./textproc/py-JWT, JSON Web Token implementation in Python

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.4.0, Package name: py39-JWT-2.4.0, Maintainer: pkgsrc-users

A Python implementation of JSON Web Token draft 32.

Required to run:
[devel/py-setuptools] [security/py-cryptography] [lang/python37]

Required to build:

Master sites:

Filesize: 64.772 KB

Version history: (Expand)

CVS history: (Expand)

   2022-05-25 14:20:55 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-JWT: updated to 2.4.0


- [CVE-2022-29217] Prevent key confusion through non-blocklisted public key \ 
formats. \ 

- Explicit check the key for ECAlgorithm by @estin in \ 
- Raise DeprecationWarning for jwt.decode(verify=...) by @akx in \ 

- Don't use implicit optionals by @rekyungmin in \ 
- documentation fix: show correct scope for decode_complete() by @sseering in \ 
- fix: Update copyright information by @kkirsche in \ 
- Don't mutate options dictionary in .decode_complete() by @akx in \ 

- Add support for Python 3.10 by @hugovk in \ 
- api_jwk: Add PyJWKSet.__getitem__ by @woodruffw in \ 
- Update usage.rst by @guneybilen in https://github.com/jpadilla/pyjwt/pull/727
- Docs: mention performance reasons for reusing RSAPrivateKey when encoding by \ 
@dmahr1 in https://github.com/jpadilla/pyjwt/pull/734
- Fixed typo in usage.rst by @israelabraham in \ 
- Add detached payload support for JWS encoding and decoding by @fviard in \ 
- Replace various string interpolations with f-strings by @akx in \ 
- Update CHANGELOG.rst
   2022-01-04 21:55:40 by Thomas Klausner | Files touched by this commit (1595)
Log message:
*: bump PKGREVISION for egg.mk users

They now have a tool dependency on py-setuptools instead of a DEPENDS
   2021-10-26 13:23:42 by Nia Alarie | Files touched by this commit (1161)
Log message:
textproc: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./textproc/convertlit/distinfo clit18src.zip
   2021-10-21 13:38:14 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-JWT: updated to 2.3.0


- Revert "Remove arbitrary kwargs."

- Add exception chaining
   2021-10-11 11:02:25 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-JWT: updated to 2.2.0


- Remove arbitrary kwargs.
- Use timezone package as Python 3.5+ is required.

- Assume JWK without the "use" claim is valid for signing as per RFC7517
- Prefer `headers["alg"]` to `algorithm` in `jwt.encode()`.
- Fix aud validation to support {'aud': null} case.
- Make `typ` optional in JWT to be compliant with RFC7519.
- Remove upper bound on cryptography version.

- Add support for Ed448/EdDSA.
   2021-10-07 17:02:49 by Nia Alarie | Files touched by this commit (1162)
Log message:
textproc: Remove SHA1 hashes for distfiles
   2021-05-24 11:20:11 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-JWT: updated to 2.1.0


- Allow claims validation without making JWT signature validation mandatory.

- Remove padding from JWK test data.
- Make `kty` mandatory in JWK to be compliant with RFC7517.
- Allow JWK without `alg` to be compliant with RFC7517.
- Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm.

- Add caching by default to PyJWKClient
- Add missing exceptions.InvalidKeyError to jwt module __init__ imports
- Add support for ES256K algorithm
- Add `from_jwk()` to Ed25519Algorithm
- Add `to_jwk()` to Ed25519Algorithm
- Export `PyJWK` and `PyJWKSet`
   2021-03-07 18:14:41 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
py-JWT: updated to 2.0.1


- Rename CHANGELOG.md to CHANGELOG.rst and include in docs

- Fix `from_jwk()` for all algorithms


Drop support for Python 2 and Python 3.0-3.5

Python 3.5 is EOL so we decide to drop its support. Version ``1.7.1`` is
the last one supporting Python 3.0-3.5.

Require cryptography >= 3

Drop support for PyCrypto and ECDSA

We've kept this around for a long time, mostly for environments that
didn't allow installing cryptography.

Drop CLI

Dropped the included cli entry point.

Improve typings

We no longer need to use mypy Python 2 compatibility mode (comments)

``jwt.encode(...)`` return type

Tokens are returned as string instead of a byte string

Dropped deprecated errors

Removed ``ExpiredSignature``, ``InvalidAudience``, and
``InvalidIssuer``. Use ``ExpiredSignatureError``,
``InvalidAudienceError``, and ``InvalidIssuerError`` instead.

Dropped deprecated ``verify_expiration`` param in ``jwt.decode(...)``

``jwt.decode(encoded, key, algorithms=["HS256"], \ 
options={"verify_exp": False})``

Dropped deprecated ``verify`` param in ``jwt.decode(...)``

Use ``jwt.decode(encoded, key, options={"verify_signature": False})``

Require explicit ``algorithms`` in ``jwt.decode(...)`` by default

Example: ``jwt.decode(encoded, key, algorithms=["HS256"])``.

Dropped deprecated ``require_*`` options in ``jwt.decode(...)``

For example, instead of
``jwt.decode(encoded, key, algorithms=["HS256"], \ 
options={"require_exp": True})``,
``jwt.decode(encoded, key, algorithms=["HS256"], \ 
options={"require": ["exp"]})``.


Introduce better experience for JWKs

Introduce ``PyJWK``, ``PyJWKSet``, and ``PyJWKClient``.

