betterself
betterself copied to clipboard
Published
20 hours ago •
jeffshek
jeffshek
Update pyjwt to 2.6.0
This PR updates PyJWT from 1.5.3 to 2.6.0.
Changelog
2.6.0
-----------------------------------------------------------------------
Changed
~~~~~~~
- bump up cryptography >= 3.4.0 by jpadilla in `807 <https://github.com/jpadilla/pyjwt/pull/807>`_
- Remove `types-cryptography` from `crypto` extra by lautat in `805 <https://github.com/jpadilla/pyjwt/pull/805>`_
Fixed
~~~~~
- Invalidate token on the exact second the token expires `797 <https://github.com/jpadilla/pyjwt/pull/797>`_
- fix: version 2.5.0 heading typo by c0state in `803 <https://github.com/jpadilla/pyjwt/pull/803>`_
Added
~~~~~
- Adding validation for `issued_at` when `iat > (now + leeway)` as `ImmatureSignatureError` by sriharan16 in https://github.com/jpadilla/pyjwt/pull/794
2.5.0
-----------------------------------------------------------------------
Changed
~~~~~~~
- Skip keys with incompatible alg when loading JWKSet by DaGuich in `762 <https://github.com/jpadilla/pyjwt/pull/762>`__
- Remove support for python3.6 by sirosen in `777 <https://github.com/jpadilla/pyjwt/pull/777>`__
- Emit a deprecation warning for unsupported kwargs by sirosen in `776 <https://github.com/jpadilla/pyjwt/pull/776>`__
- Remove redundant wheel dep from pyproject.toml by mgorny in `765 <https://github.com/jpadilla/pyjwt/pull/765>`__
- Do not fail when an unusable key occurs by DaGuich in `762 <https://github.com/jpadilla/pyjwt/pull/762>`__
- Update audience typing by JulianMaurin in `782 <https://github.com/jpadilla/pyjwt/pull/782>`__
- Improve PyJWKSet error accuracy by JulianMaurin in `786 <https://github.com/jpadilla/pyjwt/pull/786>`__
- Mypy as pre-commit check + api_jws typing by JulianMaurin in `787 <https://github.com/jpadilla/pyjwt/pull/787>`__
Fixed
~~~~~
- Adjust expected exceptions in option merging tests for PyPy3 by mgorny in `763 <https://github.com/jpadilla/pyjwt/pull/763>`__
- Fixes for pyright on strict mode by brandon-leapyear in `747 <https://github.com/jpadilla/pyjwt/pull/747>`__
- docs: fix simple typo, iinstance -> isinstance by timgates42 in `774 <https://github.com/jpadilla/pyjwt/pull/774>`__
- Fix typo: priot -> prior by jdufresne in `780 <https://github.com/jpadilla/pyjwt/pull/780>`__
- Fix for headers disorder issue by kadabusha in `721 <https://github.com/jpadilla/pyjwt/pull/721>`__
Added
~~~~~
- Add to_jwk static method to ECAlgorithm by leonsmith in `732 <https://github.com/jpadilla/pyjwt/pull/732>`__
- Expose get_algorithm_by_name as new method by sirosen in `773 <https://github.com/jpadilla/pyjwt/pull/773>`__
- Add type hints to jwt/help.py and add missing types dependency by kkirsche in `784 <https://github.com/jpadilla/pyjwt/pull/784>`__
- Add cacheing functionality for JWK set by wuhaoyujerry in `781 <https://github.com/jpadilla/pyjwt/pull/781>`__
2.4.0
-----------------------------------------------------------------------
Security
~~~~~~~~
- [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
Changed
~~~~~~~
- Explicit check the key for ECAlgorithm by estin in https://github.com/jpadilla/pyjwt/pull/713
- Raise DeprecationWarning for jwt.decode(verify=...) by akx in https://github.com/jpadilla/pyjwt/pull/742
Fixed
~~~~~
- Don't use implicit optionals by rekyungmin in https://github.com/jpadilla/pyjwt/pull/705
- documentation fix: show correct scope for decode_complete() by sseering in https://github.com/jpadilla/pyjwt/pull/661
- fix: Update copyright information by kkirsche in https://github.com/jpadilla/pyjwt/pull/729
- Don't mutate options dictionary in .decode_complete() by akx in https://github.com/jpadilla/pyjwt/pull/743
Added
~~~~~
- Add support for Python 3.10 by hugovk in https://github.com/jpadilla/pyjwt/pull/699
