auth0 · adamjmcgrath · Oct 15, 2021 · Oct 14, 2021
@@ -10,7 +10,6 @@ module.exports = {
       },
     ],
   ],
-  resolver: './resolver.js',
   testEnvironment: 'node',
   collectCoverageFrom: ['src/*'],
   coverageThreshold: {

@@ -21,7 +21,6 @@
     "@types/sinon": "^9.0.11",
     "@typescript-eslint/eslint-plugin": "^4.19.0",
     "@typescript-eslint/parser": "^4.19.0",
-    "enhanced-resolve": "^5.7.0",
     "eslint": "^7.23.0",
     "jest": "^26.6.3",
     "jest-junit": "^12.0.0",
@@ -34,7 +33,7 @@
     "typescript": "^4.2.3"
   },
   "dependencies": {
-    "jose-node-cjs-runtime": "^3.12.1"
+    "jose": "^4.0.1"
   },
   "engines": {
     "node": "^12.19.0 || ^14.15.0"

@@ -3,7 +3,7 @@ import {
   InsufficientScopeError,
   UnauthorizedError,
 } from 'oauth2-bearer';
-import { JWTPayload } from 'jose-node-cjs-runtime/jwt/verify';
+import type { JWTPayload } from 'jose';
 
 export type JSONPrimitive = string | number | boolean | null;
 

@@ -3,6 +3,7 @@ import { Agent as HttpAgent, get as getHttp } from 'http';
 import { Agent as HttpsAgent, get as getHttps } from 'https';
 import { once } from 'events';
 import type { ClientRequest, IncomingMessage } from 'http';
+import { TextDecoder } from 'util';
 
 const decoder = new TextDecoder();
 

@@ -4,11 +4,8 @@ import { createSecretKey } from 'crypto';
 import { Agent as HttpAgent } from 'http';
 import { Agent as HttpsAgent } from 'https';
 import { URL } from 'url';
-import createRemoteJWKSet from 'jose-node-cjs-runtime/jwks/remote';
-import jwtVerify, {
-  JWTPayload,
-  JWSHeaderParameters,
-} from 'jose-node-cjs-runtime/jwt/verify';
+import { createRemoteJWKSet, jwtVerify } from 'jose';
+import type { JWTPayload, JWSHeaderParameters } from 'jose'
 import { InvalidTokenError } from 'oauth2-bearer';
 import discover, { IssuerMetadata } from './discovery';
 import validate, { defaultValidators, Validators } from './validate';
@@ -208,6 +205,7 @@ const jwtVerifier = ({
   const secretKey = secret && createSecretKey(Buffer.from(secret));
 
   const JWKS = async (...args: Parameters<GetKeyFn>) => {
+    if (secretKey) return secretKey;
     if (!origJWKS) {
       origJWKS = createRemoteJWKSet(new URL(jwksUri), {
         agent,
@@ -243,7 +241,7 @@ const jwtVerifier = ({
       };
       const { payload, protectedHeader: header } = await jwtVerify(
         jwt,
-        secretKey || JWKS
+        JWKS,
       );
       await validate(payload, header, validators);
       return { payload, header, token: jwt };

@@ -1,7 +1,4 @@
-import {
-  JWTPayload,
-  JWSHeaderParameters,
-} from 'jose-node-cjs-runtime/jwt/verify';
+import type { JWTPayload, JWSHeaderParameters } from 'jose';
 
 /**
  * @ignore

@@ -1,8 +1,6 @@
 import { Buffer } from 'buffer';
 import { createSecretKey } from 'crypto';
-import SignJWT from 'jose-node-cjs-runtime/jwt/sign';
-import { generateKeyPair } from 'jose-node-cjs-runtime/util/generate_key_pair';
-import { fromKeyLike } from 'jose-node-cjs-runtime/jwk/from_key_like';
+import { SignJWT, generateKeyPair, exportJWK } from 'jose';
 import nock = require('nock');
 
 export const now = (Date.now() / 1000) | 0;
@@ -39,7 +37,7 @@ export const createJwt = async ({
   secret,
 }: CreateJWTOptions = {}): Promise<string> => {
   const { publicKey, privateKey } = await generateKeyPair('RS256');
-  const publicJwk = await fromKeyLike(publicKey);
+  const publicJwk = await exportJWK(publicKey);
   nock(issuer)
     .persist()
     .get(jwksUri)

@@ -22,7 +22,7 @@
     "ejs": "^3.1.6",
     "eslint": "^7.23.0",
     "express": "^4.17.1",
-    "jose": "^3.11.6",
+    "jose": "^4.0.1",
     "prettier": "~2.2.1",
     "ts-node-dev": "^1.1.6",
     "tslib": "^2.1.0",

@@ -1,6 +1,6 @@
 import express = require('express');
-import { generateKeyPair } from 'jose/util/generate_key_pair';
-import { fromKeyLike, JWK } from 'jose/jwk/from_key_like';
+import { generateKeyPair, exportJWK } from 'jose';
+import type { JWK } from 'jose';
 import secret from './secret';
 
 const app = express();
@@ -16,8 +16,8 @@ const keys = async () => {
     return { publicJwk, privateJwk };
   }
   const { publicKey, privateKey } = await generateKeyPair('RS256');
-  publicJwk = await fromKeyLike(publicKey);
-  privateJwk = await fromKeyLike(privateKey);
+  publicJwk = await exportJWK(publicKey);
+  privateJwk = await exportJWK(privateKey);
   return { publicJwk, privateJwk };
 };
 

@@ -147,14 +147,6 @@ See the Express.js [docs on error handling](https://expressjs.com/en/guide/error
 
 ## Troubleshooting
 
-### Getting `Error: Cannot find module 'jose-node-cjs-runtime/jwks/remote'` when I run the SDK
-
-This package takes a dependency on [jose](https://github.com/panva/jose) which uses [package exports](https://nodejs.org/api/packages.html#packages_exports) which requires Node `^12.19.0 || ^14.15.0`.
-
-Even if you are using the correct version of Node, you may still run into this in some tooling that does not yet support package exports, like [jest](https://github.com/facebook/jest/issues/9771) or Webpack 4. 
-
-To workaround this issue in jest, see how we use a [custom resolver](../../packages/access-token-jwt/resolver.js) for this project.
-
 ## Contributing
 
 See monorepo's [contributing guidelines](../../README.md#contributing).

@@ -1,6 +1,5 @@
 module.exports = {
   preset: 'ts-jest/presets/js-with-ts',
-  resolver: '../access-token-jwt/resolver.js',
   testEnvironment: 'node',
   collectCoverageFrom: ['src/*'],
   coverageThreshold: {

@@ -40,7 +40,7 @@
     "typescript": "^4.2.3"
   },
   "dependencies": {
-    "jose-node-cjs-runtime": "^3.12.1"
+    "jose": "^4.0.1"
   },
   "engines": {
     "node": "^12.19.0 || ^14.15.0"

@@ -7,7 +7,7 @@ export default {
     dir: 'dist',
     format: 'cjs',
   },
-  external: [/^jose-node-cjs-runtime\//],
+  external: ["jose"],
   plugins: [
     nodeResolve(),
     typescript({ tsconfigOverride: { compilerOptions: { module: 'ES2015' } } }),

@@ -11,8 +11,8 @@ import {
   requiredScopes as _requiredScopes,
   RequiredScopes,
   VerifyJwtResult as AuthResult,
-  JWTPayload,
 } from 'access-token-jwt';
+import type { JWTPayload } from 'access-token-jwt';
 import { getToken } from 'oauth2-bearer';
 
 declare global {