readme: add ci badge and goals clarification
As everyone is aware you don't need JWTs for OAuth. However, OIDC requires them which is a main target, alongside almost every non-OIDC (unfortunately) using JWT. Furthermore, despite being labeled under "signatures" in the standard, MACs aren't a goal in this library.main
parent
fbf3f89bcc
commit
fa79a9a7bc
|
@ -1,5 +1,7 @@
|
||||||
# Dumb JOSE
|
# Dumb JOSE
|
||||||
|
|
||||||
|
[![github-action](https://github.com/aydinmercan/dumb-jose/actions/workflows/test.yaml/badge.svg)](https://github.com/aydinmercan/dumb-jose/actions/workflows/test.yaml)
|
||||||
|
|
||||||
Insecure library for a set of insecure formats.
|
Insecure library for a set of insecure formats.
|
||||||
It aims to provide inflexible verification for cases where you unfortunately can't avoid touching JWT.
|
It aims to provide inflexible verification for cases where you unfortunately can't avoid touching JWT.
|
||||||
|
|
||||||
|
@ -14,7 +16,7 @@ Likewise, you shouldn't need me to tell you that you shouldn't use this library.
|
||||||
|
|
||||||
## Goals
|
## Goals
|
||||||
|
|
||||||
* Just enough JWT for people to speak commonly encountered OAuth 2.0 and alike.
|
* Just enough JWT for people to speak commonly encountered OAuth 2.0 (esp. with OIDC) and alike.
|
||||||
* Don't allow for any of the sharp edges.
|
* Don't allow for any of the sharp edges.
|
||||||
* Allow for binding domain parameters as much as possible to the public keys.
|
* Allow for binding domain parameters as much as possible to the public keys.
|
||||||
* Extensive test coverage even if a particular case seems pedantic, guaranteed to be handled properly and/or improbable to be problematic.
|
* Extensive test coverage even if a particular case seems pedantic, guaranteed to be handled properly and/or improbable to be problematic.
|
||||||
|
@ -22,7 +24,7 @@ Likewise, you shouldn't need me to tell you that you shouldn't use this library.
|
||||||
## Non-Goals
|
## Non-Goals
|
||||||
|
|
||||||
* Signing capabilities.
|
* Signing capabilities.
|
||||||
* Anything that has to do with encryption or key exchange.
|
* Anything that has to do with encryption, key exchange or MACs.
|
||||||
* Be 100% compliant with the standard.
|
* Be 100% compliant with the standard.
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
|
Loading…
Reference in New Issue