buddy-sign

buddy-sign copied to clipboard

[PERFORMANCE] - avoid reflective calls

5

Hi there, First of all many thanks for your work on this - hugely appreciated 👍 . Secondly observe the following output (per `lein check`): ``` Reflection warning, buddy/core/keys/jwk/eddsa.clj:31:19 -...

dpiliouras

Suggestion: Allow audience validation against collection of valid audiences

4

I suggest to improve validation for `aud` so that we can use collection for “valid audience” but not a single value only. https://github.com/funcool/buddy-sign/blob/2009c4d2ccfbbbc76ba881855e4c237b46a4430f/src/buddy/sign/jwt.clj#L27-L28

serioga

Hi, Firstly, thanks for creating the Buddy security libraries for Clojure. I am going through the code examples in your documentation, but did not see any specific examples for using...

tsaixingwei

Support for looking up public keys via OIDC discovery

19

When using auth0 / google / etc... you can obtain public keys to assist with verifying JWTs via `.well-known` endpoints. The domain for the endpoints can be deduced from the...

raymcdermott

2.* -> 3.*: what's the upgrade path? What are the breaking changes?

1

Can't find information about this.

dAnjou

vixns

It should be called 3.5.351

alexanderkiel

It would be nice if buddy supported the NONE algorithm to just implement the spec. I fully understand closing this since use of the NONE algorithm is discouraged and can...

vincentjames501

Hey Buddy! I'm not sure if this entirely qualifies as an issue, so close it if not, but I just discovered that you can sign tokens with `nil` as the...

janetacarr

RokLenarcic