luhn
commented
1 year ago Can I get feedback from a maintainer on whether or not these proposed changes would be accepted once properly documented and tested? @Viicos? @jpadilla?
Closed luhn closed 2 months ago
luhn
commented
1 year ago Can I get feedback from a maintainer on whether or not these proposed changes would be accepted once properly documented and tested? @Viicos? @jpadilla?
Viicos
commented
1 year ago I like the idea, I'm not an official maintainer so I'll let @jpadilla or @auvipy decide here :)
luhn
commented
9 months ago Ready for review 👍
auvipy
commented
9 months ago restarted the CI, lets hope all are green
luhn
commented
9 months ago Okay, I fixed tests w/o cryptography installed.
luhn
commented
6 months ago Ping. Any more feedback on this?
@auvipy, it looks like you need to approve my changes.
luhn
commented
4 months ago Bummed to see this was closed as stale. @jpadilla @Viicos @auvipy would it be possible to reopen and get merged? I'm happy to make any changes necessary.
This PR contains three proposed changes. You can accept or reject any of them as you see fit. This is just a rough draft, once the functionality is approved I'll clean it up, add tests, and document.
1) Add
algorithmstring toPyJWK. This is useful in determine the appropriatealgorithmsvalue to pass intodecode().2) Allow a
PyJWKto be passed directly intodecode(), so it's not necessary to pullPyJWK.key. (This would fix #864)3) If a
PyJWKis passed intodecode()andalgorithmsis not set, use the algorithm from the JWK. This change makes the API more convenient and reduces room for error: There's no reason that you should use any algorithm but the JWK's algorithm and doing otherwise is problematic at best and a possible security threat at worst.