa87af)
typescript: Compact JWS Header Parameters has alg as required (c7fabd0)
typescript: Signed JWT Header Parameters has alg as required and b64 as never (79cbd82)

4.3.0

Features

add GeneralSign signature and GeneralEncrypt recipient builder chaining (cfc93f5)

4.2.1

Fixes

node: dont mention CryptoKey in versions without webcrypto (401cabf)

4.2.0

Features

General JWE Encryption (94eca81)

example Usage

import * as jose from "jose";

const firstRecipientKeyPair = await jose.generateKeyPair("RSA-OAEP-256");
const secondRecipientKeyPair = await jose.generateKeyPair("ECDH-ES+A256KW");
const thirdRecipientSecret = await jose.generateSecret("A256GCMKW");

const encoder = new TextEncoder();
const plaintext = encoder.encode(
  "It’s a dangerous business, Frodo, going out your door."
);
const additionalAuthenticatedData = encoder.encode(
  "The Fellowship of the Ring"
);

const enc = new jose.GeneralEncrypt(plaintext)
  .setAdditionalAuthenticatedData(additionalAuthenticatedData)
  .setProtectedHeader({ enc: "A256GCM" });

enc
  .addRecipient(firstRecipientKeyPair.publicKey)
  .setUnprotectedHeader({ alg: "RSA-OAEP-256" });
enc
  .addRecipient(secondRecipientKeyPair.publicKey)
  .setUnprotectedHeader({ alg: "ECDH-ES+A256KW" });
enc
  .addRecipient(thirdRecipientSecret)
  .setUnprotectedHeader({ alg: "A256GCMKW" });

const jwe = await enc.encrypt();

console.log(JSON.stringify(jwe, null, 4));

for (const recipientKey of [
  firstRecipientKeyPair.privateKey,
  secondRecipientKeyPair.privateKey,
  thirdRecipientSecret,
]) {
  await jose.generalDecrypt(jwe, recipientKey);
}

4.1.5

Fixes

importX509 certificate values that do not include a version number (51a18b6), closes #308

4.1.4

Fixes

allow shorter HMAC secrets (57126f1)

4.1.3

Fixes

edge-functions: don't use globalThis (3952030)

4.1.2

Bug Fixes

build: ensure cjs/esm specific packages have the right main entry (2f4526a)

4.1.1

Bug Fixes

typescript: work around potentially missing global URL from DOM lib (7ed731c), closes #295

4.1.0

Features

web: publish umd and bundle files to cdnjs.com (3b3100a)

4.0.4

Bug Fixes

web: check Uint8Array CEK lengths, refactor for better tree-shaking (e8299f2)

4.0.3

Bug Fixes

web: checking cryptokey applicability early (89dc2aa)

4.0.2

Bug Fixes

typescript: export ProduceJWT (#285) (2b8738e)

4.0.1

Bug Fixes

typescript: re-export all types from index.d.ts (d68f104)

4.0.0

⚠ BREAKING CHANGES

All module named exports have moved from subpaths to just "jose". For example, import { jwtVerify } from 'jose/jwt/verify' is now just import { jwtVerify } from 'jose'.
All submodule default exports and named have been removed in favour of just "jose" named exports.
typescript: remove repeated type re-exports
The undocumented jose/util/random was removed.
The jose/jwk/thumbprint named export is renamed to calculateJwkThumbprint, now import { calculateJwkThumbprint } from 'jose'
The deprecated jose/jwk/parse module was removed, use import { importJWK } from 'jose' instead.
The deprecated jose/jwk/from_key_like module was removed, use import { exportJWK } from 'jose' instead.

Migration Guide

Migrating from v3.x to v4.x is very straight forward.

