make verify return decoded token

README.md

@@ -15,57 +15,66 @@ A lightweight JWT implementation with ZERO dependencies for Cloudflare Workers.
 
 ## Install
 
-```
+```bash
 npm i @tsndr/cloudflare-worker-jwt
 ```
 
 
 ## Examples
-
 ### Basic Example
 
 ```typescript
 async () => {
-    import jwt from '@tsndr/cloudflare-worker-jwt'
+    import jwt from "@tsndr/cloudflare-worker-jwt"
 
-    // Creating a token
-    const token = await jwt.sign({ name: 'John Doe', email: 'john.doe@gmail.com' }, 'secret')
+    // Create a token
+    const token = await sign({
+        sub: "1234",
+        name: "John Doe",
+        email: "john.doe@gmail.com"
+    }, "secret")
 
-    // Verifing token
-    const isValid = await jwt.verify(token, 'secret')
+    // Verify token
+    const verifiedToken = await verify(token, "secret")
 
-    // Check for validity
-    if (!isValid)
+    // Abort if token isn't valid
+    if (!verifiedToken)
         return
 
-    // Decoding token
-    const { payload } = jwt.decode(token)
+    // Access token payload
+    const { payload } = verifiedToken
+
+    // { sub: "1234", name: "John Doe", email: "john.doe@gmail.com" }
 }
 ```
 
+
 ### Restrict Timeframe
 
 ```typescript
 async () => {
-    import jwt from '@tsndr/cloudflare-worker-jwt'
+    import jwt from "@tsndr/cloudflare-worker-jwt"
 
-    // Creating a token
-    const token = await jwt.sign({
-        name: 'John Doe',
-        email: 'john.doe@gmail.com',
+    // Create a token
+    const token = await sign({
+        sub: "1234",
+        name: "John Doe",
+        email: "john.doe@gmail.com",
         nbf: Math.floor(Date.now() / 1000) + (60 * 60),      // Not before: Now + 1h
         exp: Math.floor(Date.now() / 1000) + (2 * (60 * 60)) // Expires: Now + 2h
-    }, 'secret')
+    }, "secret")
 
-    // Verifing token
-    const isValid = await jwt.verify(token, 'secret') // false
+    // Verify token
+    const verifiedToken = await verify(token, "secret") // false
 
-    // Check for validity
-    if (!isValid)
+    // Abort if token isn't valid
+    if (!verifiedToken)
         return
 
-    // Decoding token
-    const { payload } = jwt.decode(token) // { name: 'John Doe', email: 'john.doe@gmail.com', ... }
+    // Access token payload
+    const { payload } = verifiedToken
+
+    // { sub: "1234", name: "John Doe", email: "john.doe@gmail.com", ... }
 }
 ```
 
@@ -78,79 +87,101 @@ async () => {
 <hr>
 
 ### Sign
-#### `jwt.sign(payload, secret, [options])`
+#### `sign(payload, secret, [options])`
 
 Signs a payload and returns the token.
 
+
 #### Arguments
 
-Argument                 | Type               | Status   | Default     | Description
------------------------- | ------------------ | -------- | ----------- | -----------
+Argument                 | Type                                | Status   | Default     | Description
+------------------------ | ----------------------------------- | -------- | ----------- | -----------
 `payload`                | `object`                            | required | -           | The payload object. To use `nbf` (Not Before) and/or `exp` (Expiration Time) add `nbf` and/or `exp` to the payload.
 `secret`                 | `string`, `JsonWebKey`, `CryptoKey` | required | -           | A string which is used to sign the payload.
 `options`                | `string`, `object`                  | optional | `HS256`     | Either the `algorithm` string or an object.
 `options.algorithm`      | `string`                            | optional | `HS256`     | See [Available Algorithms](#available-algorithms)
 `options.keyid`          | `string`                            | optional | `undefined` | The `keyid` or `kid` to be set in the header of the resulting JWT.
 
+
 #### `return`
+
 Returns token as a `string`.
 
+
 <hr>
 
+
 ### Verify
-#### `jwt.verify(token, secret, [options])`
+#### `verify(token, secret, [options])`
 
-Verifies the integrity of the token and returns a boolean value.
+Verifies the integrity of the token.
 
-Argument                 | Type               | Status   | Default | Description
------------------------- | ------------------ | -------- | ------- | -----------
-`token`                  | `string`                            | required | -       | The token string generated by `jwt.sign()`.
+Argument                 | Type                                | Status   | Default | Description
+------------------------ | ----------------------------------- | -------- | ------- | -----------
+`token`                  | `string`                            | required | -       | The token string generated by `sign()`.
 `secret`                 | `string`, `JsonWebKey`, `CryptoKey` | required | -       | The string which was used to sign the payload.
 `options`                | `string`, `object`                  | optional | `HS256` | Either the `algorithm` string or an object.
 `options.algorithm`      | `string`                            | optional | `HS256` | See [Available Algorithms](#available-algorithms)
 `options.clockTolerance` | `number`                            | optional | `0`     | Clock tolerance in seconds, to help with slighly out of sync systems.
-`options.throwError`     | `boolean`                           | optional | `false` | By default this we will only throw implementation errors, only set this to `true` if you want verification errors to be thrown as well.
+`options.throwError`     | `boolean`                           | optional | `false` | By default this we will only throw integration errors, only set this to `true` if you want verification errors to be thrown as well.
 
 
 #### `throws`
-If `options.throwError` is `true` and the token is invalid, an error will be thrown.
+
+Throws integration errors and if `options.throwError` is set to `true` also throws `ALG_MISMATCH`, `NOT_YET_VALID`, `EXPIRED` or `INVALID_SIGNATURE`.
+
 
 #### `return`
-Returns `true` if signature, `nbf` (if set) and `exp` (if set) are valid, otherwise returns `false`. 
 
-<hr>
+Returns the decoded token or `undefined`.
 
-### Decode
-#### `jwt.decode(token)`
-
-Returns the payload **without** verifying the integrity of the token. Please use `jwt.verify()` first to keep your application secure!
-
-Argument    | Type     | Status   | Default | Description
------------ | -------- | -------- | ------- | -----------
-`token`     | `string` | required | -       | The token string generated by `jwt.sign()`.
-
-#### `return`
-Returns an `object` containing `header` and `payload`:
-```javascript
+```typescript
 {
     header: {
-        alg: 'HS256',
-        typ: 'JWT'
+        alg: "HS256",
+        typ: "JWT"
     },
     payload: {
-        name: 'John Doe',
-        email: 'john.doe@gmail.com'
+        name: "John Doe",
+        email: "john.doe@gmail.com"
     }
 }
 ```
 
+
+<hr>
+
+
+### Decode
+#### `decode(token)`
+
+Just returns the decoded token **without** verifying verifying it. Please use `verify()` if you intend to verify it as well.
+
+Argument    | Type     | Status   | Default | Description
+----------- | -------- | -------- | ------- | -----------
+`token`     | `string` | required | -       | The token string generated by `sign()`.
+
+
+#### `return`
+
+Returns an `object` containing `header` and `payload`:
+
+```typescript
+{
+    header: {
+        alg: "HS256",
+        typ: "JWT"
+    },
+    payload: {
+        name: "John Doe",
+        email: "john.doe@gmail.com"
+    }
+}
+```
+
+
 ### Available Algorithms
- - ES256
- - ES384
- - ES512
- - HS256
- - HS384
- - HS512
- - RS256
- - RS384
- - RS512
+
+ - `ES256`, `ES384`, `ES512`
+ - `HS256`, `HS384`, `HS512`
+ - `RS256`, `RS384`, `RS512`