anvilresearch / jwt Goto Github PK
View Code? Open in Web Editor NEWJSON Web Token for JavaScript
License: MIT License
JSON Web Token for JavaScript
License: MIT License
JWT/JWD to use @trust/jwk for signing/encryption/decryption operations and @trust/keycache for signature verification.
@johnny90 did some work on this. Is this a complete feature? Either way I think this should be completed for the v0.1.0 release.
The spec: https://w3c-dvcg.github.io/ld-signatures/
The JS lib: https://github.com/digitalbazaar/jsonld-signatures
Manu's 2013 post describing their design decisions and difference between JOSE and LDS: http://manu.sporny.org/2013/lds-vs-jose/
(Note that the LDS spec recently gives the indication that they're open to interoperating between JOSE and LDS.)
With npm allowing us to use namespaced package names and our current theme of @trust/jwX packages, it may be desirable for us to split JWD into it's own package that depends on @trust/jwt.
If we do decide to do this then we should probably only do it once JWT is refactored and working as intended.
Thoughts?
This is probably a necessary for the secure use of this libray. It will allow devs (users?) to allow the use of { alg: 'none' }
but still be able to mandate when a signature is necessary.
Still need to make a decision about if these are getting a package of their own, but from @christiansmith's comments in the linked issue, I don't think so.
Current behaviour when calling JWT.verify({ serialized: token, jwk: '...' })
-- where the caller provides the public JWK for signature verification -- is that only one key may be provided.
This problem is only for the case where the caller is passing in the JWKs for signature verification. The default behaviour of using the JWKSet Cache to look up keys etc. will still look up all necessary keys and verify all signatures as expected.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.