All import statements, require(), or import() invocations should be changed to use just 'jose' as the target.
There are no more default exports. Everything was converted to a named export.
Refer to the documentation if you're not sure how a given module should be imported / required.
any custom resolvers targeting jose dist files for jest, typescript, or other tooling should be removed

// before (v3.x)
import { jwtVerify } from 'jose/jwt/verify'
import { SignJWT } from 'jose/jwt/sign'
import * as errors from 'jose/util/errors'

// after (v4.x)
import { jwtVerify, SignJWT, errors } from 'jose'

3.20.4

Fixes

limit default PBES2 alg's computational expense (d530c30)

3.20.3

Bug Fixes

remove clutter when tree shaking browser dist (73ba370)
typescript: JWTExpired error TS2417 (373e0e4)

3.20.2

Bug Fixes

allow tree-shaking of errors (0824301)

3.20.1

Bug Fixes

typescript: PEM import functions always resolve a KeyLike, never a Uint8Array (8ef3a8e)

3.20.0

Features

improve key input type errors, remove dependency on @types/node (a13eb04)

Bug Fixes

proper createRemoteJWKSet timeoutDuration handling (efa1619), closes #277

3.19.0

Features

return resolved key when verify and decrypt resolve functions are used (49fb62c)

3.18.0

Features

add X.509/SPKI/PKCS8 key import and SPKI/PKCS8 export functions (a2af0f4)

3.17.0

Features

cloudflare workers: add support for EdDSA using Ed25519 (0967369)

3.16.1

Bug Fixes

guard Sign payloads and Encrypt plaintext argument types (10a18f2)

3.16.0

Features

node: support rsa-pss keys in Node.js >= 16.9.0 for sign/verify (0b112cf)

3.15.5

Bug Fixes

omit some fetch options when running in Cloudflare Workers env (ced065a), closes #255

3.15.4

Bug Fixes

deno: ignore incomplete webcrypto api type errors (c5f2262)
typescript: generateKeyPair never returns Uint8Array (73adc01)

3.15.3

Features

experimental Deno build & publish (5c7d265)

Bug Fixes

typescript: allow sign results to be passed to verify (59aa96d)

3.14.4

Bug Fixes

throw JWEInvalid when jwe protected header is invalid (991d435)
throw JWSInvalid when jws protected header is invalid (#244) (1fc79aa)

3.14.3

Bug Fixes

docs: update doc links again (26c4361)

3.14.2

Bug Fixes

docs: update doc links (86f9134)

3.14.1

Bug Fixes

typescript: export generate key pair result interface (2b5cc28)

3.14.0

Features

add verbose key type error messages (df56b94)

Bug Fixes

typescript: remove file extensions from .d.ts files (e091f0f), closes #222
AES Key Wrap input type check (b83821b)
guard SignJWT.prototype.sign() from missing protected header (4103719), closes #221
typescript: add "jku" header to JoseHeaderParameters (#220) (72a72db)

3.13.0

Features

typescript: export consume module interface types (#213) (13fa3d8)

3.12.3

Bug Fixes

browser: remove the use of a node std-lib in decodeProtectedHeader (d9d4a5f), closes #206

3.12.2

Performance

node: use util.types.is* helpers when available (d36311d)

3.12.1

Bug Fixes

browser: avoid global-conflicting variable name fetch (#199) (b2c6273)

3.12.0

Features

webcrypto: allow generate* modules extractable: false override (afae428)

3.11.6

Bug Fixes

swallow promisified crypto.verify errors (d512ede)

3.11.5

Bug Fixes

isObject helper in different vm contexts or jest re-assigned globals (7819df7), closes #178

3.11.4

Bug Fixes

defer AES CBC w/ HMAC decryption after tag verification passes (579485c), fixes CVE-2021-29443, CVE-2021-29444 , CVE-2021-29445, and CVE-2021-29446

3.11.3

Bug Fixes

node: check CryptoKey algorithm & usage before exporting KeyObject (dab4b2f)

3.11.2

Bug Fixes

assert KeyLike input types, change "any" types to "unknown" (edb83a8)

3.11.1

Bug Fixes

node: crypto.verify callback invocation with a private keyobject (d3d4acd)

