Insecure library for an insecure format
Go to file
Aydin Mercan 365a8d3ee2
nix: remove the development flake
I don't use NixOS anymore and thus cannot keep up the flake provided for
development.
2021-12-04 12:16:01 +03:00
.github/workflows ci/github: fix typo 2021-11-02 10:50:03 +03:00
internal/publickey jwk, internal/publickey: unmarshal -> decode 2021-12-04 10:55:00 +03:00
jwk jwk, internal/publickey: unmarshal -> decode 2021-12-04 10:55:00 +03:00
LICENSE initial commit 2021-11-02 10:43:52 +03:00
README.md readme: add ci badge and goals clarification 2021-12-04 12:12:13 +03:00
go.mod mod: update dependency 2021-12-04 11:50:25 +03:00
go.sum internal/publickey: move from public jwk add tests 2021-11-03 20:41:03 +03:00

README.md

Dumb JOSE

github-action

Insecure library for a set of insecure formats. It aims to provide inflexible verification for cases where you unfortunately can't avoid touching JWT.

Requirements

  • Go >= 1.17

Disclaimer

Don't use JWT. You don't need me to tell you about it. Likewise, you shouldn't need me to tell you that you shouldn't use this library.

Goals

  • Just enough JWT for people to speak commonly encountered OAuth 2.0 (esp. with OIDC) and alike.
  • Don't allow for any of the sharp edges.
  • Allow for binding domain parameters as much as possible to the public keys.
  • Extensive test coverage even if a particular case seems pedantic, guaranteed to be handled properly and/or improbable to be problematic.

Non-Goals

  • Signing capabilities.
  • Anything that has to do with encryption, key exchange or MACs.
  • Be 100% compliant with the standard.

License

This repository is licensed under the BSD-3-Clause. Refer to LICENSE for more information.