pyjwt icon indicating copy to clipboard operation
pyjwt copied to clipboard

Published 20 hours ago verified publisher icon jpadilla

Decode with PyJWK

Open luhn opened this issue 1 year ago • 7 comments

This PR contains three proposed changes. You can accept or reject any of them as you see fit. This is just a rough draft, once the functionality is approved I'll clean it up, add tests, and document.

  1. Add algorithm string to PyJWK. This is useful in determine the appropriate algorithms value to pass into decode().

  2. Allow a PyJWK to be passed directly into decode(), so it's not necessary to pull PyJWK.key. (This would fix #864)

  3. If a PyJWK is passed into decode() and algorithms is not set, use the algorithm from the JWK. This change makes the API more convenient and reduces room for error: There's no reason that you should use any algorithm but the JWK's algorithm and doing otherwise is problematic at best and a possible security threat at worst.

luhn avatar Apr 28 '23 23:04 luhn

Can I get feedback from a maintainer on whether or not these proposed changes would be accepted once properly documented and tested? @Viicos? @jpadilla?

luhn avatar Jun 15 '23 16:06 luhn

I like the idea, I'm not an official maintainer so I'll let @jpadilla or @auvipy decide here :)

Viicos avatar Jun 15 '23 16:06 Viicos

Ready for review 👍

luhn avatar Oct 16 '23 05:10 luhn

restarted the CI, lets hope all are green

auvipy avatar Oct 16 '23 07:10 auvipy

Okay, I fixed tests w/o cryptography installed.

luhn avatar Oct 16 '23 17:10 luhn

Ping. Any more feedback on this?

@auvipy, it looks like you need to approve my changes.

luhn avatar Dec 20 '23 04:12 luhn

Bummed to see this was closed as stale. @jpadilla @Viicos @auvipy would it be possible to reopen and get merged? I'm happy to make any changes necessary.

luhn avatar Feb 28 '24 01:02 luhn