34 lines
1.3 KiB
Markdown
34 lines
1.3 KiB
Markdown
# Dumb JOSE
|
|
|
|
[![treehouse-ci](https://woodpecker.treehouse.systems/api/badges/jmercan/dumb-jose/status.svg)](https://woodpecker.treehouse.systems/jmercan/dumb-jose)
|
|
[![github-action](https://github.com/aydinmercan/dumb-jose/actions/workflows/test.yaml/badge.svg)](https://github.com/aydinmercan/dumb-jose/actions/workflows/test.yaml)
|
|
|
|
Insecure library for a set of insecure formats.
|
|
It aims to provide inflexible verification for cases where you unfortunately can't avoid touching JWT.
|
|
|
|
## Requirements
|
|
|
|
* Go *>= 1.17*
|
|
|
|
## Disclaimer
|
|
|
|
Don't use JWT. You don't need me to tell you about it.
|
|
Likewise, you shouldn't need me to tell you that you shouldn't use this library.
|
|
|
|
## Goals
|
|
|
|
* Just enough JWT for people to speak commonly encountered OAuth 2.0 (esp. with OIDC) and alike.
|
|
* Don't allow for any of the sharp edges.
|
|
* Allow for binding domain parameters as much as possible to the public keys.
|
|
* Extensive test coverage even if a particular case seems pedantic, guaranteed to be handled properly and/or improbable to be problematic.
|
|
|
|
## Non-Goals
|
|
|
|
* Signing capabilities.
|
|
* Anything that has to do with encryption, key exchange or MACs.
|
|
* Be 100% compliant with the standard.
|
|
|
|
## License
|
|
|
|
This repository is licensed under the `BSD-3-Clause`. Refer to [LICENSE](https://github.com/aydinmercan/dumb-jose/blob/main/LICENSE) for more information.
|