python-jose
python-jose copied to clipboard
mpdavis
A JOSE implementation in Python
[JWS](https://datatracker.ietf.org/doc/html/rfc7515) and [JWE](https://datatracker.ietf.org/doc/html/rfc7516), both spec have the provision of custom (i.e. user-defined) headers. *python-jose* supports passing custom headers in the `headers` parameter in `jose.jws.sign()` method. But the same is not...
Could we add an option to verify [`azp` (`Authorized party - the party to which the ID Token was issued`)](https://www.iana.org/assignments/jwt/jwt.xhtml)? For example: ```python jwt.decode( token, key, azp="asdf1234", options: {"require_azp": True},...
Upstream libraries that depend on `jws.verify()` break when the upstream keys contain a mixed set of algorithms. This is a nominal occurance for OIDC servers and should be properly handled.
pyasn1 0.5.0 was released on Friday https://github.com/pyasn1/pyasn1/pull/27. It's basically the same as 0.5.0.rc2 which we used in our project. It should be safe to upgrade the version. I'm talking about...
Hello! I'm having a small issue with functions `jwt.decode` and `jws.verify` in a corner-case scenario. I'm playing with a handcrafted, invalid JWT where the `"alg"` header has been set to...
Hi i think this also effect you cause you are depende on Python Cryptography library cryptography = cryptography >=3.4.0 and it has this vulnerability (CVE-2022-3602) can you update to latest...
When discussing crypto backends the README says: > Due to complexities with setuptools, the native-python backend is always installed, even if you select a different backend on install. **We recommend...
