EdDSA support

[twosigmajab]

I'm trying to find a Python library that can verify EdDSA-signed JWTs. Does python-jose support EdDSA?

(I don't see any references in the code, and the entry for python-jose on https://jwt.io has a ❔ next to "EdDSA".)

Thanks!

[pohutukawa]

I've been in the same situation. Additionally, I also needed JWE (JSON Web Encryption), which are part of the JOSE standard suite. Unfortunately python-jose is (at the moment) a bit of a misnomer as it only does JWS/JWT. Anyway, my plan was to implement some of my needs (EdDSA, JWE with ChaCha20/Poly1305 and AES256-GCM) to python-jose, but it was so far blocked by other outstanding issues.

In the meantime I have built an interim project that would satisfy my needs until I could address python-jose. It's called sspyjose and you can find it on GitLab, liberally licensed under the Apache 2.0 licence: https://gitlab.com/kauriid/sspyjose/

You can also pip install sspyjose the package (not mentioned in the README).

It's not quite as polished in use as python-jose, but it just had to serve a purpose.

Also, as I don't work for the company I had developed it for any more, it may not be well maintained, and a port of the features across to python-jose may never happen from my side. However, I'll try to be as accommodating as possible with accepting any improvements or suggestions for a future life of that code.

[mattsb42-aws]

@twosigmajab @pohutukawa Would #100 provide the functionality you are looking for?

[pohutukawa]

@mattsb42-aws Yes, if you look at my (frequent) comments in #100 and #104, that should suffice.

But (as mentioned above), I don't know whether I'll have the time availability any more to implement my (former) needs of EdDSA and JWE in general (specifically ChaCha20/Poly1305, AES256-GCM, X25519) due to my changed employment situation.

Having said that, given #100 is in, doing especially Ed25519 (EdDSA) should be rather straight forward and simple (if not done already with #100).