readme: add ci badge and goals clarification

As everyone is aware you don't need JWTs for OAuth. However, OIDC
requires them which is a main target, alongside almost every non-OIDC
(unfortunately) using JWT.

Furthermore, despite being labeled under "signatures" in the standard,
MACs aren't a goal in this library.
main
Aydin Mercan 2021-12-04 12:12:13 +03:00
parent fbf3f89bcc
commit fa79a9a7bc
No known key found for this signature in database
1 changed files with 4 additions and 2 deletions

View File

@ -1,5 +1,7 @@
# Dumb JOSE # Dumb JOSE
[![github-action](https://github.com/aydinmercan/dumb-jose/actions/workflows/test.yaml/badge.svg)](https://github.com/aydinmercan/dumb-jose/actions/workflows/test.yaml)
Insecure library for a set of insecure formats. Insecure library for a set of insecure formats.
It aims to provide inflexible verification for cases where you unfortunately can't avoid touching JWT. It aims to provide inflexible verification for cases where you unfortunately can't avoid touching JWT.
@ -14,7 +16,7 @@ Likewise, you shouldn't need me to tell you that you shouldn't use this library.
## Goals ## Goals
* Just enough JWT for people to speak commonly encountered OAuth 2.0 and alike. * Just enough JWT for people to speak commonly encountered OAuth 2.0 (esp. with OIDC) and alike.
* Don't allow for any of the sharp edges. * Don't allow for any of the sharp edges.
* Allow for binding domain parameters as much as possible to the public keys. * Allow for binding domain parameters as much as possible to the public keys.
* Extensive test coverage even if a particular case seems pedantic, guaranteed to be handled properly and/or improbable to be problematic. * Extensive test coverage even if a particular case seems pedantic, guaranteed to be handled properly and/or improbable to be problematic.
@ -22,7 +24,7 @@ Likewise, you shouldn't need me to tell you that you shouldn't use this library.
## Non-Goals ## Non-Goals
* Signing capabilities. * Signing capabilities.
* Anything that has to do with encryption or key exchange. * Anything that has to do with encryption, key exchange or MACs.
* Be 100% compliant with the standard. * Be 100% compliant with the standard.
## License ## License