npmpackage.info

Gathering detailed insights and metrics for jwks-fetch

Other packages similar to jwks-fetch

get-jwks

11.0.1

Fetch utils for JWKS keys

keyfetch

3.0.2

Lightweight support for fetching JWKs.

Gathering detailed insights and metrics for jwks-fetch

jwks-fetch - 1.0.1 | npmpackage.info

jwks-fetch

NodeJS JWKS client library to retrieve keys

1.0.1

Apache-2.0

TypeScript

33.57 kB

Installations

npm install jwks-fetch

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS

Min. Node Version

>=8.0.0

Node Version

10.15.3

NPM Version

6.4.1 Pull Requests

Open

20

Total

415

Closed

182

Merged

213

Issues

Open

1

Total

2

Closed

1

Releases

Version 1.0.1

1.0.1

Updated on Aug 17, 2019

Version 1.0.0

1.0.0

Updated on Aug 16, 2019

0.2.4

Updated on Dec 13, 2018

0.2.3

Updated on Oct 29, 2018

0.2.2

Updated on Oct 26, 2018

0.2.1

Updated on Oct 26, 2018

View All 8 releases

Languages

TypeScript

JavaScript

TypeScript (97.85%)

JavaScript (2.15%)

Developer

hugo19941994

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

Apache-2.0 License

452 Commits

21 Branches

2 Contributors

Updated on Jul 31, 2020

Maintainers

View All 2 Contributors

Package Meta Information

Latest Version

1.0.1

Package Id

jwks-fetch@1.0.1

Unpacked Size

33.57 kB

Size

12.47 kB

File Count

NPM Version

6.4.1

Node Version

10.15.3

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

jwk-to-pem node-fetch

Dev Dependencies

@types/jest @types/node @types/node-fetch coveralls jest prettier ts-jest tslint tslint-config-prettier typescript

JWKs Fetch

jwks-fetch is a NodeJS library which retrieves asymmetric keys in JWKs format. It supports both RSA and EC keys.

npm install --save jwks-fetch

It implements a Promise based API. NodeJS 8 or above is required. For now it's only compatible with Node, but isomorphic support is planned.

1const {JWKSClient, HTTPError} = require('jwks-fetch');
2
3const client = JWKSClient({ cache: true, ttl: 60, strictSSL: false });
4const url = 'https://demo.com/static/jwks.json';
5const kid = 'auth';
6
7client.retrieve(url, kid)
8    .then(r => {
9        console.log(r);
10
11        /*
12         * -----BEGIN PUBLIC KEY-----
13         * MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Mv6SZ2mcGjVBwfAIfCZ
14         * 9MjnMuJpKrSFCcLJQ44TIh01zmOogxvobC+tm4sv+hiJ8F9S7CDxVJ7Xs6JNV+I8
15         * XgqK+ZfrjCLNTsuxv5Y/ByFaq0pjHmWa8mKfsQ389qo4AuoILaj40f1Ai4KXkjWu
16         * UkKj1t+PAusOazpN3InOLHfUKWhXNMyWFuVfACDlHuOPq9wzbD+AmrM76GwY/xSO
17         * DvtNCM4pSF4FWTBRTZhelr7POERxd5Lb2uZxfiXCcyLVNf7DTzHjPB40lyrQ+bv4
18         * t5/FuaqMBMCtOPYNUqBwdQ79k3jJkPQNoyjuyXwzeP90jkBEZxmR/j/si56r0urQ
19         * tQIDAQAB
20         * -----END PUBLIC KEY-----
21         */
22    })
23    .catch(err => {
24        if (err instanceof HTTPError) {
25            console.error(`status code ${err.status}`);
26        }
27        console.error(err);
28    });

Options

1{
2    cache: false // Enable or disable cache
3    ttl: 60, // Amount of time in seconds to cache a key
4    strictSSL: true // Throw error if SSL certificate could not be validated
5}

HTTPError

If the jwks_uri didn't respond with an HTTP status code 200 a custom HTTPError exception will be thrown. From there you can access the raw response with err.res and the status code with err.status. If an exception occurs when requesting the JWKs an HTTPError will also be thrown, but with a null res.

Useful links

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

0

Maintained

Determines if the project is "actively maintained".

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Score

2

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More