python-jose icon indicating copy to clipboard operation
python-jose copied to clipboard
verified publisher icon mpdavis

Replace json with orjson

Open TheLazzziest opened this issue 4 years ago • 4 comments

Hi! I am curious about possibility to replace a standard json library with orjson. It looks promising for me from the perspective of speed and robustness of data serialization. What do you think about that?

TheLazzziest avatar Jan 26 '21 19:01 TheLazzziest

This is a security-conscious library, so speed is not the primary factor when determining libraries to use. Moreover, users of this package are probably not going to be utilizing this library to the point that they need more performance out of it, and if they are then they can fork this project, switch to that JSON library, and once that code has stabilized and been run in production for a reasonable amount of time, submit a PR back here.

The emphasis that library has on "correctness" makes it much less useful in real world applications. If JSON is anything like other standards, then there is a lot of non-standard JSON thrown around that parses seemingly fine with other libraries, and in such a situation, insisting on correctness makes a library tremendously less useful.

There has also been some concern voiced over incorporating libraries that are not pure Python due to certain...constraints from cloud providers. Hopefully that has been resolved by now, but I would want to carefully announce any changes like that before the transition.

Given all of that, I'm not super interested in using that library for this package at this moment. Give it a few years and the playing field may have changed.

Although on a personal level, that looks awesome and I'm loving the Python-over-Rust packages that are gaining popularity.

blag avatar Jan 26 '21 19:01 blag

Thank you for the detailed response. Indeed, you are completely right. Maybe the way of making json module a parameter (e.g.: seriazlier ) will be more appropriate. However, it requires just a great amount of work across the entire library.

Hence, I am not sure about benefits will be brought by these heavy changes. Anyway, this case should be tested before continue the discussion. I will try to look deeper. If it seems promising to me, I will send a pr if you don't mind.

The reason I am asking that question is a desire to use your library in my pet project. The integration of orjson into python-jose to serialize theoretically almost any data quickly and safely seemed very attractive to me.

TheLazzziest avatar Jan 30 '21 13:01 TheLazzziest

As the current maintainer of the python-jose package in Fedora Linux, I’m perfectly happy with a choice of JSON backends. I’m excited about orjson, too!

However, please don’t make orjson the only supported JSON backend unless it builds with the stable Rust toolchain instead of the nightly one (https://github.com/ijl/orjson/issues/108); otherwise people like me will have to patch it back out, or drop python-jose entirely.

musicinmybrain avatar Mar 05 '21 13:03 musicinmybrain

@musicinmybrain, of course, you are right. Such changes just breaks compatibility. That's why I suggested above to try to parametrize the backend instead of just replacing it. Maybe it's better just to close the issue if it misleads people.

TheLazzziest avatar Mar 05 '21 20:03 TheLazzziest