Skip to content
Stoma

jws

const jws: (config?) => Policy

Defined in: src/policies/auth/jws.ts:63

Verify JWS compact serialization signatures on requests.

The none algorithm is always rejected to prevent signature bypass attacks. Config validation (secret or jwksUrl required) is performed at construction time — a missing config throws immediately, not on first request.

Parameters

Section titled “Parameters”

config?

Section titled “config?”

JwsConfig

Returns

Section titled “Returns”

Policy

Example

Section titled “Example”
import { jws } from "@homegrower-club/stoma";


// HMAC verification with embedded payload
jws({ secret: env.JWS_SECRET });


// Detached JWS — payload comes from the request body
jws({ secret: env.JWS_SECRET, payloadSource: "body" });