Merge pull request #999 from Brady-Conn/jwt-algorithm-options

Added algorithm option to jwt policy
ExpressGateway · Jul 18, 2020 · f77ab36 · f77ab36
2 parents c294fa7 + 7ae36e8
commit f77ab36
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/lib/policies/jwt/index.js b/lib/policies/jwt/index.js
@@ -38,6 +38,11 @@ module.exports = {
         type: 'boolean',
         default: true,
         description: 'Value istructing the gateway whether verify the sub against the internal SOC'
+      },
+      algorithms: {
+        type: 'array',
+        items: { type: 'string', enum: ['HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512'] },
+        description: 'If defined, limits valid jwts to specified algorithms'
       }
     },
     required: ['jwtExtractor', 'checkCredentialExistence'],

diff --git a/lib/policies/jwt/jwt.js b/lib/policies/jwt/jwt.js
@@ -14,7 +14,8 @@ module.exports = function (params) {
     secretOrKey,
     jwtFromRequest: extractor,
     audience: params.audience,
-    issuer: params.issuer
+    issuer: params.issuer,
+    algorithms: params.algorithms
   }, (jwtPayload, done) => {
     if (!jwtPayload) {
       return done(null, false);