1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
import * as base64url from '../runtime/base64url.ts'
import type { JWSHeaderParameters, JWTClaimVerificationOptions, JWTPayload } from '../types.d.ts'import { decoder } from '../lib/buffer_utils.ts'import { JWTInvalid } from '../util/errors.ts'import jwtPayload from '../lib/jwt_claims_set.ts'import { ProduceJWT } from './produce.ts'
export interface UnsecuredResult<PayloadType = JWTPayload> {  payload: PayloadType & JWTPayload  header: JWSHeaderParameters}
/** * The UnsecuredJWT class is a utility for dealing with `{ "alg": "none" }` Unsecured JWTs. * */export class UnsecuredJWT extends ProduceJWT {  /** Encodes the Unsecured JWT. */  encode(): string {    const header = base64url.encode(JSON.stringify({ alg: 'none' }))    const payload = base64url.encode(JSON.stringify(this._payload))
    return `${header}.${payload}.`  }
  /**   * Decodes an unsecured JWT.   *   * @param jwt Unsecured JWT to decode the payload of.   * @param options JWT Claims Set validation options.   */  static decode<PayloadType = JWTPayload>(    jwt: string,    options?: JWTClaimVerificationOptions,  ): UnsecuredResult<PayloadType> {    if (typeof jwt !== 'string') {      throw new JWTInvalid('Unsecured JWT must be a string')    }    const { 0: encodedHeader, 1: encodedPayload, 2: signature, length } = jwt.split('.')
    if (length !== 3 || signature !== '') {      throw new JWTInvalid('Invalid Unsecured JWT')    }
    let header: JWSHeaderParameters    try {      header = JSON.parse(decoder.decode(base64url.decode(encodedHeader)))      if (header.alg !== 'none') throw new Error()    } catch {      throw new JWTInvalid('Invalid Unsecured JWT')    }
    const payload = jwtPayload(      header,      base64url.decode(encodedPayload),      options,    ) as UnsecuredResult<PayloadType>['payload']
    return { payload, header }  }}