feat: resolve bun compat issues

auth0 · Sep 22, 2023 · 838b37f · 838b37f
1 parent 2d7af05
commit 838b37f
Showing 1 changed file with 50 additions and 6 deletions.
diff --git a/src/utils.js b/src/utils.js
@@ -1,5 +1,39 @@
 const jose = require('jose');
 const crypto = require('crypto');
+const JwksError = require('./errors/JwksError');
+
+function resolveAlg(jwk) {
+ if (jwk.alg) {
+ return jwk.alg;
+ }
+
+ if (jwk.kty === 'RSA') {
+ return 'RS256';
+ }
+
+ if (jwk.kty === 'EC') {
+ switch (jwk.crv) {
+ case 'P-256':
+ return 'ES256';
+ case 'secp256k1':
+ return 'ES256K';
+ case 'P-384':
+ return 'ES384';
+ case 'P-521':
+ return 'ES512';
+ }
+ }
+
+ if (jwk.kty === 'OKP') {
+ switch (jwk.crv) {
+ case 'Ed25519':
+ case 'Ed448':
+ return 'EdDSA';
+ }
+ }
+
+ throw new JwksError('Unsupported JWK');
+}
 
 async function retrieveSigningKeys(jwks) {
  const results = [];
@@ -10,14 +44,24 @@ async function retrieveSigningKeys(jwks) {
 
  for (const jwk of jwks) {
  try {
- // The algorithm is actually not used in the Node.js KeyObject-based runtime
- // passing an arbitrary value here and checking that KeyObject was returned
- // later
- const keyObject = await jose.importJWK(jwk, 'RS256');
- if (!(keyObject instanceof crypto.KeyObject) || keyObject.type !== 'public') {
+ const key = await jose.importJWK(jwk, resolveAlg(jwk));
+ if (key.type !== 'public') {
  continue;
  }
- const getSpki = () => keyObject.export({ format: 'pem', type: 'spki' });
+ let getSpki;
+ switch (key[Symbol.toStringTag]) {
+ case 'KeyObject': {
+ getSpki = () => key.export({ format: 'pem', type: 'spki' });
+ break;
+ }
+ case 'CryptoKey': {
+ const spki = await jose.exportSPKI(key);
+ getSpki = () => spki;
+ break;
+ }
+ default:
+ continue;
+ }
  results.push({
  get publicKey() { return getSpki(); },
  get rsaPublicKey() { return getSpki(); },