- api_jwk: Add PyJWKSet.__getitem__ by woodruffw in https://github.com/jpadilla/pyjwt/pull/725
- Update usage.rst by guneybilen in https://github.com/jpadilla/pyjwt/pull/727
- Docs: mention performance reasons for reusing RSAPrivateKey when encoding by dmahr1 in https://github.com/jpadilla/pyjwt/pull/734
- Fixed typo in usage.rst by israelabraham in https://github.com/jpadilla/pyjwt/pull/738
- Add detached payload support for JWS encoding and decoding by fviard in https://github.com/jpadilla/pyjwt/pull/723
- Replace various string interpolations with f-strings by akx in https://github.com/jpadilla/pyjwt/pull/744
- Update CHANGELOG.rst by hipertracker in https://github.com/jpadilla/pyjwt/pull/751
2.3.0
-----------------------------------------------------------------------
Fixed
~~~~~
- Revert "Remove arbitrary kwargs." `701 <https://github.com/jpadilla/pyjwt/pull/701>`__
Added
~~~~~
- Add exception chaining `702 <https://github.com/jpadilla/pyjwt/pull/702>`__
2.2.0
-----------------------------------------------------------------------
Changed
~~~~~~~
- Remove arbitrary kwargs. `657 <https://github.com/jpadilla/pyjwt/pull/657>`__
- Use timezone package as Python 3.5+ is required. `694 <https://github.com/jpadilla/pyjwt/pull/694>`__
Fixed
~~~~~
- Assume JWK without the "use" claim is valid for signing as per RFC7517 `668 <https://github.com/jpadilla/pyjwt/pull/668>`__
- Prefer `headers["alg"]` to `algorithm` in `jwt.encode()`. `673 <https://github.com/jpadilla/pyjwt/pull/673>`__
- Fix aud validation to support {'aud': null} case. `670 <https://github.com/jpadilla/pyjwt/pull/670>`__
- Make `typ` optional in JWT to be compliant with RFC7519. `644 <https://github.com/jpadilla/pyjwt/pull/644>`__
- Remove upper bound on cryptography version. `693 <https://github.com/jpadilla/pyjwt/pull/693>`__
Added
~~~~~
- Add support for Ed448/EdDSA. `675 <https://github.com/jpadilla/pyjwt/pull/675>`__
2.1.0
--------------------------------------------------------------------
Changed
~~~~~~~
- Allow claims validation without making JWT signature validation mandatory. `608 <https://github.com/jpadilla/pyjwt/pull/608>`__
Fixed
~~~~~
- Remove padding from JWK test data. `628 <https://github.com/jpadilla/pyjwt/pull/628>`__
- Make `kty` mandatory in JWK to be compliant with RFC7517. `624 <https://github.com/jpadilla/pyjwt/pull/624>`__
- Allow JWK without `alg` to be compliant with RFC7517. `624 <https://github.com/jpadilla/pyjwt/pull/624>`__
- Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm. `645 <https://github.com/jpadilla/pyjwt/pull/645>`__
Added
~~~~~
- Add caching by default to PyJWKClient `611 <https://github.com/jpadilla/pyjwt/pull/611>`__
- Add missing exceptions.InvalidKeyError to jwt module __init__ imports `620 <https://github.com/jpadilla/pyjwt/pull/620>`__
- Add support for ES256K algorithm `629 <https://github.com/jpadilla/pyjwt/pull/629>`__
- Add `from_jwk()` to Ed25519Algorithm `621 <https://github.com/jpadilla/pyjwt/pull/621>`__
- Add `to_jwk()` to Ed25519Algorithm `643 <https://github.com/jpadilla/pyjwt/pull/643>`__
- Export `PyJWK` and `PyJWKSet` `652 <https://github.com/jpadilla/pyjwt/pull/652>`__
2.0.1
--------------------------------------------------------------------
Changed
~~~~~~~
- Rename CHANGELOG.md to CHANGELOG.rst and include in docs `597 <https://github.com/jpadilla/pyjwt/pull/597>`__
Fixed
~~~~~
- Fix `from_jwk()` for all algorithms `598 <https://github.com/jpadilla/pyjwt/pull/598>`__
Added
~~~~~
2.0.0
--------------------------------------------------------------------
Changed
~~~~~~~
Drop support for Python 2 and Python 3.0-3.5
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Python 3.5 is EOL so we decide to drop its support. Version ``1.7.1`` is
the last one supporting Python 3.0-3.5.
