Update readme

README.md

@@ -95,7 +95,7 @@ Argument    | Type     | Satus    | Default | Description
 ----------- | -------- | -------- | ------- | -----------
 `token`     | `string` | required | -       | The token string generated by `jwt.sign()`.
 `secret`    | `string` | required | -       | The string which was used to sign the payload.
-`algorithm` | `object`, `string` | optional | `{ algorithm: 'HS256' }` | The options object supporting `algorithm` or just the algorithm string. (See [Available Algorithms](#available-algorithms))
+`algorithm` | `object`, `string` | optional | `{ algorithm: 'HS256', throwError: false }` | The options object supporting `algorithm` or just the algorithm string. (See [Available Algorithms](#available-algorithms))
 
 #### `return`
 Returns `true` if signature, `nbf` (if set) and `exp` (if set) are valid, otherwise returns `false`. 

index.d.ts

@@ -13,6 +13,7 @@ declare class JWT {
      * @param {object} payload The payload object. To use `nbf` (Not Before) and/or `exp` (Expiration Time) add `nbf` and/or `exp` to the payload.
      * @param {string} secret A string which is used to sign the payload.
      * @param {JWTSignOptions | JWTAlgorithm} options The options object or the algorithm.
+     * @throws {Error} If there's a validation issue.
      * @returns {Promise<string>} Returns token as a `string`.
      */
     sign(payload: object, secret: string, options?: JWTSignOptions | JWTAlgorithm): Promise<string>
@@ -23,6 +24,7 @@ declare class JWT {
      * @param {string} token The token string generated by `jwt.sign()`.
      * @param {string} secret The string which was used to sign the payload.
      * @param {JWTVerifyOptions | JWTAlgorithm} options The options object or the algorithm.
+     * @throws {Error | string} Throws an error `string` if the token is invalid or an `Error-Object` if there's a validation issue.
      * @returns {Promise<boolean>} Returns `true` if signature, `nbf` (if set) and `exp` (if set) are valid, otherwise returns `false`. 
      */
     verify(token: string, secret: string, options?: JWTVerifyOptions | JWTAlgorithm): Promise<boolean>
@@ -46,6 +48,7 @@ type JWTSignOptions = {
 
 type JWTVerifyOptions = {
     algorithm?: JWTAlgorithm
+    throwError?: boolean
 }
 
 export = _exports

index.js

@@ -79,7 +79,7 @@ class JWT {
         const signature = await crypto.subtle.sign(importAlgorithm, key, this._utf8ToUint8Array(partialToken))
         return `${partialToken}.${Base64URL.stringify(new Uint8Array(signature))}`
     }
-    async verify(token, secret, options = { algorithm: 'HS256' }) {
+    async verify(token, secret, options = { algorithm: 'HS256', throwError: false }) {
         if (typeof options === 'string')
             options = { algorithm: options }
         if (typeof token !== 'string')
@@ -95,10 +95,16 @@ class JWT {
         if (!importAlgorithm)
             throw new Error('algorithm not found')
         const payload = this.decode(token)
-        if (payload.nbf && payload.nbf >= Math.floor(Date.now() / 1000))
+        if (payload.nbf && payload.nbf > Math.floor(Date.now() / 1000)) {
+            if (options.throwError)
+                throw 'NOT_YET_VALID'
             return false
-        if (payload.exp && payload.exp < Math.floor(Date.now() / 1000))
+        }
+        if (payload.exp && payload.exp <= Math.floor(Date.now() / 1000)) {
+            if (options.throwError)
+                throw 'EXPIRED'
             return false
+        }
         let keyFormat = 'raw'
         let keyData
         if (secret.startsWith('-----BEGIN')) {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tsndr/cloudflare-worker-jwt",
-  "version": "1.1.6",
+  "version": "1.2.0",
   "description": "A lightweight JWT implementation with ZERO dependencies for Cloudflare Worker",
   "main": "index.js",
   "repository": {