Aydin Mercan
82785c70eb
Moving algorithm specific jwk code to an internal module. Not caring about it should be fine(?) to the end user as long as the library remains vigilantic about it. Also, the crypto.PublicKey in JWK isn't meant to be used directly anyway. |
||
---|---|---|
.github/workflows | ||
internal/publickey | ||
jwk | ||
LICENSE | ||
README.md | ||
go.mod | ||
go.sum |
README.md
Dumb JOSE
Insecure library for a set of insecure formats. It aims to provide inflexible verification for cases where you unfortunately can't avoid touching JWT.
Requirements
- Go >= 1.17
Disclaimer
Don't use JWT. You don't need me to tell you about it. Likewise, you shouldn't need me to tell you that you shouldn't use this library.
Goals
- Just enough JWT for people to speak commonly encountered OAuth 2.0 and alike.
- Don't allow for any of the sharp edges.
- Allow for binding domain parameters as much as possible to the public keys.
- Extensive test coverage even if a particular case seems pedantic, guaranteed to be handled properly and/or improbable to be problematic.
Non-Goals
- Signing capabilities.
- Anything that has to do with encryption or key exchange.
- Be 100% compliant with the standard.
License
This repository is licensed under the BSD-3-Clause
. Refer to LICENSE for more information.