joserfc
joserfc copied to clipboard
authlib
Implementations of JOSE RFCs in Python
Ideas:
Ideas: add option to: ``` joserfc.jwe.decrypt_json(...) ``` example: ``` plaintext=joserfc.jwe.decrypt_json(msg, joserfc.jwk.KeySet([key1]), single_recipient = True) ``` Quickfix: ```python def _perform_decrypt(obj: EncryptionData, registry: JWERegistry) -> None: enc = registry.get_enc(obj.protected["enc"]) iv = obj.bytes_segments["iv"]...
I noticed the following behavior while trying to validate third party produced tokens. It seems that the only allowed value for the `typ` header is `jwt`. This is due to...
First of all currently it is not possible to use straight `sphinx-build` command to build documentation out of source tree ```console + /usr/bin/sphinx-build -n -T -b man docs build/sphinx/man Running...
Setup: Message contains two recipients I try to decrypt the message with ONE correct key. ```python Error: File "venv/lib64/python3.12/site-packages/joserfc/jwe.py", line 254, in decrypt_json _attach_recipient_keys(general_obj.recipients, private_key, sender_key) File "venv/lib64/python3.12/site-packages/joserfc/jwe.py", line 269,...
Currently doing migration from python-jose to joserfc and found myself in a bit of a pickle. python-jose implementation allows validation of the token against the public_key (using verify method from...
I don't know if this a vendor-specific issue or not, but [Microsoft includes a `nonce` field](https://www.outsystems.com/forums/discussion/89897/jwt-oauth-token-signature-validation-with-nonce-in-header/#) in the header of their JWT access tokens. Because joserfc strictly validates the keys...
Dear developers, 1. `mypy` is complaining about the `KeySetSerialization` type: ``` error: Argument 1 to "import_key_set" of "KeySet" has incompatible type "dict[Any, Any]"; expected "KeySetSerialization" [arg-type] ``` I should likely...
I noticed an inconsistency between specific key and JWKRegistry APIs on the `generate_key` method. Specific key APIs provide default values for crv or size when calling `generate_key`, but not `JWKRegistry`....
I was wondering if this was interesting to add an utility to `JWSRegistry` and `JWERegistry` that would guess the `alg` for a given key, depending on criterias such as security...
Hello, I'm not sure if this is properly a bug or an enhancement, but something I was caught out by working with `KeySet` ```python from unittest.mock import MagicMock from joserfc.jwk...