Require cryptography >= 3
^^^^^^^^^^^^^^^^^^^^^^^^^
Drop support for PyCrypto and ECDSA
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
We've kept this around for a long time, mostly for environments that
didn't allow installing cryptography.
Drop CLI
^^^^^^^^
Dropped the included cli entry point.
Improve typings
^^^^^^^^^^^^^^^
We no longer need to use mypy Python 2 compatibility mode (comments)
``jwt.encode(...)`` return type
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Tokens are returned as string instead of a byte string
Dropped deprecated errors
^^^^^^^^^^^^^^^^^^^^^^^^^
Removed ``ExpiredSignature``, ``InvalidAudience``, and
``InvalidIssuer``. Use ``ExpiredSignatureError``,
``InvalidAudienceError``, and ``InvalidIssuerError`` instead.
Dropped deprecated ``verify_expiration`` param in ``jwt.decode(...)``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Use
``jwt.decode(encoded, key, algorithms=["HS256"], options={"verify_exp": False})``
instead.
Dropped deprecated ``verify`` param in ``jwt.decode(...)``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Use ``jwt.decode(encoded, key, options={"verify_signature": False})``
instead.
Require explicit ``algorithms`` in ``jwt.decode(...)`` by default
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Example: ``jwt.decode(encoded, key, algorithms=["HS256"])``.
Dropped deprecated ``require_*`` options in ``jwt.decode(...)``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
For example, instead of
``jwt.decode(encoded, key, algorithms=["HS256"], options={"require_exp": True})``,
use
``jwt.decode(encoded, key, algorithms=["HS256"], options={"require": ["exp"]})``.
And the old v1.x syntax
``jwt.decode(token, verify=False)``
is now:
``jwt.decode(jwt=token, key='secret', algorithms=['HS256'], options={"verify_signature": False, "verify_exp": True})``
Added
~~~~~
Introduce better experience for JWKs
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Introduce ``PyJWK``, ``PyJWKSet``, and ``PyJWKClient``.
.. code:: python
import jwt
from jwt import PyJWKClient
token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik5FRTFRVVJCT1RNNE16STVSa0ZETlRZeE9UVTFNRGcyT0Rnd1EwVXpNVGsxUWpZeVJrUkZRdyJ9.eyJpc3MiOiJodHRwczovL2Rldi04N2V2eDlydS5hdXRoMC5jb20vIiwic3ViIjoiYVc0Q2NhNzl4UmVMV1V6MGFFMkg2a0QwTzNjWEJWdENAY2xpZW50cyIsImF1ZCI6Imh0dHBzOi8vZXhwZW5zZXMtYXBpIiwiaWF0IjoxNTcyMDA2OTU0LCJleHAiOjE1NzIwMDY5NjQsImF6cCI6ImFXNENjYTc5eFJlTFdVejBhRTJINmtEME8zY1hCVnRDIiwiZ3R5IjoiY2xpZW50LWNyZWRlbnRpYWxzIn0.PUxE7xn52aTCohGiWoSdMBZGiYAHwE5FYie0Y1qUT68IHSTXwXVd6hn02HTah6epvHHVKA2FqcFZ4GGv5VTHEvYpeggiiZMgbxFrmTEY0csL6VNkX1eaJGcuehwQCRBKRLL3zKmA5IKGy5GeUnIbpPHLHDxr-GXvgFzsdsyWlVQvPX2xjeaQ217r2PtxDeqjlf66UYl6oY6AqNS8DH3iryCvIfCcybRZkc_hdy-6ZMoKT6Piijvk_aXdm7-QQqKJFHLuEqrVSOuBqqiNfVrG27QzAPuPOxvfXTVLXL2jek5meH6n-VWgrBdoMFH93QEszEDowDAEhQPHVs0xj7SIzA"
kid = "NEE1QURBOTM4MzI5RkFDNTYxOTU1MDg2ODgwQ0UzMTk1QjYyRkRFQw"
url = "https://dev-87evx9ru.auth0.com/.well-known/jwks.json"
jwks_client = PyJWKClient(url)
signing_key = jwks_client.get_signing_key_from_jwt(token)
data = jwt.decode(
token,
signing_key.key,
algorithms=["RS256"],
audience="https://expenses-api",
options={"verify_exp": False},
)
print(data)
Support for JWKs containing ECDSA keys
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Add support for Ed25519 / EdDSA
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Pull Requests
~~~~~~~~~~~~~
- Add PyPy3 to the test matrix (550) by jdufresne
- Require tweak (280) by psafont
- Decode return type is dict[str, Any] (393) by jacopofar
- Fix linter error in test\_cli (414) by jaraco
- Run mypy with tox (421) by jpadilla
- Document (and prefer) pyjwt[crypto] req format (426) by gthb
- Correct type for json\_encoder argument (438) by jdufresne
- Prefer https:// links where available (#439) by jdufresne
