Path to this page:
Subject: CVS commit: pkgsrc/textproc/py-JWT
From: Adam Ciarcinski
Date: 2021-03-07 18:14:41
Message id: 20210307171441.F1284FA95@cvs.NetBSD.org
Log Message:
py-JWT: updated to 2.0.1
v2.0.1
Changed
- Rename CHANGELOG.md to CHANGELOG.rst and include in docs
Fixed
- Fix `from_jwk()` for all algorithms
v2.0.0
Drop support for Python 2 and Python 3.0-3.5
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Python 3.5 is EOL so we decide to drop its support. Version ``1.7.1`` is
the last one supporting Python 3.0-3.5.
Require cryptography >= 3
^^^^^^^^^^^^^^^^^^^^^^^^^
Drop support for PyCrypto and ECDSA
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
We've kept this around for a long time, mostly for environments that
didn't allow installing cryptography.
Drop CLI
^^^^^^^^
Dropped the included cli entry point.
Improve typings
^^^^^^^^^^^^^^^
We no longer need to use mypy Python 2 compatibility mode (comments)
``jwt.encode(...)`` return type
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Tokens are returned as string instead of a byte string
Dropped deprecated errors
^^^^^^^^^^^^^^^^^^^^^^^^^
Removed ``ExpiredSignature``, ``InvalidAudience``, and
``InvalidIssuer``. Use ``ExpiredSignatureError``,
``InvalidAudienceError``, and ``InvalidIssuerError`` instead.
Dropped deprecated ``verify_expiration`` param in ``jwt.decode(...)``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Use
``jwt.decode(encoded, key, algorithms=["HS256"], \
options={"verify_exp": False})``
instead.
Dropped deprecated ``verify`` param in ``jwt.decode(...)``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Use ``jwt.decode(encoded, key, options={"verify_signature": False})``
instead.
Require explicit ``algorithms`` in ``jwt.decode(...)`` by default
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Example: ``jwt.decode(encoded, key, algorithms=["HS256"])``.
Dropped deprecated ``require_*`` options in ``jwt.decode(...)``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
For example, instead of
``jwt.decode(encoded, key, algorithms=["HS256"], \
options={"require_exp": True})``,
use
``jwt.decode(encoded, key, algorithms=["HS256"], \
options={"require": ["exp"]})``.
Added
~~~~~
Introduce better experience for JWKs
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Introduce ``PyJWK``, ``PyJWKSet``, and ``PyJWKClient``.
.. code:: python
import jwt
from jwt import PyJWKClient
token = \
"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik5FRTFRVVJCT1RNNE16STVSa0ZETl \
RZeE9UVTFNRGcyT0Rnd1EwVXpNVGsxUWpZeVJrUkZRdyJ9.eyJpc3MiOiJodHRwczovL2Rldi04N2V2e \
DlydS5hdXRoMC5jb20vIiwic3ViIjoiYVc0Q2NhNzl4UmVMV1V6MGFFMkg2a0QwTzNjWEJWdENAY2xpZ \
W50cyIsImF1ZCI6Imh0dHBzOi8vZXhwZW5zZXMtYXBpIiwiaWF0IjoxNTcyMDA2OTU0LCJleHAiOjE1N \
zIwMDY5NjQsImF6cCI6ImFXNENjYTc5eFJlTFdVejBhRTJINmtEME8zY1hCVnRDIiwiZ3R5IjoiY2xpZ \
W50LWNyZWRlbnRpYWxzIn0.PUxE7xn52aTCohGiWoSdMBZGiYAHwE5FYie0Y1qUT68IHSTXwXVd6hn02 \
HTah6epvHHVKA2FqcFZ4GGv5VTHEvYpeggiiZMgbxFrmTEY0csL6VNkX1eaJGcuehwQCRBKRLL3zKmA5 \
IKGy5GeUnIbpPHLHDxr-GXvgFzsdsyWlVQvPX2xjeaQ217r2PtxDeqjlf66UYl6oY6AqNS8DH3iryCvI \
fCcybRZkc_hdy-6ZMoKT6Piijvk_aXdm7-QQqKJFHLuEqrVSOuBqqiNfVrG27QzAPuPOxvfXTVLXL2je \
k5meH6n-VWgrBdoMFH93QEszEDowDAEhQPHVs0xj7SIzA"
kid = "NEE1QURBOTM4MzI5RkFDNTYxOTU1MDg2ODgwQ0UzMTk1QjYyRkRFQw"
url = "https://dev-87evx9ru.auth0.com/.well-known/jwks.json"
jwks_client = PyJWKClient(url)
signing_key = jwks_client.get_signing_key_from_jwt(token)
data = jwt.decode(
token,
signing_key.key,
algorithms=["RS256"],
audience="https://expenses-api",
options={"verify_exp": False},
)
print(data)
Support for JWKs containing ECDSA keys
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Add support for Ed25519 / EdDSA
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Pull Requests
~~~~~~~~~~~~~
- Add PyPy3 to the test matrix
- Require tweak
- Decode return type is dict[str, Any]
- Fix linter error in test\_cli
- Run mypy with tox
- Document (and prefer) pyjwt[crypto] req format
- Correct type for json\_encoder argument
- Prefer https:// links where available
- Pass python\_requires argument to setuptools
- Rename [wheel] section to [bdist\_wheel] as the former is legacy
- Remove setup.py test command in favor of pytest and tox
- Fix mypy errors
- DX Tweaks
- Add support of python 3.8
- Fix 406
- Add support for Ed25519 / EdDSA, with unit tests
- Remove Python 2.7 compatibility
- Fix simple typo: encododed -> encoded
- Enhance tracebacks.
