Future integration of this library into the WebCrypto spec?

[Delapouite]

Hi @panva

First let met express my gratitude for all tremendous the work you've accomplished along the years around this JOSE lib, related crypto and protocol topics (OAuth, OIDC…) and your involvement in several committees (Node.js TSC…) 🙇

All these contributions put you in a unique position where you have a comprehensive vision of the big picture, both in standards and in userland packages and the authority to make things happen.

For a huge amount of back-end and front-end web apps, crypto primitives such as JWTs, JWKs… have been the incontournable bread-and-butter of various auth strategies. Those objects are now mature and well-known in the community.

So my question is philosophical : their usage are now so ubiquitous that I think they would deserve to be available as core/builtin objects in our various JS runtimes (browsers, Node.js, Deno, Bun, Cloudflare Workers…).

In other words, do you think there's a possibility to port this JOSE lib (probably not verbatim but pretty close) to the WebCrypto spec itself (in subtle?), so the various objects could have the same status than the one already available like CryptoKey?
Being able to write stuffs natively like const jwt = new JWT(…); then do some verifying, decoding etc… without importing a dependency would be amazing!

Thanks in advance for your feedback.

[panva]

@Delapouite thank you for the kind words.

In other words, do you think there's a possibility to port this JOSE lib (probably not verbatim but pretty close) to the WebCrypto spec itself

Wouldn't that be cool.

Reality is however that, no, I don't think there's a possibility. Web Cryptography already gives us as much of the protocol as it possibly can.