./textproc/py-JWT, JSON Web Token implementation in Python

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.1.0, Package name: py38-JWT-2.1.0, Maintainer: pkgsrc-users

A Python implementation of JSON Web Token draft 32.


Required to run:
[devel/py-setuptools] [security/py-cryptography] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: cb03f1715029f256fd20b81c5d638bb40798662b
RMD160: 3aaf0f2fe2ed6f6faed1ec9bd3900baff27bb1ae
Filesize: 58.684 KB

Version history: (Expand)


CVS history: (Expand)


   2021-05-24 11:20:11 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-JWT: updated to 2.1.0

v2.1.0

Changed
- Allow claims validation without making JWT signature validation mandatory.

Fixed
- Remove padding from JWK test data.
- Make `kty` mandatory in JWK to be compliant with RFC7517.
- Allow JWK without `alg` to be compliant with RFC7517.
- Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm.

Added
- Add caching by default to PyJWKClient
- Add missing exceptions.InvalidKeyError to jwt module __init__ imports
- Add support for ES256K algorithm
- Add `from_jwk()` to Ed25519Algorithm
- Add `to_jwk()` to Ed25519Algorithm
- Export `PyJWK` and `PyJWKSet`
   2021-03-07 18:14:41 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
py-JWT: updated to 2.0.1

v2.0.1

Changed
- Rename CHANGELOG.md to CHANGELOG.rst and include in docs

Fixed
- Fix `from_jwk()` for all algorithms

v2.0.0

Drop support for Python 2 and Python 3.0-3.5
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Python 3.5 is EOL so we decide to drop its support. Version ``1.7.1`` is
the last one supporting Python 3.0-3.5.

Require cryptography >= 3
^^^^^^^^^^^^^^^^^^^^^^^^^

Drop support for PyCrypto and ECDSA
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

We've kept this around for a long time, mostly for environments that
didn't allow installing cryptography.

Drop CLI
^^^^^^^^

Dropped the included cli entry point.

Improve typings
^^^^^^^^^^^^^^^

We no longer need to use mypy Python 2 compatibility mode (comments)

``jwt.encode(...)`` return type
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Tokens are returned as string instead of a byte string

Dropped deprecated errors
^^^^^^^^^^^^^^^^^^^^^^^^^

Removed ``ExpiredSignature``, ``InvalidAudience``, and
``InvalidIssuer``. Use ``ExpiredSignatureError``,
``InvalidAudienceError``, and ``InvalidIssuerError`` instead.

Dropped deprecated ``verify_expiration`` param in ``jwt.decode(...)``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Use
``jwt.decode(encoded, key, algorithms=["HS256"], \ 
options={"verify_exp": False})``
instead.

Dropped deprecated ``verify`` param in ``jwt.decode(...)``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Use ``jwt.decode(encoded, key, options={"verify_signature": False})``
instead.

Require explicit ``algorithms`` in ``jwt.decode(...)`` by default
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Example: ``jwt.decode(encoded, key, algorithms=["HS256"])``.

Dropped deprecated ``require_*`` options in ``jwt.decode(...)``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

For example, instead of
``jwt.decode(encoded, key, algorithms=["HS256"], \ 
options={"require_exp": True})``,
use
``jwt.decode(encoded, key, algorithms=["HS256"], \ 
options={"require": ["exp"]})``.

