GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → frasertweedale → Hs Jose

frasertweedale / Hs Jose

Licence: apache-2.0
Haskell JOSE and JWT library

Programming Languages

haskell
3896 projects

Labels

jsonjwtcryptographyjwsjose

Projects that are alternatives of or similar to Hs Jose

Jose Jwt
Ultimate Javascript Object Signing and Encryption (JOSE) and JSON Web Token (JWT) Implementation for .NET and .NET Core
Stars: ✭ 692 (+592%)
Mutual labels:  json, jwt, jws, jose
Cli
🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
Stars: ✭ 2,151 (+2051%)
Mutual labels:  jwt, cryptography, jws, jose
Jose
🔐 JSON Object Signing and Encryption Framework (JWT, JWS, JWE, JWA, JWK, JWKSet and more)
Stars: ✭ 479 (+379%)
Mutual labels:  json, jwt, jws, jose
Jwt Framework
JWT Framework
Stars: ✭ 577 (+477%)
Mutual labels:  json, jwt, jws, jose
Jose
JSON Object Signing and Encryption for Node.js and the browser
Stars: ✭ 25 (-75%)
Mutual labels:  json, jwt, jws, jose
Jose2go
Golang (GO) implementation of Javascript Object Signing and Encryption specification
Stars: ✭ 150 (+50%)
Mutual labels:  json, jwt, jws, jose
Json Jwt
JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and JSON Web Key) in Ruby
Stars: ✭ 262 (+162%)
Mutual labels:  jwt, jws, jose
Go Jose
An implementation of JOSE standards (JWE, JWS, JWT) in Go
Stars: ✭ 1,849 (+1749%)
Mutual labels:  jwt, jws, jose
Authlib
The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.
Stars: ✭ 2,854 (+2754%)
Mutual labels:  jwt, jws, jose
Jose
Universal "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK with no dependencies
Stars: ✭ 1,029 (+929%)
Mutual labels:  jwt, jws, jose
Jwt
Safe, simple and fast JSON Web Tokens for Go
Stars: ✭ 231 (+131%)
Mutual labels:  jwt, jws, jose
Jose
A JOSE implementation
Stars: ✭ 20 (-80%)
Mutual labels:  jwt, jws, jose
Erlang Jose
JSON Object Signing and Encryption (JOSE) for Erlang and Elixir
Stars: ✭ 232 (+132%)
Mutual labels:  jwt, cryptography, jose
Python Jwt
JSON Web Token library for Python
Stars: ✭ 81 (-19%)
Mutual labels:  jwt, jws, jose
Jwt Cli
A super fast CLI tool to decode and encode JWTs built in Rust
Stars: ✭ 336 (+236%)
Mutual labels:  json, jwt
Sapient
Secure API Toolkit
Stars: ✭ 308 (+208%)
Mutual labels:  json, cryptography
Js Jose
JavaScript library to encrypt/decrypt data in JSON Web Encryption (JWE) format and to sign/verify data in JSON Web Signature (JWS) format. Leverages Browser's native WebCrypto API.
Stars: ✭ 386 (+286%)
Mutual labels:  json, jws
Jwt
Go JWT signing, verifying and validating
Stars: ✭ 394 (+294%)
Mutual labels:  jwt, jws
Full Stack Fastapi Postgresql
Full stack, modern web application generator. Using FastAPI, PostgreSQL as database, Docker, automatic HTTPS and more.
Stars: ✭ 7,635 (+7535%)
Mutual labels:  json, jwt
jwt-signature
[READ ONLY] Signature component of the JWT Framework
Stars: ✭ 32 (-68%)
Mutual labels:  jose, jws
View All Similar Projects ➔

jose - Javascript Object Signing and Encryption & JWT (JSON Web Token)

jose is a Haskell implementation of Javascript Object Signing and Encryption and JSON Web Token.

The JSON Web Signature (JWS; RFC 7515) implementation is complete. JSON Web Encryption (JWE; RFC 7516) is not yet implemented.

EdDSA signatures (RFC 8037) are supported (Ed25519 only).

JWK Thumbprint (RFC 7638) is supported (requires aeson >= 0.10).

Contributions are welcome.

Security

If you discover a security issue in this library, please email me the details, ideally with a proof of concept (frase @ frase.id.au ; PGP key).

Before reporting an issue, please note the following known vulnerabilities:

  • The ECDSA implementation is vulnerable to timing attacks and should therefore only be used for verification.

and the following known not-vulnerabilities:

Interoperability issues

The following known interoperability issues will not be addressed, so please do not open issues:

  • Some JOSE tools and libraries permit the use of short keys, in violation of the RFCs. This implementation rejects JWS or JWT objects minted with short keys, as required by the RFCs.

  • The Auth0 software produces objects with an invalid "x5t" parameter. The datum should be a base64url-encoded SHA-1 digest, but Auth0 produces a base64url-encoded hex-encoded SHA-1 digest. The object can be repaired (example) so that this library will admit it, unless the offending parameter is part of the JWS Protected Header in which case you are out of luck (until Auth0 bring their implementation into compliance).

  • JWKs with leading null bytes in the RSA "n" parameter (a violation of RFC 7518) have been seen in the wild. This library rejects nonconformant JWKs. If you know which programs/libraries produce such objects, please file bugs against them. It is straightforward to repair these keys: base64url-decode the offending parameter, drop the leading null byte, base64url-encode again then update the JSON object.

Contributing

Bug reports, patches, feature requests, code review, crypto review, examples and documentation are welcome.

If you are wondering about how or whether to implement some feature or fix, please open an issue where it can be discussed. I appreciate your efforts, but I do not wish such efforts to be misplaced.

To submit a patch, please use git send-email or open a pull request. Write a well formed commit message. If your patch is nontrivial, update the copyright notice at the top of the modified files.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].