django-oidc-provider icon indicating copy to clipboard operation
django-oidc-provider copied to clipboard

Published 20 hours ago verified publisher icon juanifioren

Replace IdentityPython/pyjwkest with latchset/jwcrypto

Open juanifioren opened this issue 5 years ago • 2 comments

Related issues: https://github.com/juanifioren/django-oidc-provider/issues/207 https://github.com/juanifioren/django-oidc-provider/issues/293

Problem: replace pyjwkest with another lib based on pyca/cryptography, instead of cryptodomex (which has security review alerted). latchset/jwcrypto seems to be the selected one.

External links about this: https://github.com/mozilla/mozilla-django-oidc/issues/180 https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b414-import-pycryptodome

juanifioren avatar Oct 17 '18 22:10 juanifioren

I think #274 and #275 are related too.

cbouvier15 avatar Oct 18 '18 00:10 cbouvier15

True, but I think we can first migrate library, then add those features.

juanifioren avatar Oct 18 '18 03:10 juanifioren