fastapi-gsap/.venv/lib/python3.12/site-packages/jose/__init__.py at e74433638555357562b3840bf33b47d3d16b763bd6b70c9be5d43fa311c9aeb2 - tking/fastapi-gsap - Forgejo: Beyond coding. We Forge.

tking/fastapi-gsap

SHA256

Tyler J King e744336385 fix: capability enforcement, credential safety, atomic delegations, input validation

C-6: ConnectorRuntime enforces capability_mask per operation.
     READ-only ACs cannot invoke MUTATE operations (wipe, lock, retire).
C-7: AC validated against database (exists, active, not expired)
     before connector invocation.
C-9: Delegated AC capability bounded by delegator's capability.
C-10: Command counter uses atomic SQL increment with limit check.
M-23: expire_stale() uses same atomic SQL pattern.

H-1: Sensitive credential fields hidden from repr/logs via repr=False.
H-2: Stub backend requires ALLOW_STUB_CREDENTIALS=true to activate.
H-3: Kerberos backend raises CredentialResolutionError instead of
     returning stub ticket.
H-4: Chronicle INTENT emitted before execution, RESULT after.
H-5: device_id validated as UUID before Graph API URL interpolation.
H-8: ConnectorRuntime enforces governance for all connector invocations.

Signed-off-by: Tyler King <tking@guildhouse.dev>

2026-04-14 08:13:27 -04:00

10 lines

322 B

Python

Raw Blame History

 __version__ = "3.5.0"
 __author__ = "Michael Davis"
 __license__ = "MIT"
 __copyright__ = "Copyright 2016 Michael Davis"
 from .exceptions import ExpiredSignatureError  # noqa: F401
 from .exceptions import JOSEError  # noqa: F401
 from .exceptions import JWSError  # noqa: F401
 from .exceptions import JWTError  # noqa: F401