Token Verifier Improvements

packages/application-tester/package.json

@@ -38,9 +38,9 @@
     "apollo-link-ws": "1.0.20",
     "apollo-utilities": "1.3.4",
     "cross-fetch": "3.1.5",
-    "jsonwebtoken": "8.5.1",
     "subscriptions-transport-ws": "0.9.18",
-    "ws": "7.4.5"
+    "ws": "7.4.5",
+    "jose": "4.8.1"
   },
   "devDependencies": {
     "chai": "4.2.0",

packages/application-tester/src/token-helper.ts

@@ -1,6 +1,6 @@
 import * as fs from 'fs'
-import * as jwt from 'jsonwebtoken'
 import * as path from 'path'
+import { SignJWT, KeyLike, importPKCS8 } from 'jose'
 
 type TokenOptions = {
   expiresIn?: number
@@ -13,31 +13,41 @@ type TokenOptions = {
  * The keyset file is expecgted to be located in "<package root>/keys/private.key file"
  */
 export class TokenHelper {
-  private privateKey: Buffer
+  private privateKey: string
+
   constructor() {
-    this.privateKey = fs.readFileSync(path.join(__dirname, '..', 'keys', 'private.key'))
+    this.privateKey = fs.readFileSync(path.join(__dirname, '..', 'keys', 'private.key')).toString('utf8')
   }
-  public forUser(email: string, role?: string, tokenOptions?: TokenOptions): string {
+
+  public async forUser(email: string, role?: string, tokenOptions?: TokenOptions): Promise<string> {
     const keyid = 'booster'
     const issuer = 'booster'
-    const options = {
-      algorithm: 'RS256',
-      subject: email,
-      issuer,
-      keyid,
-    } as jwt.SignOptions
-    if (tokenOptions?.expiresIn !== undefined) {
-      options['expiresIn'] = tokenOptions?.expiresIn
-    }
-    if (tokenOptions?.notBefore) {
-      options['notBefore'] = tokenOptions?.notBefore
-    }
+
     const payload = {
       id: email,
       email,
       ...tokenOptions?.customClaims,
     }
     const rolesClaim = role ? { 'booster:role': role } : {}
-    return jwt.sign({ ...payload, ...rolesClaim }, this.privateKey, options)
+
+    let tokenBuilder = new SignJWT({ ...payload, ...rolesClaim })
+      .setProtectedHeader({
+        alg: 'RS256',
+        kid: keyid,
+      })
+      .setIssuedAt()
+      .setIssuer(issuer)
+      .setSubject(email)
+
+    if (tokenOptions?.expiresIn !== undefined) {
+      tokenBuilder = tokenBuilder.setExpirationTime(tokenOptions.expiresIn)
+    }
+
+    if (tokenOptions?.notBefore !== undefined) {
+      tokenBuilder = tokenBuilder.setNotBefore(tokenOptions.notBefore)
+    }
+
+    const key: KeyLike = await importPKCS8(this.privateKey, 'RS256')
+    return await tokenBuilder.sign(key)
   }
 }

packages/framework-core/package.json

@@ -38,8 +38,7 @@
     "graphql-subscriptions": "1.2.1",
     "inflected": "2.1.0",
     "iterall": "1.3.0",
-    "jsonwebtoken": "8.5.1",
-    "jwks-rsa": "2.0.3",
+    "jose": "4.8.1",
     "reflect-metadata": "0.1.13",
     "tslib": "2.4.0",
     "validator": "13.7.0"
@@ -48,7 +47,6 @@
     "@boostercloud/metadata-booster": "^0.30.4",
     "@types/faker": "5.1.5",
     "@types/inflected": "1.1.29",
-    "@types/jsonwebtoken": "8.5.1",
     "@types/validator": "13.1.3",
     "chai": "4.2.0",
     "chai-as-promised": "7.1.1",
@@ -57,6 +55,7 @@
     "mock-jwks": "1.0.3",
     "nock": "11.8.2",
     "sinon": "9.2.3",
-    "sinon-chai": "3.5.0"
+    "sinon-chai": "3.5.0",
+    "rewire": "5.0.0"
   }
 }