2021-11-02 07:43:52 +00:00
# Dumb JOSE
2021-12-05 14:23:15 +00:00
[![treehouse-ci ](https://woodpecker.treehouse.systems/api/badges/jmercan/dumb-jose/status.svg )](https://woodpecker.treehouse.systems/jmercan/dumb-jose)
2021-12-04 09:12:13 +00:00
[![github-action ](https://github.com/aydinmercan/dumb-jose/actions/workflows/test.yaml/badge.svg )](https://github.com/aydinmercan/dumb-jose/actions/workflows/test.yaml)
2021-11-02 07:43:52 +00:00
Insecure library for a set of insecure formats.
2021-11-02 09:11:23 +00:00
It aims to provide inflexible verification for cases where you unfortunately can't avoid touching JWT.
## Requirements
* Go *>= 1.17*
## Disclaimer
Don't use JWT. You don't need me to tell you about it.
Likewise, you shouldn't need me to tell you that you shouldn't use this library.
## Goals
2021-12-04 09:12:13 +00:00
* Just enough JWT for people to speak commonly encountered OAuth 2.0 (esp. with OIDC) and alike.
2021-11-02 09:11:23 +00:00
* Don't allow for any of the sharp edges.
* Allow for binding domain parameters as much as possible to the public keys.
2021-11-03 17:41:03 +00:00
* Extensive test coverage even if a particular case seems pedantic, guaranteed to be handled properly and/or improbable to be problematic.
2021-11-02 09:11:23 +00:00
## Non-Goals
* Signing capabilities.
2021-12-04 09:12:13 +00:00
* Anything that has to do with encryption, key exchange or MACs.
2021-11-02 09:11:23 +00:00
* Be 100% compliant with the standard.
2021-11-02 07:43:52 +00:00
## License
2021-11-02 09:11:23 +00:00
This repository is licensed under the `BSD-3-Clause` . Refer to [LICENSE ](https://github.com/aydinmercan/dumb-jose/blob/main/LICENSE ) for more information.