.. code:: python

    import jwt
    from jwt import PyJWKClient

    token = \ 
RZeE9UVTFNRGcyT0Rnd1EwVXpNVGsxUWpZeVJrUkZRdyJ9.eyJpc3MiOiJodHRwczovL2Rldi04N2V2e \ 
DlydS5hdXRoMC5jb20vIiwic3ViIjoiYVc0Q2NhNzl4UmVMV1V6MGFFMkg2a0QwTzNjWEJWdENAY2xpZ \ 
W50cyIsImF1ZCI6Imh0dHBzOi8vZXhwZW5zZXMtYXBpIiwiaWF0IjoxNTcyMDA2OTU0LCJleHAiOjE1N \ 
W50LWNyZWRlbnRpYWxzIn0.PUxE7xn52aTCohGiWoSdMBZGiYAHwE5FYie0Y1qUT68IHSTXwXVd6hn02 \ 
HTah6epvHHVKA2FqcFZ4GGv5VTHEvYpeggiiZMgbxFrmTEY0csL6VNkX1eaJGcuehwQCRBKRLL3zKmA5 \ 
IKGy5GeUnIbpPHLHDxr-GXvgFzsdsyWlVQvPX2xjeaQ217r2PtxDeqjlf66UYl6oY6AqNS8DH3iryCvI \ 
fCcybRZkc_hdy-6ZMoKT6Piijvk_aXdm7-QQqKJFHLuEqrVSOuBqqiNfVrG27QzAPuPOxvfXTVLXL2je \ 
    url = "https://dev-87evx9ru.auth0.com/.well-known/jwks.json"

    jwks_client = PyJWKClient(url)
    signing_key = jwks_client.get_signing_key_from_jwt(token)

    data = jwt.decode(
        options={"verify_exp": False},

Support for JWKs containing ECDSA keys

Add support for Ed25519 / EdDSA

Pull Requests
-  Add PyPy3 to the test matrix
-  Require tweak
-  Decode return type is dict[str, Any]
-  Fix linter error in test\_cli
-  Run mypy with tox
-  Document (and prefer) pyjwt[crypto] req format
-  Correct type for json\_encoder argument
-  Prefer https:// links where available
-  Pass python\_requires argument to setuptools
-  Rename [wheel] section to [bdist\_wheel] as the former is legacy
-  Remove setup.py test command in favor of pytest and tox
-  Fix mypy errors
-  DX Tweaks
-  Add support of python 3.8
-  Fix 406
-  Add support for Ed25519 / EdDSA, with unit tests
-  Remove Python 2.7 compatibility
-  Fix simple typo: encododed -> encoded
-  Enhance tracebacks.
-  Simplify ``python_requires``
-  Document top-level .encode and .decode
-  Improve documentation for audience usage
-  Correct README on how to run tests locally
-  Fix ``tox -e lint`` warnings and errors
-  Run pyupgrade across project to use modern Python 3 conventions
-  Add Python-3-only trove classifier and remove "universal" from wheel
-  Emit warnings about user code, not pyjwt code
-  Move setup information to declarative setup.cfg
-  CLI options for verifying audience and issuer
-  Specify the target Python version for mypy
-  Remove unnecessary compatibility shims for Python 2
-  Setup GH Actions
-  Implementation of ECAlgorithm.from\_jwk
-  Remove cli entry point
-  Expose InvalidKeyError on jwt module
-  Avoid loading token twice in pyjwt.decode
-  Default links to stable version of documentation
-  Update README.md badges
-  Introduce better experience for JWKs
-  Fix tox conditional extras
-  Return tokens as string not bytes
-  Drop support for legacy contrib algorithms
-  Drop deprecation warnings
-  Update Auth0 sponsorship link
-  Update return type for jwt.encode
-  Run tests against Python 3.9 and add trove classifier
-  Removed redundant ``default_backend()``
-  Documents how to use private keys with passphrases
-  Update version to 2.0.0a1
-  Fix usage example
-  add EdDSA to docs
-  Remove support for EOL Python 3.5
-  Upgrade to isort 5 and adjust configurations
-  Remove unused argument "verify" from PyJWS.decode()
-  Update typing syntax and usage for Python 3.6+
-  Run pyupgrade to simplify code and use Python 3.6 syntax
-  Drop unknown pytest config option: strict
-  Upgrade black version and usage
-  Remove "Command line" sections from docs
-  Use existing key\_path() utility function throughout tests
-  Replace force\_bytes()/force\_unicode() in tests with literals
-  Remove unnecessary Unicode decoding before json.loads()
-  Remove unnecessary force\_bytes() calls priot to base64url\_decode()
-  Remove deprecated arguments from docs
-  Update code blocks in docs
-  Refactor jwt/jwks\_client.py without requests dependency
-  Tighten bytes/str boundaries and remove unnecessary coercing
-  Replace codecs.open() with builtin open()
-  Replace int\_from\_bytes() with builtin int.from\_bytes()
-  Enforce .encode() return type using mypy
-  Prefer direct indexing over options.get()
-  Cleanup "noqa" comments
-  Replace merge\_dict() with builtin dict unpacking generalizations
-  Do not mutate the input payload in PyJWT.encode()
-  Use direct indexing in PyJWKClient.get\_signing\_key\_from\_jwt()
-  Split PyJWT/PyJWS classes to tighten type interfaces
-  Simplify mocked\_response test utility function
-  Autoupdate pre-commit hooks and apply them
-  Remove unused argument "payload" from PyJWS.\ *verify*\ signature()
-  Add utility functions to assist test skipping
-  Type hint jwt.utils module
-  Prefer ModuleNotFoundError over ImportError
-  Fix tox "manifest" environment to pass
-  Fix tox "docs" environment to pass
-  Simplify black configuration to be closer to upstream defaults
-  Use generator expressions
-  Simplify from\_base64url\_uint()
-  Drop lint environment from GitHub actions in favor of pre-commit.ci
-  [pre-commit.ci] pre-commit autoupdate
-  Simplify tox configuration
-  Combine identical test functions using pytest.mark.parametrize()
-  Complete type hinting of jwks\_client.py