- Simplify ``python_requires``
- Document top-level .encode and .decode
- Improve documentation for audience usage
- Correct README on how to run tests locally
- Fix ``tox -e lint`` warnings and errors
- Run pyupgrade across project to use modern Python 3 conventions
- Add Python-3-only trove classifier and remove "universal" from wheel
- Emit warnings about user code, not pyjwt code
- Move setup information to declarative setup.cfg
- CLI options for verifying audience and issuer
- Specify the target Python version for mypy
- Remove unnecessary compatibility shims for Python 2
- Setup GH Actions
- Implementation of ECAlgorithm.from\_jwk
- Remove cli entry point
- Expose InvalidKeyError on jwt module
- Avoid loading token twice in pyjwt.decode
- Default links to stable version of documentation
- Update README.md badges
- Introduce better experience for JWKs
- Fix tox conditional extras
- Return tokens as string not bytes
- Drop support for legacy contrib algorithms
- Drop deprecation warnings
- Update Auth0 sponsorship link
- Update return type for jwt.encode
- Run tests against Python 3.9 and add trove classifier
- Removed redundant ``default_backend()``
- Documents how to use private keys with passphrases
- Update version to 2.0.0a1
- Fix usage example
- add EdDSA to docs
- Remove support for EOL Python 3.5
- Upgrade to isort 5 and adjust configurations
- Remove unused argument "verify" from PyJWS.decode()
- Update typing syntax and usage for Python 3.6+
- Run pyupgrade to simplify code and use Python 3.6 syntax
- Drop unknown pytest config option: strict
- Upgrade black version and usage
- Remove "Command line" sections from docs
- Use existing key\_path() utility function throughout tests
- Replace force\_bytes()/force\_unicode() in tests with literals
- Remove unnecessary Unicode decoding before json.loads()
- Remove unnecessary force\_bytes() calls priot to base64url\_decode()
- Remove deprecated arguments from docs
- Update code blocks in docs
- Refactor jwt/jwks\_client.py without requests dependency
- Tighten bytes/str boundaries and remove unnecessary coercing
- Replace codecs.open() with builtin open()
- Replace int\_from\_bytes() with builtin int.from\_bytes()
- Enforce .encode() return type using mypy
- Prefer direct indexing over options.get()
- Cleanup "noqa" comments
- Replace merge\_dict() with builtin dict unpacking generalizations
- Do not mutate the input payload in PyJWT.encode()
- Use direct indexing in PyJWKClient.get\_signing\_key\_from\_jwt()
- Split PyJWT/PyJWS classes to tighten type interfaces
- Simplify mocked\_response test utility function
- Autoupdate pre-commit hooks and apply them
- Remove unused argument "payload" from PyJWS.\ *verify*\ signature()
- Add utility functions to assist test skipping
- Type hint jwt.utils module
- Prefer ModuleNotFoundError over ImportError
- Fix tox "manifest" environment to pass
- Fix tox "docs" environment to pass
- Simplify black configuration to be closer to upstream defaults
- Use generator expressions
- Simplify from\_base64url\_uint()
- Drop lint environment from GitHub actions in favor of pre-commit.ci
- [pre-commit.ci] pre-commit autoupdate
- Simplify tox configuration
- Combine identical test functions using pytest.mark.parametrize()
- Complete type hinting of jwks\_client.py
Files: