Any plans to implement claims verification and additional signature types? #39
Comments
|
I’m not seeing any value on claim verification. Basically, claim verification logic is application specific (e.g., OpenID Connnect ID Token, OAuth Access Token, Google Pay Token). For additional algorithm, I’m open for pull requests. (It’ll require php-seclib update) To be honest, I’m no longer using PHP. I’m a Rubyist. So I’m not focusing this library recently... |
|
Good points. With regard to claims verification, some libraries have optional verifiers to make it easier to, e.g. confirm the token has not expired. I will look at a Proof Of Concept to see if it is easy enough to do and whether you are interested. I will have another look at the ES encryption. I think it requires additional package but I found one earlier that is specifically for ECC. |
According to https://jwt.io/ and my own testing, this library does not check the JWT claims (issued by, expires etc.), only the signature. It also doesn't support ES256, 384 and 512 (I don't personally need these).
Are there plans to add this functionality or deprecate this library in favour of others?
I think it is worth doing since your library is small and some others have many dependencies (and others don't support all the verification either!).
I am happy to help with some of this but you might already have decided not to do this?
The text was updated successfully, but these errors were encountered: