FR: Allow passing 'unsafe_skip_rsa_key_validation' flag when signing tokens

Hello

This is a feature request.

I have an application that uses jwcrypto to create jwt tokens for request processing. This needs to be done frequently and each request carries its own jwt for authentication purposes. Delays in jwt creation affects the request processing throughput. It is not feasible to pre-create tokens as tokens have expiry and they need to be used as soon as possible.

jwcrypto uses python cryptography which in turn uses openssl 3.x. As of openssl 3.x the check on private key takes more time than earlier versions of openssl. Although there have been improvements into it, it is still not on par with older openssl versions. That is why a flag 'unsafe_skip_rsa_key_validation' is provided by python cryptography to skip this check if the private keys are securely generated. In my case, these keys are generated securely using jwcrypto. On jwt generation, the private key is used to sign the token using the JWT.make_signed_token function. This feature request is allow passing the 'unsafe_skip_rsa_key_validation' flag in this function (or any other way that jwcrypto team sees feasible) so that private key checks are skipped.

Please let me know if you need more information regarding this FR. I hope jwcrypto team will give this due consideration.

Thanks

One comment is that you can avoid performance penalties by keeping around the JWK object as it has a cache to hold onto a pyca key exactly to avoid costly re-parsing all the time.

That said, please see if #354 does give you the knob you are looking for.

Hello simo

Thanks very much for your reply. #354 exactly fulfils what I requested. Also, your idea about keeping the JWK object is also good though it will need some design change on my side. Hope that #354 will be available soon in a jwcrypto release.

Thanks

Keeping this open until the PR is actually merged

JFR I am not planning to make a release immediately just for this change.