JOSE Standards
Javascript Object Signing and Encryption (JOSE) is a set of standards for signing and/or encryption of JSON data objects.
- JSON Web Algorithms (JWA) describes cryptographic algorithms used in JOSE
- JSON Web Key (JWK) describes format and handling of cryptographic keys in JOSE
- JSON Web Signature (JWS) describes creation and handling of signed messages
- JSON Web Encryption (JWE), describes creation and handling encrypted messages
- JSON Web Token (JWT), describes representation of claims encoded in JSON and protected by JWS or JWE
JOSE Libraries
| Programming Language/Runtime | Libraries | Recommendation |
|---|---|---|
| Python | Jose, pyjwkest, jwcrypto, PyJWT, CryptoJWT | Use PyJWT or jwcrypto |
| Go | go-jose | Use go-jose |
| PHP | jose-php | Use jose-php |
| Ruby | json-jwt | Use json-jwt |
| JavaScript | node-jws, jose, jsrsasign | For signed token validation just use node-jws, else for more advanced usage go with jose or jsrsasign |
| .Net/.Net Core/Owin | jose-jwt, jwt | Use jose-jwt |
| Rust | jsonwebtoken, biscuit | jsonwebtoken |
| Java/JVM | jose4j, Nimbus JOSE + JWT | Use Jose4j |
| C/C++ | cjose, Apache CXF | Use cjose or Apache CXF |
| Dart | jose | Use jose |