Added
~~~~~

Introduce better experience for JWKs
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Introduce ``PyJWK``, ``PyJWKSet``, and ``PyJWKClient``.

.. code:: python

    import jwt
    from jwt import PyJWKClient

    token = \ 
"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik5FRTFRVVJCT1RNNE16STVSa0ZETl \ 
RZeE9UVTFNRGcyT0Rnd1EwVXpNVGsxUWpZeVJrUkZRdyJ9.eyJpc3MiOiJodHRwczovL2Rldi04N2V2e \ 
DlydS5hdXRoMC5jb20vIiwic3ViIjoiYVc0Q2NhNzl4UmVMV1V6MGFFMkg2a0QwTzNjWEJWdENAY2xpZ \ 
W50cyIsImF1ZCI6Imh0dHBzOi8vZXhwZW5zZXMtYXBpIiwiaWF0IjoxNTcyMDA2OTU0LCJleHAiOjE1N \ 
zIwMDY5NjQsImF6cCI6ImFXNENjYTc5eFJlTFdVejBhRTJINmtEME8zY1hCVnRDIiwiZ3R5IjoiY2xpZ \ 
W50LWNyZWRlbnRpYWxzIn0.PUxE7xn52aTCohGiWoSdMBZGiYAHwE5FYie0Y1qUT68IHSTXwXVd6hn02 \ 
HTah6epvHHVKA2FqcFZ4GGv5VTHEvYpeggiiZMgbxFrmTEY0csL6VNkX1eaJGcuehwQCRBKRLL3zKmA5 \ 
IKGy5GeUnIbpPHLHDxr-GXvgFzsdsyWlVQvPX2xjeaQ217r2PtxDeqjlf66UYl6oY6AqNS8DH3iryCvI \ 
fCcybRZkc_hdy-6ZMoKT6Piijvk_aXdm7-QQqKJFHLuEqrVSOuBqqiNfVrG27QzAPuPOxvfXTVLXL2je \ 
k5meH6n-VWgrBdoMFH93QEszEDowDAEhQPHVs0xj7SIzA"
    kid = "NEE1QURBOTM4MzI5RkFDNTYxOTU1MDg2ODgwQ0UzMTk1QjYyRkRFQw"
    url = "https://dev-87evx9ru.auth0.com/.well-known/jwks.json"

    jwks_client = PyJWKClient(url)
    signing_key = jwks_client.get_signing_key_from_jwt(token)

    data = jwt.decode(
        token,
        signing_key.key,
        algorithms=["RS256"],
        audience="https://expenses-api",
        options={"verify_exp": False},
    )
    print(data)

Support for JWKs containing ECDSA keys
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Add support for Ed25519 / EdDSA
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Pull Requests
~~~~~~~~~~~~~
-  Add PyPy3 to the test matrix
-  Require tweak
-  Decode return type is dict[str, Any]
-  Fix linter error in test\_cli
-  Run mypy with tox
-  Document (and prefer) pyjwt[crypto] req format
-  Correct type for json\_encoder argument
-  Prefer https:// links where available
-  Pass python\_requires argument to setuptools
-  Rename [wheel] section to [bdist\_wheel] as the former is legacy
-  Remove setup.py test command in favor of pytest and tox
-  Fix mypy errors
-  DX Tweaks
-  Add support of python 3.8
-  Fix 406
-  Add support for Ed25519 / EdDSA, with unit tests
-  Remove Python 2.7 compatibility
-  Fix simple typo: encododed -> encoded
-  Enhance tracebacks.
-  Simplify ``python_requires``
-  Document top-level .encode and .decode
-  Improve documentation for audience usage
-  Correct README on how to run tests locally
-  Fix ``tox -e lint`` warnings and errors
-  Run pyupgrade across project to use modern Python 3 conventions
-  Add Python-3-only trove classifier and remove "universal" from wheel
-  Emit warnings about user code, not pyjwt code
-  Move setup information to declarative setup.cfg
-  CLI options for verifying audience and issuer
-  Specify the target Python version for mypy
-  Remove unnecessary compatibility shims for Python 2
-  Setup GH Actions
-  Implementation of ECAlgorithm.from\_jwk
-  Remove cli entry point
-  Expose InvalidKeyError on jwt module
-  Avoid loading token twice in pyjwt.decode
-  Default links to stable version of documentation
-  Update README.md badges
-  Introduce better experience for JWKs
-  Fix tox conditional extras
-  Return tokens as string not bytes
-  Drop support for legacy contrib algorithms
-  Drop deprecation warnings
-  Update Auth0 sponsorship link
-  Update return type for jwt.encode
-  Run tests against Python 3.9 and add trove classifier
-  Removed redundant ``default_backend()``
-  Documents how to use private keys with passphrases
-  Update version to 2.0.0a1
-  Fix usage example
-  add EdDSA to docs
-  Remove support for EOL Python 3.5
-  Upgrade to isort 5 and adjust configurations
-  Remove unused argument "verify" from PyJWS.decode()
-  Update typing syntax and usage for Python 3.6+
-  Run pyupgrade to simplify code and use Python 3.6 syntax
-  Drop unknown pytest config option: strict
-  Upgrade black version and usage
-  Remove "Command line" sections from docs
-  Use existing key\_path() utility function throughout tests
-  Replace force\_bytes()/force\_unicode() in tests with literals
-  Remove unnecessary Unicode decoding before json.loads()
-  Remove unnecessary force\_bytes() calls priot to base64url\_decode()
-  Remove deprecated arguments from docs
-  Update code blocks in docs
-  Refactor jwt/jwks\_client.py without requests dependency
-  Tighten bytes/str boundaries and remove unnecessary coercing
-  Replace codecs.open() with builtin open()
-  Replace int\_from\_bytes() with builtin int.from\_bytes()
-  Enforce .encode() return type using mypy
-  Prefer direct indexing over options.get()
-  Cleanup "noqa" comments
-  Replace merge\_dict() with builtin dict unpacking generalizations
-  Do not mutate the input payload in PyJWT.encode()
-  Use direct indexing in PyJWKClient.get\_signing\_key\_from\_jwt()
-  Split PyJWT/PyJWS classes to tighten type interfaces
-  Simplify mocked\_response test utility function
-  Autoupdate pre-commit hooks and apply them
-  Remove unused argument "payload" from PyJWS.\ *verify*\ signature()
-  Add utility functions to assist test skipping
-  Type hint jwt.utils module
-  Prefer ModuleNotFoundError over ImportError
-  Fix tox "manifest" environment to pass
-  Fix tox "docs" environment to pass
-  Simplify black configuration to be closer to upstream defaults
-  Use generator expressions
-  Simplify from\_base64url\_uint()
-  Drop lint environment from GitHub actions in favor of pre-commit.ci
-  [pre-commit.ci] pre-commit autoupdate
-  Simplify tox configuration
-  Combine identical test functions using pytest.mark.parametrize()
-  Complete type hinting of jwks\_client.py
   2020-05-17 23:38:47 by Adam Ciarcinski | Files touched by this commit (14)
Log message:
pytest from versioned depends
   2018-12-10 10:02:58 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-JWT: updated to 1.7.1

v1.7.1
Fixed
- Update test dependencies with pinned ranges
- Fix pytest deprecation warnings
   2018-12-02 17:21:40 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-JWT: updated to 1.7.0

v1.7.0
Changed
* Remove CRLF line endings

Fixed
* Update usage.rst

Added
* Support for Python 3.7
   2018-05-24 08:33:41 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-JWT: updated to 1.6.4

v1.6.4:
Reverse an unintentional breaking API change to .decode()
   2018-05-23 11:35:27 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-JWT: updated to 1.6.3

v1.6.3
Changed
- All exceptions inherit from PyJWTError

Added
- Add type hints

Docs
- Added section to usage docs for jwt.get_unverified_header()
- Update legacy instructions for using pycrypto
   2018-03-19 10:03:25 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-JWT: updated to 1.6.1

1.6.1:
Audience parameter throws InvalidAudienceError when application does not specify \ 
an audience, but the token does.