{"id":13801420,"url":"https://github.com/blackdoor/jose","last_synced_at":"2026-04-02T15:51:17.091Z","repository":{"id":45327288,"uuid":"156257346","full_name":"blackdoor/jose","owner":"blackdoor","description":"Extensible JOSE library for Scala","archived":false,"fork":false,"pushed_at":"2024-07-04T13:46:08.000Z","size":1166,"stargazers_count":16,"open_issues_count":17,"forks_count":5,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-05-13T11:43:08.992Z","etag":null,"topics":["jose","jwt","jwt-validation","scala","signing"],"latest_commit_sha":null,"homepage":"https://blackdoor.github.io/jose","language":"Scala","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/blackdoor.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"kag0","patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2018-11-05T17:36:11.000Z","updated_at":"2024-12-09T19:55:02.000Z","dependencies_parsed_at":"2024-08-04T00:17:51.739Z","dependency_job_id":null,"html_url":"https://github.com/blackdoor/jose","commit_stats":null,"previous_names":[],"tags_count":23,"template":false,"template_full_name":null,"purl":"pkg:github/blackdoor/jose","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackdoor%2Fjose","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackdoor%2Fjose/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackdoor%2Fjose/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackdoor%2Fjose/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/blackdoor","download_url":"https://codeload.github.com/blackdoor/jose/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackdoor%2Fjose/sbom","scorecard":{"id":242037,"data":{"date":"2025-08-11","repo":{"name":"github.com/blackdoor/jose","commit":"ed1b0c16764d71f0a92d75024bda7e695ae06151"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.8,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":6,"reason":"Found 18/30 approved changesets -- score normalized to 6","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Info: FSF or OSI recognized license: The Unlicense: LICENSE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 23 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T06:50:03.141Z","repository_id":45327288,"created_at":"2025-08-17T06:50:03.141Z","updated_at":"2025-08-17T06:50:03.141Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28337616,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-12T06:09:07.588Z","status":"ssl_error","status_checked_at":"2026-01-12T06:05:18.301Z","response_time":98,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["jose","jwt","jwt-validation","scala","signing"],"created_at":"2024-08-04T00:01:22.641Z","updated_at":"2026-01-12T09:03:36.877Z","avatar_url":"https://github.com/blackdoor.png","language":"Scala","funding_links":["https://github.com/sponsors/kag0"],"categories":["Table of Contents","库和框架"],"sub_categories":["Cryptography","Scala"],"readme":"\u003cscript type='module' src=\"https://cdn.jsdelivr.net/gh/kag0/sauce@11.1.0/sauce.js\"\u003e\n\u003ch1\u003eIf you're reading this, click \u003ca href=\"https://blackdoor.github.io/jose\"\u003eHERE\u003c/a\u003e\u003c/h1\u003e\n\u003c/script\u003e\n\n# jose\n![Codacy grade](https://img.shields.io/codacy/grade/07cd7f556dca4d64b713c176338784e5?style=flat-square)\n[![Travis (.com)](https://img.shields.io/travis/com/blackdoor/jose.svg?style=flat-square)](https://travis-ci.com/blackdoor/jose) \n[![Scaladoc](https://img.shields.io/badge/scaladoc-latest-blue.svg?style=flat-square)](https://blackdoor.github.io/jose/api/latest/black/door/jose/index.html)\n[![Maven Central](https://img.shields.io/maven-central/v/black.door/jose_2.12.svg?style=flat-square)](https://mvnrepository.com/artifact/black.door/jose)\n[![Gitter](https://img.shields.io/gitter/room/blackdoor/jose?style=flat-square)](https://gitter.im/blackdoor/jose?utm_source=share-link\u0026utm_medium=link\u0026utm_campaign=share-link)\n[![Matrix](https://img.shields.io/badge/chat%20on%20matrix-blackdoor__jose%3Agitter.im-green?style=flat-square)](https://matrix.to/#/#blackdoor_jose:gitter.im?via=gitter.im\u0026via=matrix.org)\n\nExtensible JOSE library for Scala.\n\n## Installation\n\nThe dependency is available on [Maven Central](https://mvnrepository.com/artifact/black.door/jose).\n\n## Usage\n\nPretty simple: make a key, make something to sign, sign it.\n\n\u003csauce-code \n    repo='blackdoor/jose'\n    lang='scala'\n    file='docs/src/black/door/jose/docs/SampleCode.scala'\n    lines='15:36'\n\u003e\u003c/sauce-code\u003e\n\n### Selecting a JSON implementation\n\nCurrently supported JSON libraries:\n\n* [x] [ninny JSON](https://mvnrepository.com/artifact/black.door/jose-json-ninny)\n* [x] [Play JSON](https://mvnrepository.com/artifact/black.door/jose-json-play)\n* [ ] [Json4s](http://json4s.org/)\n* [x] [Circe](https://mvnrepository.com/artifact/black.door/jose-json-circe)\n\nTo add a JSON support, just import or mix in an implementation like `import black.door.jose.json.playjson.JsonSupport._`.\n\nIf your preferred library isn't supported, just implement `Mapper` implicits (or open an issue to request they be added).\n\n### Async key resolution and validation checks\n\nFrequently you will need to dynamically look up a new key from a keyserver based on a JWS header, \nor check a centralized cache to see if a token has been revoked.   \nThis is easy to do asynchronously by implementing `KeyResolver` or `JwtValidator.`  \n`JwtValidator` is a partial function so you can easily chain both sync and async validations.  \n`KeyResolver` allows you to return an error in the event that there was a specific reason a key could not be found \n(perhaps a key does exist, but it's only for encryption and this token is using it for signing).\n\n### JWT validation DSL\n\nThere is a handy compile-safe DSL for JWT validation that allows you to indicate if you want to use unregistered claims, \nand if you want to evaluate synchronously or asynchronously. Its structure looks like this\n\n```\nJwt\n|__ .validate(compactJwt)\n    |__ .using(keyResolver, etc...)\n    |   |__ .now   // validates the JWT synchronously\n    |   |__ .async // returns the validation result in a Future\n    |__ .apply[UnregisteredClaims]\n        |__ .using(keyResolver, etc...)\n            |__ .now   // validates the JWT synchronously\n            |__ .async // returns the validation result in a Future\n```\n\nSo for example you could synchronously validate a JWT with some custom claims with\n\n\u003csauce-code\nrepo='blackdoor/jose'\nlang='scala'\nfile='docs/src/black/door/jose/docs/SampleCode.scala'\nlines='64:77'\n\u003e\u003c/sauce-code\u003e\n\n---\n\n\u003e Not yet implemented:  \n\u003e * JWK serialization partly implemented\n\u003e * JWE\n\u003e * RSA signing (RSA signature verification is supported)\n\u003e * Less common key sizes for ECDSA\n\u003e * Custom JOSE header parameters (custom JWT claims are supported)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblackdoor%2Fjose","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fblackdoor%2Fjose","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblackdoor%2Fjose/lists"}