docs icon indicating copy to clipboard operation
docs copied to clipboard

Published 20 hours ago verified publisher icon auth0

Python quickstart: change recommended library

Open helfi92 opened this issue 7 years ago • 5 comments
trafficstars

For python's quickstart, the docs say to use python-jose-cryptodome rather than python-jose (https://auth0.com/docs/quickstart/backend/python#install-the-dependencies).

That being said, the recommended library doesn't have much GitHub activity and appears to just be a fork of python-jose that changed the vulnerable pycrypto dependency for pycryptodome, but (a) hasn't kept up with python-jose, (b) is now redundant since python-jose has just switched to pycryptodome too (https://github.com/mpdavis/python-jose/commit/98406bc02bb42e0a7373307cb7aad44293086d1a).

However looking at https://jwt.io/#libraries-io there appears to be yet another JWT option that's much more popular/active than python-jose: https://github.com/jpadilla/pyjwt/

As such, would it be possible to make a change to the recommended library. Which of python-jose and PyJWT would be best for long term reliability?

Thanks!

helfi92 avatar Jan 18 '18 23:01 helfi92

Hi @aaguiarz. Is this something you would be able to advise here? Thanks.

helfi92 avatar Jan 22 '18 18:01 helfi92

Also python-jose-cryptodome is pinned to an older version of pycryptodome (whereas python-jose is not) - see https://github.com/capless/python-jose-cryptodome/issues/2

RacingTadpole avatar Feb 28 '18 23:02 RacingTadpole

Friendly ping? :-)

edmorley avatar Feb 14 '19 17:02 edmorley

lol why did I get the mail?

tm9k1 avatar Feb 14 '19 21:02 tm9k1

@albertoperdomo raising for visibility

cocojoe avatar Nov 19 '19 09:11 cocojoe