From e6baf7ab75d8d70e32db2e593ac04a4d2a03719f Mon Sep 17 00:00:00 2001
From: Toby <mail@tobias-schneider.io>
Date: Wed, 21 Feb 2024 21:04:03 +0100
Subject: [PATCH] add algorithm to header and check during verification

---
 src/index.ts | 15 ++++++++++++++-
 src/test.ts  |  3 +++
 2 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 src/test.ts

diff --git a/src/index.ts b/src/index.ts
index 7ecda7d..fae4723 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -34,6 +34,13 @@ export type JwtHeader<T = {}> = {
      * @default "JWT"
      */
     typ?: string
+
+    /**
+     * Algorithm (default: `"HS256"`)
+     *
+     * @default "HS256"
+     */
+    alg?: JwtAlgorithm
 } & T
 
 /**
@@ -196,7 +203,13 @@ export async function verify(token: string, secret: string | JsonWebKey | Crypto
     if (!algorithm)
         throw new Error('algorithm not found')
 
-    const { payload } = decode(token)
+    const { header, payload } = decode(token)
+
+    if (header?.alg !== options.algorithm) {
+        if (options.throwError)
+            throw new Error('ALG_MISMATCH')
+        return false
+    }
 
     try {
         if (!payload)
diff --git a/src/test.ts b/src/test.ts
new file mode 100644
index 0000000..0054f42
--- /dev/null
+++ b/src/test.ts
@@ -0,0 +1,3 @@
+import { sign } from './index'
+
+console.log(await sign())
\ No newline at end of file