feat: introduce getClaims method to verify asymmetric JWTs #1030

kangmingtay · 2025-01-29T01:45:43Z

What kind of change does this PR introduce?

getClaims supports verifying JWTs (both asymmetric and symmetric) and returns the entire set of claims in the JWT payload

src/lib/rfc4648.ts

src/lib/helpers.ts

src/GoTrueClient.ts

src/lib/helpers.ts

src/lib/types.ts

hf

With the suggestions above!

Co-authored-by: Stojan Dimitrovski <[email protected]>

🤖 I have created a release *beep* *boop* --- ## [2.69.0](v2.68.0...v2.69.0) (2025-03-22) ### Features * introduce getClaims method to verify asymmetric JWTs ([#1030](#1030)) ([daa2669](daa2669)) ### Bug Fixes * assert type in `decodeJWTPayload` ([#1018](#1018)) ([3d80039](3d80039)) * set jwks_cached_at ([#1039](#1039)) ([9bdc023](9bdc023)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

🤖 I have created a release *beep* *boop* --- ## [2.69.0](supabase/auth-js@v2.68.0...v2.69.0) (2025-03-22) ### Features * introduce getClaims method to verify asymmetric JWTs ([#1030](supabase/auth-js#1030)) ([6d12676](supabase/auth-js@6d12676)) ### Bug Fixes * assert type in `decodeJWTPayload` ([#1018](supabase/auth-js#1018)) ([1a78f42](supabase/auth-js@1a78f42)) * set jwks_cached_at ([#1039](supabase/auth-js#1039)) ([0f79bce](supabase/auth-js@0f79bce)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

…aims This introduces a new `getClaims` method that supports verifying JWTs (both symmetric and asymmetric) and returns the entire set of claims in the JWT payload. Key changes: - Add `getClaims()` method to GoTrueClient for JWT verification and claims extraction - Implement base64url encoding/decoding utilities (RFC 4648) - Add JWT types: JwtHeader, JwtPayload, DecodedJwt, GetClaimsResponse - Add helper functions: decodeJwt() and validateExp() - Add AuthInvalidJwtException for JWT-related errors - Include comprehensive tests for getClaims, JWT helpers, and base64url utilities The method verifies JWTs by calling getUser() to validate against the server, supporting both HS256 (symmetric) and RS256/ES256 (asymmetric) algorithms. Note: This is an experimental API and may change in future versions. Ported from: supabase/auth-js#1030 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>

kangmingtay added 5 commits January 28, 2025 16:50

feat: add getClaims method

48ecbc9

chore(refactor): unify jwt decoding

317184f

fix: cache jwks in memory

e53fde0

chore: add experimental tag

bf7c13d

fix: save jwks in memory

be6a07a