- Pass python\_requires argument to setuptools (440) by jdufresne
- Rename [wheel] section to [bdist\_wheel] as the former is legacy
(441) by jdufresne
- Remove setup.py test command in favor of pytest and tox (442) by
jdufresne
- Fix mypy errors (449) by jpadilla
- DX Tweaks (450) by jpadilla
- Add support of python 3.8 (452) by Djailla
- Fix 406 (454) by justinbaur
- Add support for Ed25519 / EdDSA, with unit tests (455) by
Someguy123
- Remove Python 2.7 compatibility (457) by Djailla
- Fix simple typo: encododed -> encoded (462) by timgates42
- Enhance tracebacks. (477) by JulienPalard
- Simplify ``python_requires`` (478) by michael-k
- Document top-level .encode and .decode to close 459 (482) by
dimaqq
- Improve documentation for audience usage (484) by CorreyL
- Correct README on how to run tests locally (489) by jdufresne
- Fix ``tox -e lint`` warnings and errors (490) by jdufresne
- Run pyupgrade across project to use modern Python 3 conventions
(491) by jdufresne
- Add Python-3-only trove classifier and remove "universal" from wheel
(492) by jdufresne
- Emit warnings about user code, not pyjwt code (494) by mgedmin
- Move setup information to declarative setup.cfg (495) by jdufresne
- CLI options for verifying audience and issuer (496) by
GeoffRichards
- Specify the target Python version for mypy (497) by jdufresne
- Remove unnecessary compatibility shims for Python 2 (498) by
jdufresne
- Setup GH Actions (499) by jpadilla
- Implementation of ECAlgorithm.from\_jwk (500) by jpadilla
- Remove cli entry point (501) by jpadilla
- Expose InvalidKeyError on jwt module (503) by russellcardullo
- Avoid loading token twice in pyjwt.decode (506) by CaselIT
- Default links to stable version of documentation (508) by salcedo
- Update README.md badges (510) by jpadilla
- Introduce better experience for JWKs (511) by jpadilla
- Fix tox conditional extras (512) by jpadilla
- Return tokens as string not bytes (513) by jpadilla
- Drop support for legacy contrib algorithms (514) by jpadilla
- Drop deprecation warnings (515) by jpadilla
- Update Auth0 sponsorship link (519) by Sambego
- Update return type for jwt.encode (521) by moomoolive
- Run tests against Python 3.9 and add trove classifier (522) by
michael-k
- Removed redundant ``default_backend()`` (523) by rohitkg98
- Documents how to use private keys with passphrases (525) by rayluo
- Update version to 2.0.0a1 (528) by jpadilla
- Fix usage example (530) by nijel
- add EdDSA to docs (531) by CircleOnCircles
- Remove support for EOL Python 3.5 (532) by jdufresne
- Upgrade to isort 5 and adjust configurations (533) by jdufresne
- Remove unused argument "verify" from PyJWS.decode() (534) by
jdufresne
- Update typing syntax and usage for Python 3.6+ (535) by jdufresne
- Run pyupgrade to simplify code and use Python 3.6 syntax (536) by
jdufresne
- Drop unknown pytest config option: strict (537) by jdufresne
- Upgrade black version and usage (538) by jdufresne
- Remove "Command line" sections from docs (539) by jdufresne
- Use existing key\_path() utility function throughout tests (540) by
jdufresne
- Replace force\_bytes()/force\_unicode() in tests with literals (541)
by jdufresne
- Remove unnecessary Unicode decoding before json.loads() (542) by
jdufresne
- Remove unnecessary force\_bytes() calls prior to base64url\_decode()
(543) by jdufresne
- Remove deprecated arguments from docs (544) by jdufresne
- Update code blocks in docs (545) by jdufresne
- Refactor jwt/jwks\_client.py without requests dependency (546) by
jdufresne
- Tighten bytes/str boundaries and remove unnecessary coercing (547)
by jdufresne
- Replace codecs.open() with builtin open() (548) by jdufresne
- Replace int\_from\_bytes() with builtin int.from\_bytes() (549) by
jdufresne
- Enforce .encode() return type using mypy (551) by jdufresne
