Looking for a clear and simple end to end example to sign a JWT

[tforster]

While the documentation is extensive it seems to be missing the basics and I am going in circles. My needs are simple, just need to sign a JWT. I have used jsonwebtoken for years but really like the broad coverage and ZERO dependencies of panva/jose.

My latest attempt, copied from various bits of documentation, is:

const { createPrivateKey } = require("crypto");
const pem = fs.readFileSync("../localhost-privkey.pem");
const privateKey = createPrivateKey(pem);
const jwt = await new SignJWT({ "urn:example:claim": true })
  .setProtectedHeader({ alg: "ES256" })
  .setIssuedAt()
  .setIssuer("urn:example:issuer")
  .setAudience("urn:example:audience")
  .setExpirationTime("2h")
  .sign(privateKey);

Which fails with "invalid key type or asymmetric key type for this operation"

FWIW the .pem is an existing one that is used to run a local dev server for the same project. I suspect it may not be correct for this code but scratching my head trying to figure out what would be correct.

[panva]

Your private key fails to meet requirements to be used for the ES256 algorithm. It would need to be an EC private key using the NIST P-256 curve. Otherwise the code is right.

[panva]

I've created a summary of the different key constraints for every supported JWS/JWE Algorithm, note that these do not come from me - but are entirely dictated by the specifications.