fastapi-jwt should have other jwt backends besides python-jose. Authlib seems a good candidate.

[hasB4K]

Hello @k4black,

First, I would like to thank you for your project. I sincerely believe that this project should be merged into the main branch of fastapi.

Now, I think fastapi-jwt should either deprecate python-jose and/or offer an alternative. python-jose did not received a new release since 2021, and the last commit was 10 month ago. A lot of people are worried about the safety of this repo now:

• https://github.com/mpdavis/python-jose/issues/332
• https://github.com/mpdavis/python-jose/issues/340
• https://github.com/mpdavis/python-jose/issues/341

I think fastapi-jwt offers a lot, I don't want to manually code a jwt handler everytime I start a new project with fastapi like the doc of fastapi suggest. So I would suggest to create a JWT Backend mechanism to support at least authlib (which is heavily maintained). I think PyJWT could be a third option. fastapi-jwt should be generic enough to have custom JWT implementation defined by the user if necessary.

I have a PR coming, but I wanted to create an issue first to explain why I think this feature is mandatory.

Kind regards,