changed jwt.verify to not directly use WebCrypto

2017-03-20 18:18:47 -06:00 · 2017-03-20 18:18:47 -06:00 · 06411918a7
parent 695df45a1d
commit 06411918a7
1 changed files with 3 additions and 12 deletions
--- a/oauth3.core.js
+++ b/oauth3.core.js
@ -213,21 +213,12 @@

        return { header: jsons[0], payload: jsons[1] };
      }
-    , verify: function (str, pubKey) {
-        var parts = str.split(/\./g);
+    , verify: function (jwk, token) {
+        var parts = token.split(/\./g);
        var data = OAUTH3._binStr.binStrToBuffer(parts.slice(0, 2).join('.'));
        var signature = OAUTH3._base64.urlSafeToBuffer(parts[2]);

-        var keyPromise;
-        if (pubKey instanceof OAUTH3._browser.window.CryptoKey) {
-          keyPromise = OAUTH3.PromiseA.resolve(pubKey);
-        } else {
-          keyPromise = OAUTH3._browser.window.crypto.subtle.importKey('jwk', pubKey, {name: 'ECDSA', namedCurve: pubKey.crv}, false, ['verify']);
-        }
-
-        return keyPromise.then(function (key) {
-          return OAUTH3._browser.window.crypto.subtle.verify({name: 'ECDSA', hash: {name: 'SHA-256'}}, key, signature, data);
-        });
+        return OAUTH3.crypto.core.verify(jwk, data, signature);
      }
    , freshness: function (tokenMeta, staletime, _now) {
        staletime = staletime || (15 * 60);