pyjwt
pyjwt copied to clipboard
JSON Web Token implementation in Python
When trying to import `jwt` in AWS Lambda with a python 3.8 with `cryptography` on a recent version, the following error is thrown. ``` [ERROR] Runtime.ImportModuleError: Unable to import module...
Thank you for this great library. I have a project where I'm using this library for encoding/decoding tokens for resetting passwords. Everything works well, but the other day I got...
Hi! I noticed that NoneAlgorithm's method 'verify' always return a False. It's cannot verify empty signature. But can generate a empty signature. I have to register another to do so....
Hi, I was wondering if you would like to integrate continuous fuzzing by way of OSS-Fuzz? Fuzzing is a way to automate test-case generation and can be used to find...
This PR contains three proposed changes. You can accept or reject any of them as you see fit. This is just a rough draft, once the functionality is approved I'll...
Summary. https://nvd.nist.gov/vuln/detail/CVE-2024-26130 published and has a high rating. ## Expected Result This library is updated to at least use version 42.0.4 of cryptography
## Description This PR allows user to selectively disable refresh of signing keys on `kid` mismatch. Fixes #929 ## Changes Default parameter of `retry: bool = True` has been added...
Summary. ``` try: payload = json.loads(decoded["payload"]) except ValueError as e: raise DecodeError(f"Invalid payload string: {e}") if not isinstance(payload, dict): raise DecodeError("Invalid payload string: must be a json object") return payload...
updates: - [github.com/psf/black: 23.11.0 → 24.2.0](https://github.com/psf/black/compare/23.11.0...24.2.0) - [github.com/PyCQA/flake8: 6.1.0 → 7.0.0](https://github.com/PyCQA/flake8/compare/6.1.0...7.0.0) - [github.com/PyCQA/isort: 5.12.0 → 5.13.2](https://github.com/PyCQA/isort/compare/5.12.0...5.13.2) - [github.com/pre-commit/mirrors-mypy: v1.7.0 → v1.8.0](https://github.com/pre-commit/mirrors-mypy/compare/v1.7.0...v1.8.0)
https://github.com/jpadilla/pyjwt/blob/f86b8b6ce670e40f1ef037b70ac6b4c682e8ac6f/jwt/api_jws.py#L287-L300 The function expects a `list[str]`, but if a user does not use a type checker and accidentally passes a string, any `alg` header that is a substring of that...