python-jose
https://github.com/mpdavis/python-jose
Python
A JOSE implementation in Python
Triage Issues!
When you volunteer to triage issues, you'll receive an email each day with a link to an open issue that needs help in this project. You'll also receive instructions on how to triage issues.
Triage Docs!
Receive a documented method or class from your favorite GitHub repos in your inbox every day. If you're really pro, receive undocumented methods or classes and supercharge your commit history.
Python not yet supported2 Subscribers
Add a CodeTriage badge to python-jose
Help out
- Issues
- Use constant-time comparison for the JWE auth tag and the OIDC at_hash claim
- Do not reject present aud claim when audience is None
- Reject JWS tokens declaring unsupported crit header extensions
- [Security] RSA1_5 JWE decryption violates RFC 7516 §11.5: wrong-length unwrapped CEK escapes random-CEK substitution and reaches AES key constructor
- [Security] jwt.decode() with audience= accepts tokens missing 'aud' claim (CWE-287)
- jwt.decode() accepts unsupported critical header extensions
- Bump pytest from 8.3.5 to 9.0.3
- Bump cryptography from 45.0.3 to 46.0.7
- Security vulnerability: ECDSA Signature Malleability
- Security vulnerability: JWE AES-CBC Padding Oracle (Full Plaintext Recovery)
- Docs
- Python not yet supported