➕(backend) add a JOSE dependency
We will add a JWKs endpoint to the application and manipulate signed/encrypted Json Web Token (JWT). Project lacks tooling for JSON Object Signing and Encryption (JOSE) manipulations. After a quick benchmark, 'joserfc' has been chosen as the dependency to add. joserfc is a Python library that provides a comprehensive implementation of several essential JOSE standards. Please find the benchmark: - Cryptography: Although using only cryptography is feasible, its interface/API is not as user-friendly. - pyjwt: While pyjwt is popular, it lacks support for JWK and JWE objects, which are essential for the requirements. - python-jose: The latest release of python-jose was in 2021, and the project seems less active compared to other alternatives. - Authlib: Authlib is the second most popular library after pyjwt and seems modern with an active community. However, the parts relevant to the use case were extracted into a relatively new package named joserfc. - joserfc: Although joserfc has fewer stars compared to Authlib, it was extracted from Authlib, which has more than 4k stars, indicating a solid foundation. While the low star count of joserfc might raise concerns about its stability, it is believed to be worth considering its addition. Adding Authlib and refactoring later, once they finish migrating to joserfc, is also a possibility
This commit is contained in:
lebaudantoine
committed by
aleb_the_flash
aleb_the_flash
parent
87966fa062
commit
09cb7ff6f1
@@ -47,6 +47,7 @@ dependencies = [
|
||||
"nested-multipart-parser==1.5.0",
|
||||
"psycopg[binary]==3.2.1",
|
||||
"PyJWT==2.9.0",
|
||||
"joserfc==1.0.0",
|
||||
"requests==2.32.3",
|
||||
"sentry-sdk==2.13.0",
|
||||
"url-normalize==1.4.3",
|
||||
|
||||
Reference in New Issue
Block a user