authlib icon indicating copy to clipboard operation
authlib copied to clipboard

Published 20 hours ago verified publisher icon lepture

Interested in a meaningful contribution?

Open ashcherbakov opened this issue 3 years ago • 8 comments

We've been working on a technology called DIDComm. It makes heavy use of JWKs, JWEs, and JWSs. It's being done in FOSS in conjunction with the Decentralized Identity Foundation, Trust Over IP Foundation, and Linux Foundation. Eventually the spec that we're trying to implement is going to IETF.

After studying various python libs for JOSE, we have concluded that JOSE implementation from authlib is closest to what we'd like to start from. But we need some new features:

  • ECDH-1PU support (see ECDH-1PU draft)
  • JSON serialization for JWS and JWE and multi-recipient support
  • AEAD_XCHACHA20_POLY1305 (XC20P) support for content encryption (see Chacha draft)

We could just pull some code out of your excellent library and do our own independent thing, but we're wondering if you'd like a meaningful contribution of the features I listed above.

We'd do the work; we're not trying to find someone else to do the coding for us.

But before we start that contribution, we would like to know if it makes sense for you, and what are the chances that our PRs with all the features listed above will be accepted from the contributed features point of view.

(Tagging @vimmerru and @dhh1128, who are interested in the answer).

ashcherbakov avatar Jul 27 '21 08:07 ashcherbakov

@ashcherbakov thanks. You can put them in the jose/drafts folder.

lepture avatar Aug 12 '21 01:08 lepture

Please review the following pull request adding ECDH-1PU (Draft 04) algorithm support to JWE: https://github.com/lepture/authlib/pull/374

spivachuk avatar Aug 13 '21 14:08 spivachuk

Please review the pull request adding XC20P encryption algorithm: https://github.com/lepture/authlib/pull/375

spivachuk avatar Aug 18 '21 10:08 spivachuk

Please review the pull request adding JSON serialization and multi-recipient support to JWE: https://github.com/lepture/authlib/pull/380

spivachuk avatar Aug 31 '21 12:08 spivachuk

@lepture Thank you for accepting all our contributions. Do you have any plans to create a new release that will contain all these changes?

ashcherbakov avatar Sep 28 '21 07:09 ashcherbakov

@lepture We are planning to present the library we've been implementing (DIDComm) on a conference on Oct 12. That library depends on the authlib with the new JOSE features we contributed. We would really appreciate a release of authlib with recent JOSE changes by Oct 12, so that we can have a release of our lib depending on authlib from pypi.

ashcherbakov avatar Oct 01 '21 15:10 ashcherbakov

@ashcherbakov Oh, sorry to miss that. I'll focus on release v1.0.0 in next month. For now, you can use the b1release which includes your updates on JOSE.

https://pypi.org/project/Authlib/1.0.0b1/

lepture avatar Oct 18 '21 12:10 lepture

1.0.0rc1 is released.

lepture avatar Jan 14 '22 06:01 lepture