- Prefer direct indexing over options.get() (552) by jdufresne
- Cleanup "noqa" comments (553) by jdufresne
- Replace merge\_dict() with builtin dict unpacking generalizations
(555) by jdufresne
- Do not mutate the input payload in PyJWT.encode() (557) by
jdufresne
- Use direct indexing in PyJWKClient.get\_signing\_key\_from\_jwt()
(558) by jdufresne
- Split PyJWT/PyJWS classes to tighten type interfaces (559) by
jdufresne
- Simplify mocked\_response test utility function (560) by jdufresne
- Autoupdate pre-commit hooks and apply them (561) by jdufresne
- Remove unused argument "payload" from PyJWS.\ *verify*\ signature()
(562) by jdufresne
- Add utility functions to assist test skipping (563) by jdufresne
- Type hint jwt.utils module (564) by jdufresne
- Prefer ModuleNotFoundError over ImportError (565) by jdufresne
- Fix tox "manifest" environment to pass (566) by jdufresne
- Fix tox "docs" environment to pass (567) by jdufresne
- Simplify black configuration to be closer to upstream defaults (568)
by jdufresne
- Use generator expressions (569) by jdufresne
- Simplify from\_base64url\_uint() (570) by jdufresne
- Drop lint environment from GitHub actions in favor of pre-commit.ci
(571) by jdufresne
- [pre-commit.ci] pre-commit autoupdate (572)
- Simplify tox configuration (573) by jdufresne
- Combine identical test functions using pytest.mark.parametrize()
(574) by jdufresne
- Complete type hinting of jwks\_client.py (578) by jdufresne
1.7.1
--------------------------------------------------------------------
Fixed
~~~~~
- Update test dependencies with pinned ranges
- Fix pytest deprecation warnings
1.7.0
--------------------------------------------------------------------
Changed
~~~~~~~
- Remove CRLF line endings
`353 <https://github.com/jpadilla/pyjwt/pull/353>`__
Fixed
~~~~~
- Update usage.rst
`360 <https://github.com/jpadilla/pyjwt/pull/360>`__
Added
~~~~~
- Support for Python 3.7
`375 <https://github.com/jpadilla/pyjwt/pull/375>`__
`379 <https://github.com/jpadilla/pyjwt/pull/379>`__
`384 <https://github.com/jpadilla/pyjwt/pull/384>`__
1.6.4
--------------------------------------------------------------------
Fixed
~~~~~
- Reverse an unintentional breaking API change to .decode()
`352 <https://github.com/jpadilla/pyjwt/pull/352>`__
1.6.3
--------------------------------------------------------------------
Changed
~~~~~~~
- All exceptions inherit from PyJWTError
`340 <https://github.com/jpadilla/pyjwt/pull/340>`__
Added
~~~~~
- Add type hints `344 <https://github.com/jpadilla/pyjwt/pull/344>`__
- Add help module
`7ca41e <https://github.com/jpadilla/pyjwt/commit/7ca41e53b3d7d9f5cd31bdd8a2b832d192006239>`__
Docs
~~~~
- Added section to usage docs for jwt.get\_unverified\_header()
`350 <https://github.com/jpadilla/pyjwt/pull/350>`__
- Update legacy instructions for using pycrypto
`337 <https://github.com/jpadilla/pyjwt/pull/337>`__
1.6.1
--------------------------------------------------------------------
Fixed
~~~~~
- Audience parameter throws ``InvalidAudienceError`` when application
does not specify an audience, but the token does.
`336 <https://github.com/jpadilla/pyjwt/pull/336>`__
1.6.0
--------------------------------------------------------------------
Changed
~~~~~~~
- Dropped support for python 2.6 and 3.3
`301 <https://github.com/jpadilla/pyjwt/pull/301>`__
- An invalid signature now raises an ``InvalidSignatureError`` instead
of ``DecodeError``
`316 <https://github.com/jpadilla/pyjwt/pull/316>`__
Fixed
~~~~~
- Fix over-eager fallback to stdin
`304 <https://github.com/jpadilla/pyjwt/pull/304>`__
Added
~~~~~
- Audience parameter now supports iterables
`306 <https://github.com/jpadilla/pyjwt/pull/306>`__
Links
- PyPI: https://pypi.org/project/pyjwt
- Changelog: https://pyup.io/changelogs/pyjwt/
- Repo: https://github.com/jpadilla/pyjwt
