search

auth0 / node-jws

JSON Web Signatures
http://self-issued.info/docs/draft-ietf-jose-json-web-signature.html
MIT License
709 stars 108 forks source link

Support (RFC7797) Unencoded Payload Option #68

Open kjvalencik opened 7 years ago

kjvalencik commented 7 years ago

RFC7797 defines an extension to JSON Web Signatures to allow unencoded payloads.

Additional features

Recommended API Changes

Add opts.detached

Default: false. When opts.detached === false, the payload is omitted from the payload. The separators remain where it would usually be. E.g.,

eyJhbGciOiJIUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..A5dxf2s96_n5FLueVuW1Z_vh161FwXZC4YLPff6

Add opts.header.b64

Default: true. When b64 is false, the payload will not be encoded prior to signing.

Since, unencoded and detached are most useful together for large bodies, we would stream the data to sign. This would require a change to jwa in order to support this.