dumb-jose/README.md

# Dumb JOSE

[![treehouse-ci](https://woodpecker.treehouse.systems/api/badges/jmercan/dumb-jose/status.svg)](https://woodpecker.treehouse.systems/jmercan/dumb-jose)
[![github-action](https://github.com/aydinmercan/dumb-jose/actions/workflows/test.yaml/badge.svg)](https://github.com/aydinmercan/dumb-jose/actions/workflows/test.yaml)

Insecure library for a set of insecure formats.
It aims to provide inflexible verification for cases where you unfortunately can't avoid touching JWT.

## Requirements

* Go *>= 1.17*

## Disclaimer

Don't use JWT. You don't need me to tell you about it.
Likewise, you shouldn't need me to tell you that you shouldn't use this library.

## Goals

* Just enough JWT for people to speak commonly encountered OAuth 2.0 (esp. with OIDC) and alike.
* Don't allow for any of the sharp edges.
* Allow for binding domain parameters as much as possible to the public keys.
* Extensive test coverage even if a particular case seems pedantic, guaranteed to be handled properly and/or improbable to be problematic.

## Non-Goals

* Signing capabilities.
* Anything that has to do with encryption, key exchange or MACs.
* Be 100% compliant with the standard.

## License

This repository is licensed under the `BSD-3-Clause`. Refer to [LICENSE](https://github.com/aydinmercan/dumb-jose/blob/main/LICENSE) for more information.
initial commit - Created the JWK definition with parsing key sets, needs more through poking for covering invalid state handling. - Basic parsing tests with CI 2021-11-02 07:43:52 +00:00			`# Dumb JOSE`

readme: add woodpecker badge 2021-12-05 14:23:15 +00:00			`[![treehouse-ci](https://woodpecker.treehouse.systems/api/badges/jmercan/dumb-jose/status.svg)](https://woodpecker.treehouse.systems/jmercan/dumb-jose)`
readme: add ci badge and goals clarification As everyone is aware you don't need JWTs for OAuth. However, OIDC requires them which is a main target, alongside almost every non-OIDC (unfortunately) using JWT. Furthermore, despite being labeled under "signatures" in the standard, MACs aren't a goal in this library. 2021-12-04 09:12:13 +00:00			`[![github-action](https://github.com/aydinmercan/dumb-jose/actions/workflows/test.yaml/badge.svg)](https://github.com/aydinmercan/dumb-jose/actions/workflows/test.yaml)`

initial commit - Created the JWK definition with parsing key sets, needs more through poking for covering invalid state handling. - Basic parsing tests with CI 2021-11-02 07:43:52 +00:00			`Insecure library for a set of insecure formats.`
readme: expand the scope and minor additions The following have been added to the README: - Build requirements - Disclaimer - Goals and non-goals - License 2021-11-02 09:11:23 +00:00			`It aims to provide inflexible verification for cases where you unfortunately can't avoid touching JWT.`

			`## Requirements`

			`* Go >= 1.17`

			`## Disclaimer`

			`Don't use JWT. You don't need me to tell you about it.`
			`Likewise, you shouldn't need me to tell you that you shouldn't use this library.`

			`## Goals`

readme: add ci badge and goals clarification As everyone is aware you don't need JWTs for OAuth. However, OIDC requires them which is a main target, alongside almost every non-OIDC (unfortunately) using JWT. Furthermore, despite being labeled under "signatures" in the standard, MACs aren't a goal in this library. 2021-12-04 09:12:13 +00:00			`* Just enough JWT for people to speak commonly encountered OAuth 2.0 (esp. with OIDC) and alike.`
readme: expand the scope and minor additions The following have been added to the README: - Build requirements - Disclaimer - Goals and non-goals - License 2021-11-02 09:11:23 +00:00			`* Don't allow for any of the sharp edges.`
			`* Allow for binding domain parameters as much as possible to the public keys.`
internal/publickey: move from public jwk add tests Moving algorithm specific jwk code to an internal module. Not caring about it should be fine(?) to the end user as long as the library remains vigilantic about it. Also, the crypto.PublicKey in JWK isn't meant to be used directly anyway. 2021-11-03 17:41:03 +00:00			`* Extensive test coverage even if a particular case seems pedantic, guaranteed to be handled properly and/or improbable to be problematic.`
readme: expand the scope and minor additions The following have been added to the README: - Build requirements - Disclaimer - Goals and non-goals - License 2021-11-02 09:11:23 +00:00
			`## Non-Goals`

			`* Signing capabilities.`
readme: add ci badge and goals clarification As everyone is aware you don't need JWTs for OAuth. However, OIDC requires them which is a main target, alongside almost every non-OIDC (unfortunately) using JWT. Furthermore, despite being labeled under "signatures" in the standard, MACs aren't a goal in this library. 2021-12-04 09:12:13 +00:00			`* Anything that has to do with encryption, key exchange or MACs.`
readme: expand the scope and minor additions The following have been added to the README: - Build requirements - Disclaimer - Goals and non-goals - License 2021-11-02 09:11:23 +00:00			`* Be 100% compliant with the standard.`
initial commit - Created the JWK definition with parsing key sets, needs more through poking for covering invalid state handling. - Basic parsing tests with CI 2021-11-02 07:43:52 +00:00
			`## License`

readme: expand the scope and minor additions The following have been added to the README: - Build requirements - Disclaimer - Goals and non-goals - License 2021-11-02 09:11:23 +00:00			This repository is licensed under the `BSD-3-Clause`. Refer to [LICENSE](https://github.com/aydinmercan/dumb-jose/blob/main/LICENSE) for more information.