fix(types): headers and payloads may only be JSON values and primitives

Author: panva

docs/modules/types.md

@@ -10,6 +10,10 @@ Support from the community to continue maintaining and improving this module is
 
 ### Type Aliases
 
+- [JsonArray](../types/types.JsonArray.md)
+- [JsonObject](../types/types.JsonObject.md)
+- [JsonPrimitive](../types/types.JsonPrimitive.md)
+- [JsonValue](../types/types.JsonValue.md)
 - [KeyLike](../types/types.KeyLike.md)
 
 ### Interfaces

docs/types/types.JsonArray.md

@@ -0,0 +1,9 @@
+# Type alias: JsonArray
+
+## [💗 Help the project](https://github.com/sponsors/panva)
+
+Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by [becoming a sponsor](https://github.com/sponsors/panva).
+
+---
+
+Ƭ **JsonArray**: [`JsonValue`](types.JsonValue.md)[]

docs/types/types.JsonObject.md

@@ -0,0 +1,9 @@
+# Type alias: JsonObject
+
+## [💗 Help the project](https://github.com/sponsors/panva)
+
+Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by [becoming a sponsor](https://github.com/sponsors/panva).
+
+---
+
+Ƭ **JsonObject**: { [Key in string]?: JsonValue }

docs/types/types.JsonPrimitive.md

@@ -0,0 +1,9 @@
+# Type alias: JsonPrimitive
+
+## [💗 Help the project](https://github.com/sponsors/panva)
+
+Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by [becoming a sponsor](https://github.com/sponsors/panva).
+
+---
+
+Ƭ **JsonPrimitive**: `string` \| `number` \| `boolean` \| ``null``

docs/types/types.JsonValue.md

@@ -0,0 +1,9 @@
+# Type alias: JsonValue
+
+## [💗 Help the project](https://github.com/sponsors/panva)
+
+Support from the community to continue maintaining and improving this module is welcome. If you find the module useful, please consider supporting the project by [becoming a sponsor](https://github.com/sponsors/panva).
+
+---
+
+Ƭ **JsonValue**: [`JsonPrimitive`](types.JsonPrimitive.md) \| [`JsonObject`](types.JsonObject.md) \| [`JsonArray`](types.JsonArray.md)

src/jwe/flattened/encrypt.ts

@@ -3,6 +3,7 @@ import encrypt from '../../runtime/encrypt.js'
 import { deflate } from '../../runtime/zlib.js'
 
 import type {
+  JsonValue,
   KeyLike,
   FlattenedJWE,
   JWEHeaderParameters,
@@ -225,7 +226,7 @@ export class FlattenedEncrypt {
 
     let cek: KeyLike | Uint8Array
     {
-      let parameters: { [propName: string]: unknown } | undefined
+      let parameters: { [parameter: string]: JsonValue | undefined } | undefined
       ;({ cek, encryptedKey, parameters } = await encryptKeyManagement(
         alg,
         enc,

src/lib/jwt_claims_set.ts

@@ -1,4 +1,5 @@
 import type {
+  JsonValue,
   JWTPayload,
   JWTClaimVerificationOptions,
   JWEHeaderParameters,
@@ -40,7 +41,7 @@ export default (
     throw new JWTClaimValidationFailed('unexpected "typ" JWT header value', 'typ', 'check_failed')
   }
 
-  let payload!: { [propName: string]: unknown }
+  let payload!: { [propName: string]: JsonValue | undefined }
   try {
     payload = JSON.parse(decoder.decode(encodedPayload))
   } catch {

src/lib/validate_crit.ts

@@ -1,9 +1,10 @@
+import type { JsonValue } from '../types.d'
 import { JOSENotSupported, JWEInvalid, JWSInvalid } from '../util/errors.js'
 
 interface CritCheckHeader {
   b64?: boolean
   crit?: string[]
-  [propName: string]: unknown
+  [propName: string]: JsonValue | undefined
 }
 
 function validateCrit(

src/runtime/interfaces.d.ts

@@ -1,4 +1,4 @@
-import type { JWK, KeyLike } from '../types.d'
+import type { JWK, KeyLike, JsonValue } from '../types.d'
 import type { PEMImportOptions } from '../key/import.js'
 
 type AsyncOrSync<T> = Promise<T> | T
@@ -57,7 +57,9 @@ export interface DecryptFunction {
   ): AsyncOrSync<Uint8Array>
 }
 export interface FetchFunction {
-  (url: URL, timeout: number, options?: any): Promise<{ [propName: string]: unknown }>
+  (url: URL, timeout: number, options?: any): Promise<{
+    [parameter: string]: JsonValue | undefined
+  }>
 }
 export interface DigestFunction {
   (digest: 'sha256' | 'sha384' | 'sha512', data: Uint8Array): AsyncOrSync<Uint8Array>

src/runtime/node/key_to_jwk.ts

@@ -36,7 +36,7 @@ const keyToJWK: JWKExportFunction = (key: unknown): JWK => {
     ) {
       throw new JOSENotSupported('Unsupported key asymmetricKeyType')
     }
-    return keyObject.export({ format: 'jwk' })
+    return <JWK>keyObject.export({ format: 'jwk' })
   }
 
   switch (keyObject.type) {
@@ -112,7 +112,7 @@ const keyToJWK: JWKExportFunction = (key: unknown): JWK => {
           if (der.length < 100) {
             offset += correction
           }
-          return {
+          return <JWK>{
             ...keyToJWK(createPublicKey(keyObject)),
             d: base64url(der.subarray(offset, offset + len / 2)),
           }
@@ -130,7 +130,7 @@ const keyToJWK: JWKExportFunction = (key: unknown): JWK => {
           }
 
           const der = keyObject.export({ type: 'pkcs8', format: 'der' })
-          return {
+          return <JWK>{
             ...keyToJWK(createPublicKey(keyObject)),
             d: base64url(der.subarray(-32)),
           }
@@ -148,7 +148,7 @@ const keyToJWK: JWKExportFunction = (key: unknown): JWK => {
           }
 
           const der = keyObject.export({ type: 'pkcs8', format: 'der' })
-          return {
+          return <JWK>{
             ...keyToJWK(createPublicKey(keyObject)),
             d: base64url(der.subarray(crv === 'Ed448' ? -57 : -56)),
           }