Insecure library for an insecure format

Go to file

Aydin Mercan c69930c738 readme: expand the scope and minor additions The following have been added to the README: - Build requirements - Disclaimer - Goals and non-goals - License		2021-11-02 12:11:23 +03:00
.github/workflows	ci/github: fix typo	2021-11-02 10:50:03 +03:00
jwk	initial commit	2021-11-02 10:43:52 +03:00
LICENSE	initial commit	2021-11-02 10:43:52 +03:00
README.md	readme: expand the scope and minor additions	2021-11-02 12:11:23 +03:00
go.mod	initial commit	2021-11-02 10:43:52 +03:00
go.sum	initial commit	2021-11-02 10:43:52 +03:00

README.md

Dumb JOSE

Insecure library for a set of insecure formats. It aims to provide inflexible verification for cases where you unfortunately can't avoid touching JWT.

Requirements

Go >= 1.17

Disclaimer

Don't use JWT. You don't need me to tell you about it. Likewise, you shouldn't need me to tell you that you shouldn't use this library.

Goals

Just enough JWT for people to speak commonly encountered OAuth 2.0 and alike.
Don't allow for any of the sharp edges.
Allow for binding domain parameters as much as possible to the public keys.

Non-Goals

Signing capabilities.
Anything that has to do with encryption or key exchange.
Be 100% compliant with the standard.

License

This repository is licensed under the BSD-3-Clause. Refer to LICENSE for more information.