include the unttaged non-normative example

paulbastian · paulbastian · commit 579bf5de1aeb · 2025-12-10T16:17:06.000+01:00
diff --git a/draft-ietf-oauth-status-list.md b/draft-ietf-oauth-status-list.md
@@ -463,11 +463,11 @@ The following additional rules apply:
 
 1. The CWT MAY contain other claims.
 
-2. The CWT MUST be secured using a cryptographic signature or MAC algorithm. Relying Parties MUST reject CWTs with an invalid signature.
+1. The CWT MUST be secured using a cryptographic signature or MAC algorithm. Relying Parties MUST reject CWTs with an invalid signature.
 
-3. Relying Parties MUST reject CWTs that are not valid in all other respects per "CBOR Web Token (CWT)" {{RFC8392}}.
+1. Relying Parties MUST reject CWTs that are not valid in all other respects per "CBOR Web Token (CWT)" {{RFC8392}}.
 
-4. Application of additional restrictions and policies are at the discretion of the Relying Party.
+1. Application of additional restrictions and policies are at the discretion of the Relying Party.
 
 The following is a non-normative example of a Status List Token in CWT format in Hex:
 
diff --git a/src/requirements.txt b/src/requirements.txt
@@ -2,6 +2,6 @@
 git+https://github.com/wbond/oscrypto.git@1547f535001ba568b239b8797465536759c742a3
 # Normal dependencies
 jwcrypto==1.5.6
-cbor2==5.6.2
-cwt==2.7.4
+cbor2==5.7.1
+cwt==3.2.0
 py_markdown_table==1.3.0
diff --git a/src/status_token.py b/src/status_token.py
@@ -1,8 +1,8 @@
 import json
-from datetime import datetime, timedelta
+from datetime import UTC, datetime, timedelta
 from typing import Dict
 
-from cbor2 import dumps
+from cbor2 import CBORTag, dumps
 from cwt import COSE, COSEHeaders, COSEKey, CWTClaims
 from jwcrypto import jwk, jwt
 
@@ -77,7 +77,7 @@ def get(self, pos: int) -> int:
 
     def buildJWT(
         self,
-        iat: datetime = datetime.utcnow(),
+        iat: datetime = datetime.now(UTC),
         exp: datetime | None = None,
         ttl: timedelta | None = None,
         optional_claims: Dict | None = None,
@@ -115,7 +115,7 @@ def buildJWT(
 
     def buildCWT(
         self,
-        iat: datetime = datetime.utcnow(),
+        iat: datetime = datetime.now(UTC),
         exp: datetime | None = None,
         ttl: timedelta | None = None,
         optional_claims: Dict | None = None,
@@ -158,10 +158,12 @@ def buildCWT(
         # The sender side:
         sender = COSE.new()
         encoded = sender.encode(
-            dumps(claims),
-            key,
+            payload=dumps(claims),
+            key=key,
             protected=protected_header,
             unprotected=unprotected_header,
         )
 
+        # removes cose_sign1 tag (only 1 byte long for tag 18)
+        encoded = encoded[1:]
         return encoded
