Added tests for EdDSA keys. Subsequently, some fixes were introduced.
Also, ECDSA's test names were fixed to avoid collusions.
As a bonus some unused code were removed.
As everyone is aware you don't need JWTs for OAuth. However, OIDC
requires them which is a main target, alongside almost every non-OIDC
(unfortunately) using JWT.
Furthermore, despite being labeled under "signatures" in the standard,
MACs aren't a goal in this library.
Currently encoding/json accepts duplicate fields in the json.
Since https://github.com/golang/go/issues/48298 got accepted,
we should use the decoder interface with Decoder.DisallowDuplicateFields
turned on when available. Its exact behavior will determine whether
json.RawMessage's will be re-unmarshaled or will follow the byte reader
path.
Moving algorithm specific jwk code to an internal module.
Not caring about it should be fine(?) to the end user as long
as the library remains vigilantic about it. Also, the crypto.PublicKey
in JWK isn't meant to be used directly anyway.