| import { CompactSign } from '../jws/compact/sign.js'; | |
| import { JWTInvalid } from '../util/errors.js'; | |
| import { JWTClaimsBuilder } from '../lib/jwt_claims_set.js'; | |
| export class SignJWT { | |
| #protectedHeader; | |
| #jwt; | |
| constructor(payload = {}) { | |
| this.#jwt = new JWTClaimsBuilder(payload); | |
| } | |
| setIssuer(issuer) { | |
| this.#jwt.iss = issuer; | |
| return this; | |
| } | |
| setSubject(subject) { | |
| this.#jwt.sub = subject; | |
| return this; | |
| } | |
| setAudience(audience) { | |
| this.#jwt.aud = audience; | |
| return this; | |
| } | |
| setJti(jwtId) { | |
| this.#jwt.jti = jwtId; | |
| return this; | |
| } | |
| setNotBefore(input) { | |
| this.#jwt.nbf = input; | |
| return this; | |
| } | |
| setExpirationTime(input) { | |
| this.#jwt.exp = input; | |
| return this; | |
| } | |
| setIssuedAt(input) { | |
| this.#jwt.iat = input; | |
| return this; | |
| } | |
| setProtectedHeader(protectedHeader) { | |
| this.#protectedHeader = protectedHeader; | |
| return this; | |
| } | |
| async sign(key, options) { | |
| const sig = new CompactSign(this.#jwt.data()); | |
| sig.setProtectedHeader(this.#protectedHeader); | |
| if (Array.isArray(this.#protectedHeader?.crit) && | |
| this.#protectedHeader.crit.includes('b64') && | |
| this.#protectedHeader.b64 === false) { | |
| throw new JWTInvalid('JWTs MUST NOT use unencoded payload'); | |
| } | |
| return sig.sign(key, options); | |
| } | |
| } | |