search

IdentityPython / pyjwkest

Implementation of JWT, JWS, JWE and JWK
Apache License 2.0
94 stars 55 forks source link

Build a docs page #6

Closed lsmag closed 7 years ago

lsmag commented 10 years ago

Hi @rohe,

I'm currently working on both an OIDC implementation on OAuthlib and a client for Django. I'm starting to use this lib for the JWK/JWS part, but I'm mostly using your tests to understand how to use your lib.

What do you think of a proper documentation page? I can work on it, if you like.

rohe commented 10 years ago

2 apr 2014 kl. 16:36 skrev lsmag notifications@github.com:

Hi @rohe,

I'm currently working on both an OIDC implementation on OAuthlib and a client for Django. I'm starting to use this lib for the JWK/JWS part, but I'm mostly using your tests to understand how to use your lib.

What do you think of a proper documentation page? I can work on it, if you like.

I’m perfectly happy with you doing a first version. I use sphinx for documenting all my other projects so I would appreciate if we could use sphinx for this project too.

-- Roland "Education is the path from cocky ignorance to miserable uncertainty.” - Mark Twain

lsmag commented 10 years ago

Awesome! I never used Sphinx, but no problem, I'll use that.

juanifioren commented 9 years ago

Am trying to use this lib for an OIDC provider for Django, but am failing due to the lack of docs.

rohe commented 9 years ago

6 mar 2015 kl. 07:29 skrev Juan Ignacio Fiorentino notifications@github.com:

Am trying to use this lib for an OIDC provider for Django, but am failing due to the lack of docs.

So, you’re trying to build a OpenID Connect provider in Django. Unfortunately I don’t know a lot about Django so I wouldn’t know where to start.

Would you be interested in working with one of my guys on this.

"It is the consequence of humanity. We are all formed of frailty and error; let us pardon reciprocally each others’ folly - that is the first law of nature.” - Voltaire

juanifioren commented 9 years ago

@rohe Thanks for the answer Roland,

The provider is already functional (see project here), but I'm a little confused about how ID TOKEN must be signed and then encrypted.

Actually am using PyJWT. Just doing:

id_token_hash = jwt.encode(id_token_dic, client_secret)

Where id_token_dic contains some claims that are used within the ID Token (iss, sub, aud, etc.).

Actually is signed using HS256. Is this bad? Should at least implement RS256?. Maybe I misunderstood something about encryption.

-- Ignacio