3.11.0

Features

export error codes as static properties (89d8003), closes #170

3.10.0

Features

node: use libuv threadpool to sign in node >= 15.12.0 (cf5074e)
node: use libuv threadpool to verify in node >= 15.12.0 (ae9a7f4)
node: use native JWK export in node >= 15.9.0 (7f3cc44)
node: use native JWK import in node >= 15.12.0 (f0c2a64)

3.9.0

Features

add named exports for all modules (5cba6b0)

3.8.0

Features

publish alternative Node.js and Browser specific distributions (7856dad)

3.7.1

Bug Fixes

swallow invalid signature encoding errors (e0adf49)

3.7.0

Features

electron >=12.0.0 is now supported (and tested on ci) (8fffd3e)

Bug Fixes

electron: only call (de)cipher.setAAD() when aad is not empty (a5a6c4d)
electron: properly ASN.1 encode [0x00] when converting RSA JWKs (433f020)

3.6.2

Bug Fixes

typescript: update maxTokenAge type and examples (2c358e0)

3.6.1

Bug Fixes

node runtime json fetch handles connection errors properly (fc584b2)

3.6.0

Features

allow CryptoKey instances in a regular non-webcrypto node runtime (e8d41a9)

3.5.4

Bug Fixes

export package.json (8c29107), closes #157

3.5.3

Bug Fixes

workaround downstream dependency issues messing with http (2e58005), closes #154

3.5.2

Performance

use 'base64url' encoding when available in Node.js runtime (808f06c)
use KeyObject.prototype asymmetricKeyDetails when available (ad88ee2)

3.5.1

Bug Fixes

workaround for RangeError in browser runtime base64url (ed32b0d)

3.5.0

Features

added JWE General JSON Serialization decryption (16dea9e)

3.4.0

Features

added JWS General JSON Serialization signing (6fb862c), closes #129
added JWS General JSON Serialization verification (55b7781), closes #129
added utility function for decoding token's protected header (fa29d68)

3.3.2

Bug Fixes

typescript: ref dom lib via triple-slash to fix some compile issues (175f273), closes #126

3.3.1

Bug Fixes

botched v3.3.0 release (1c3e116)

3.3.0

Features

support recognizing proprietary crit header parameters (5163116), closes #123

Bug Fixes

reject JWTs with b64: false (691b44a)

3.2.0

Features

allow specifying modulusLength when generating RSA Key Pairs (5f7a0e9), closes #121

3.1.3

Bug Fixes

typescript: refactored how types are published (2937363), closes #119

3.1.2

Bug Fixes

handle globalThis undefined in legacy browsers (b83c59b)

3.1.1

Bug Fixes

global detection in a browser worker runtime (56ff8fa)

3.1.0

Features

added "KeyLike to JWK" module (7a8418e), closes #109
allow compact verify/decrypt tokens to be uint8array encoded (e39c3db)
allow http.Agent and https.Agent passed in remote JWK Set (38494a8)

3.0.2

Bug Fixes

build: publish esm submodules (7b6364f), closes #104

3.0.1

Bug Fixes

typescript: fix compiling by adding .d.ts files for runtime modules (d9cb573)

3.0.0

⚠ BREAKING CHANGES

Revised, Promise-based API
No dependencies
Browser support (using Web Cryptography API)
Support for verification using a remote JWKS endpoint
Experimental Node.js libuv thread pool based runtime (non-blocking 🎉)

Features

Revised API, No dependencies, Browser Support, Promises (357fe0b)

2.0.7

Fixes

add a maxOutputLength option to zlib inflate (02a6579), fixes CVE-2024-28176

2.0.6

Fixes

limit default PBES2 alg's computational expense (c1512be)

2.0.5

Bug Fixes

defer AES CBC w/ HMAC decryption after tag verification passes (812e03f), fixes CVE-2021-29443

2.0.4

Performance

improve base64url encoding when available in Node.js (d5af559)

2.0.3

Bug Fixes

allow stubbing of the JWT.decode function (6c3b92f)

2.0.2

Bug Fixes

esm: include esm files in the published package (1956746)

2.0.1

Bug Fixes

allow plugins such as jose-chacha to work in newer node runtime (30f1dc2)

2.0.0

⚠ BREAKING CHANGES

the JWE.decrypt option algorithms was removed and replaced with contentEncryptionAlgorithms (handles enc allowlist) and keyManagementAlgorithms (handles alg allowlist)
the JWT.verify profile option was removed, use e.g. JWT.IdToken.verify instead.
removed the maxAuthAge JWT.verify option, this option is now only present at the specific JWT profile APIs where the auth_time property applies.
removed the nonce JWT.verify option, this option is now only present at the specific JWT profile APIs where the nonce property applies.
the acr, amr, nonce and azp claim value types will only be checked when verifying a specific JWT profile using its dedicated API.
using the draft implementing APIs will emit a one-time warning per process using process.emitWarning
JWT.sign function options no longer accept a nonce property. To create a JWT with a nonce just pass the value to the payload.
due to added ESM module support Node.js version with ESM implementation bugs are no longer supported, this only affects early v13.x versions. The resulting Node.js semver range is >=10.13.0 < 13 || >=13.7.0
deprecated method JWK.importKey was removed
deprecated method JWKS.KeyStore.fromJWKS was removed
the use of unregistered curve name P-256K for secp256k1 was removed
jose.JWE.Encrypt constructor aad and unprotectedHeader arguments swapped places
jose.JWE.encrypt.flattened header (unprotectedHeader) and aad arguments swapped places
jose.JWE.encrypt.general header (unprotectedHeader) and aad arguments swapped places
JWS.verify returned payloads are now always buffers
JWS.verify options encoding and parse were removed

Features

added support for ESM (ECMAScript modules) (1aa9035)
decrypt allowlists for both key management and content encryption (30e5c46)

Bug Fixes

typescript: allow Buffer when verifying detached signature (cadbd04)
typescript: properly type all decode/verify/decrypt fn options (4c23bd6)

Refactor

encrypt APIs unprotectedHeader and aad arguments swapped (70bd4ae)
move JWT profile specifics outside of generic JWT (fd69d7f)
removed nonce option from JWT.sign (c4267cc)
removed deprecated methods and utilities (6c35c51)
removed payload parsing from JWS.verify (ba5c897)

1.28.2

Fixes

limit default PBES2 alg's computational expense (4e7121a)

1.28.1

Bug Fixes

defer AES CBC w/ HMAC decryption after tag verification passes (08e1bc5), fixes CVE-2021-29443

1.28.0

Features

support for validating issuer from a list of values (#91) (ce6836a)

1.27.3

Bug Fixes

do not mutate unencoded payload when signing for multiple parties (1695423), closes #89
ensure "b64" is the same for all recipients edge cases (d56ec9f)

1.27.2

Bug Fixes

handle private EC keys without public component (#86) (e8ad389), closes #85

1.27.1

Bug Fixes

allow any JSON numeric value for timestamp values (7ba4922)

1.27.0

Features

add opt-in objects to verify using embedded JWS Header public keys (7c1cab1)

1.26.1

Bug Fixes

typescript: types of key generate functions without overloads (7e60722), closes #80
"typ" content-type validation, case insensitive and handled prefix (0691586)

1.26.0

Features

update JWT Profile for OAuth 2.0 Access Tokens to latest draft (8c0a8a9)

BREAKING CHANGES

at+JWT JWT draft profile - in the draft's Section 2.2 the claims iat and jti are now REQUIRED (was RECOMMENDED).

Draft specification profiles are updated as minor versions of the library, therefore, since they may have breaking changes, use the ~ semver operator when using these and pay close attention to changelog and the drafts themselves.

1.25.2