Skip to content

Commit

Permalink
docs: mention RFC 6750 in validateJwtAccessToken
Browse files Browse the repository at this point in the history
refs: #115
  • Loading branch information
panva committed Mar 29, 2024
1 parent 737189b commit f61b68e
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 2 deletions.
6 changes: 5 additions & 1 deletion docs/functions/validateJwtAccessToken.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,10 @@
**validateJwtAccessToken**(`as`, `request`, `expectedAudience`, `options?`): [`Promise`]( https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Promise )\<[`JWTAccessTokenClaims`](../interfaces/JWTAccessTokenClaims.md)\>

Validates use of JSON Web Token (JWT) OAuth 2.0 Access Tokens for a given Request as per
RFC 9068 and optionally also RFC 9449.
RFC 6750, RFC 9068, and RFC 9449.

The only support means of sending access tokens is via the Authorization Request Header Field
method.

This does validate the presence and type of all required claims as well as the values of the
[`iss`](../interfaces/JWTAccessTokenClaims.md#iss), [`exp`](../interfaces/JWTAccessTokenClaims.md#exp),
Expand Down Expand Up @@ -37,5 +40,6 @@ function's execution.

**`See`**

- [RFC 6750 - OAuth 2.0 Bearer Token Usage](https://www.rfc-editor.org/rfc/rfc6750.html)
- [RFC 9068 - JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens](https://www.rfc-editor.org/rfc/rfc9068.html)
- [RFC 9449 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.rfc-editor.org/rfc/rfc9449.html)
6 changes: 5 additions & 1 deletion src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4427,7 +4427,10 @@ async function validateDPoP(

/**
* Validates use of JSON Web Token (JWT) OAuth 2.0 Access Tokens for a given {@link Request} as per
* RFC 9068 and optionally also RFC 9449.
* RFC 6750, RFC 9068, and RFC 9449.
*
* The only support means of sending access tokens is via the Authorization Request Header Field
* method.
*
* This does validate the presence and type of all required claims as well as the values of the
* {@link JWTAccessTokenClaims.iss `iss`}, {@link JWTAccessTokenClaims.exp `exp`},
Expand All @@ -4451,6 +4454,7 @@ async function validateDPoP(
*
* @group JWT Access Tokens
*
* @see [RFC 6750 - OAuth 2.0 Bearer Token Usage](https://www.rfc-editor.org/rfc/rfc6750.html)
* @see [RFC 9068 - JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens](https://www.rfc-editor.org/rfc/rfc9068.html)
* @see [RFC 9449 - OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)](https://www.rfc-editor.org/rfc/rfc9449.html)
*/
Expand Down

0 comments on commit f61b68e

Please sign in to comment.