Skip to content

Commit

Permalink
Add sub claim to JWT standard fields
Browse files Browse the repository at this point in the history
  • Loading branch information
kaira committed Nov 7, 2023
1 parent 54a892a commit 6b25e5c
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 0 deletions.
1 change: 1 addition & 0 deletions src/jwt-model.ts
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ export type JwtHeader = JwtHeaderStandardFields & JsonObject;
interface JwtPayloadStandardFields {
exp?: number; // expires: https://tools.ietf.org/html/rfc7519#section-4.1.4
iss?: string; // issuer: https://tools.ietf.org/html/rfc7519#section-4.1.1
sub?: string; // subject: https://tools.ietf.org/html/rfc7519#section-4.1.2
aud?: string | string[]; // audience: https://tools.ietf.org/html/rfc7519#section-4.1.3
nbf?: number; // not before: https://tools.ietf.org/html/rfc7519#section-4.1.5
iat?: number; // issued at: https://tools.ietf.org/html/rfc7519#section-4.1.6
Expand Down
3 changes: 3 additions & 0 deletions src/jwt.ts
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,9 @@ function assertJwtPayload(
if (payload.iss !== undefined && typeof payload.iss !== "string") {
throw new JwtParseError("JWT payload iss claim is not a string");
}
if (payload.sub !== undefined && typeof payload.sub !== "string") {
throw new JwtParseError("JWT payload sub claim is not a string");
}
if (
payload.aud !== undefined &&
typeof payload.aud !== "string" &&
Expand Down
12 changes: 12 additions & 0 deletions tests/unit/jwt-rsa.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -430,6 +430,18 @@ describe("unit tests jwt verifier", () => {
expect(statement).toThrow("JWT payload iss claim is not a string");
expect(statement).toThrow(JwtParseError);
});
test("JWT with sub that is not a string", () => {
const header = base64url('{"alg":"RS256"}');
const payload = base64url('{"sub":12345}');
const signedJwt = `${header}.${payload}.signature`;
const statement = () =>
verifyJwtSync(signedJwt, keypair.jwk, {
audience: null,
issuer: null,
});
expect(statement).toThrow("JWT payload sub claim is not a string");
expect(statement).toThrow(JwtParseError);
});
test("JWT with aud that is not a string", () => {
const header = base64url('{"alg":"RS256"}');
const payload = base64url('{"aud":12345}');
Expand Down

0 comments on commit 6b25e5c

Please sign in to comment.