{ "info": { "author": "Demian Brecht", "author_email": "dbrecht@demonware.net", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Intended Audience :: Developers", "Intended Audience :: Information Technology", "License :: OSI Approved :: BSD License", "Operating System :: OS Independent", "Programming Language :: Python :: 2 :: Only", "Topic :: Security", "Topic :: Software Development :: Libraries" ], "description": "JOSE\n====\n\nJOSE is a framework intended to provide a method to securely transfer\nclaims (such as authorization information) between parties. The JOSE framework\nprovides a collection of specifications to serve this purpose. A JSON Web\nToken (JWT) contains claims that can be used to allow a system to apply access\ncontrol to resources it owns.\n\nJWTs can be represented as either JSON Web Signature (JWS) or a JSON Web\nEncryption (JWE) objects. Claims within a JWS can be read as they are simply\nbase64-encoded (but carry with them a signature for authentication). Claims\nin a JWE on the other hand, are encrypted and as such, are entirely opaque\nto clients using them as their means of authentication and authorization.\n\nThis library implements JWS and JWEs along with a subset of the\nencryption / authentication algorithms recommended by the JOSE framework.\n\nDocumentation\n=============\nhttp://jose.readthedocs.org/en/latest\n\nBuilds\n======\nhttps://travis-ci.org/Demonware/jose\n\n\nCHANGES\n=======\n\n1.0.0 (2015-10-06)\n------------------\n- Fixed bug in authentication tag computation (patch contributed by jaimeperez)\n\nImportant: This is a backwards incompatible change, in that tokens produced in this version will not be decipherable by tokens < 1.0.0. The jwe hash string used was changed to use an empty string rather than \".\" to fall in line with https://tools.ietf.org/html/rfc7518#section-5.2.2.1\n\n0.3.0 (2015-04-10)\n------------------\n- Fixed critical JWT vulnerability (patch contributed by yuriikonovaliuk)\n\nImportant: Only unencrypted tokens are vulnerable. This fix lead to backward\nincompatible change to `verify` function signature.\n\n0.2.2 (2015-01-07)\n------------------\n- RFC compliance fixes (patch contributed by jaimeperez)\n\nImportant: This change introduces a temporarily injected key (__v) in order to\ndistinguish between legacy and newly issued tokens. This allows for the use\nof either token as to not break backwards compatibility and (possibly)\ndegrade user experience. This will be removed for v1.0.\n\nIn order to verify whether or not clients are using a legacy token, the\napplication code can verify whether or not the key \"__v\" is contained in the\nheaders (this can be done after deserialize_compact). The existence of the key\nidentifies a newly created token.\n\n0.2.1 (2014-11-24)\n------------------\n- Unpinned pycrypto dependency (patch contributed by kuba)\n- Added CLI exposing \"decrypt\" command\n- Added custom exceptions, making client error handling easier\n\n0.1 (2014-04-16)\n----------------\n- Initial release\n\n\nContributors\n============\n\nDemian Brecht (demianbrecht)\nNick Murtagh (nmurtagh)\nJakub Warmuz (kuba)\nJaime P\u00e9rez (jaimeperez)\nYurii Konovaliuk (yuriikonovaliuk)", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/Demonware/jose", "keywords": null, "license": "UNKNOWN", "maintainer": null, "maintainer_email": null, "name": "jose", "package_url": "https://pypi.org/project/jose/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/jose/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/Demonware/jose" }, "release_url": "https://pypi.org/project/jose/1.0.0/", "requires_dist": null, "requires_python": null, "summary": "An implementation of the JOSE draft", "version": "1.0.0" }, "last_serial": 1814628, "releases": { "0.1": [ { "comment_text": "", "digests": { "md5": "9e774a337c4c9f1a25af02fc7a55816b", "sha256": "2e8e2f812b302a8971d774a9074c0318230f5eb1a7ee6b919f22676a19c88817" }, "downloads": -1, "filename": "jose-0.1.tar.gz", "has_sig": false, "md5_digest": "9e774a337c4c9f1a25af02fc7a55816b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5888, "upload_time": "2014-04-16T20:13:18", "url": "https://files.pythonhosted.org/packages/f3/80/3eff452bc074f3968fea1096af6f088ddd9265dbfba30009f5e6096d7e4f/jose-0.1.tar.gz" } ], "0.2.1": [ { "comment_text": "", "digests": { "md5": "650ba75ac015dad0f7b01567d321eaae", "sha256": "bbb0675d32d2e2ae5791fb45d38ba61c9099f64b78fa2fb15eeeee9cd71bc353" }, "downloads": -1, "filename": "jose-0.2.1.tar.gz", "has_sig": false, "md5_digest": "650ba75ac015dad0f7b01567d321eaae", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 7660, "upload_time": "2014-11-25T16:14:48", "url": "https://files.pythonhosted.org/packages/ce/bd/7391b5b380797ca7ae4bd54681720cfa5e203ca9985ca9d48cbbaab38c9e/jose-0.2.1.tar.gz" } ], "0.2.2": [ { "comment_text": "", "digests": { "md5": "1909ac4d8646ec427b9fd60af9f92171", "sha256": "3ae20b0201f2d55684bddf116648cacbc4eabb00735fbfdf51e843f4111aa962" }, "downloads": -1, "filename": "jose-0.2.2.tar.gz", "has_sig": false, "md5_digest": "1909ac4d8646ec427b9fd60af9f92171", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8742, "upload_time": "2015-01-15T02:17:15", "url": "https://files.pythonhosted.org/packages/98/25/0cd9f3004546477266013fd6080f17958252b6eacf3513b3b24abb2f1346/jose-0.2.2.tar.gz" } ], "1.0.0": [ { "comment_text": "", "digests": { "md5": "6fd62972b02965fb0151c1173e2e4a60", "sha256": "8436c3617cd94e1ba97828fbb1ce27c129f66c78fb855b4bb47e122b5f345fba" }, "downloads": -1, "filename": "jose-1.0.0.tar.gz", "has_sig": false, "md5_digest": "6fd62972b02965fb0151c1173e2e4a60", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9153, "upload_time": "2015-11-13T10:52:21", "url": "https://files.pythonhosted.org/packages/01/3d/832caa69cd0d3be2d608d8290be2221072669aa88e87690837f6b31c480f/jose-1.0.0.tar.gz" } ], "dev": [] }, "urls": [ { "comment_text": "", "digests": { "md5": "6fd62972b02965fb0151c1173e2e4a60", "sha256": "8436c3617cd94e1ba97828fbb1ce27c129f66c78fb855b4bb47e122b5f345fba" }, "downloads": -1, "filename": "jose-1.0.0.tar.gz", "has_sig": false, "md5_digest": "6fd62972b02965fb0151c1173e2e4a60", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 9153, "upload_time": "2015-11-13T10:52:21", "url": "https://files.pythonhosted.org/packages/01/3d/832caa69cd0d3be2d608d8290be2221072669aa88e87690837f6b31c480f/jose-1.0.0.tar.gz" } ] }