support for base64 secrets

src/index.ts

@@ -129,6 +129,8 @@ const algorithms: JwtAlgorithms = {
     RS512: { name: 'RSASSA-PKCS1-v1_5', hash: { name: 'SHA-512' } }
 }
 
+const base64regex = /^([0-9a-zA-Z+/]{4})*(([0-9a-zA-Z+/]{2}==)|([0-9a-zA-Z+/]{3}=))?$/;
+
 function _utf8ToUint8Array(str: string): Uint8Array {
     return base64UrlParse(btoa(unescape(encodeURIComponent(str))))
 }
@@ -193,8 +195,13 @@ export async function sign(payload: JwtPayload, secret: string, options: JwtSign
     if (secret.startsWith('-----BEGIN')) {
         keyFormat = 'pkcs8'
         keyData = _str2ab(secret.replace(/-----BEGIN.*?-----/g, '').replace(/-----END.*?-----/g, '').replace(/\s/g, ''))
-    } else
-        keyData = _utf8ToUint8Array(secret)
+    } else{
+        if (base64regex.test(secret)) {
+            keyData = base64UrlParse(secret)
+        } else {
+            keyData = _utf8ToUint8Array(secret)
+        }
+    }
     const key = await crypto.subtle.importKey(keyFormat, keyData, algorithm, false, ['sign'])
     const signature = await crypto.subtle.sign(algorithm, key, _utf8ToUint8Array(partialToken))
     return `${partialToken}.${base64UrlStringify(new Uint8Array(signature))}`
@@ -246,8 +253,13 @@ export async function verify(token: string, secret: string, options: JwtVerifyOp
     if (secret.startsWith('-----BEGIN')) {
         keyFormat = 'spki'
         keyData = _str2ab(secret.replace(/-----BEGIN.*?-----/g, '').replace(/-----END.*?-----/g, '').replace(/\s/g, ''))
-    } else
-        keyData = _utf8ToUint8Array(secret)
+    } else{
+        if (base64regex.test(secret)) {
+            keyData = base64UrlParse(secret)
+        } else {
+            keyData = _utf8ToUint8Array(secret)
+        }
+    }
     const key = await crypto.subtle.importKey(keyFormat, keyData, algorithm, false, ['verify'])
     return await crypto.subtle.verify(algorithm, key, base64UrlParse(tokenParts[2]), _utf8ToUint8Array(`${tokenParts[0]}.${tokenParts[1]}`))
 }