python-jose
python-jose copied to clipboard
mpdavis
A JOSE implementation in Python
This is probably related to #50 but I'm not using a dict to construct my JWK, rather an instantiated private key. Also looking at the code I get the idea...
Hello everybody, I try to do encrypt a simple string using JWE, however I cannot manage to get a valid symmetric key to be used by the JWE engine. I...
### Jose version `3.2.0` ### Problem/Question Token expiration. I was expecting the following token to raise an expiration error. ```python from datetime import datetime from jose import jwt token =...
Any reason why pytest-runner is required for setup.py install? Version 3.0.1 didn't require pytest-runner.
Starting here: https://github.com/mpdavis/python-jose/blob/be8e914a63e8940cd34ac0f5a066d114f10dad48/jose/jws.py#L250-L258 This correctly rejects invalid `alg` headers, as JWT implementations MUST to be secure. https://github.com/mpdavis/python-jose/blob/be8e914a63e8940cd34ac0f5a066d114f10dad48/jose/jws.py#L259-L262 However, the algorithm associated with the key returned from `_get_keys()` is not validated....
Let's say my token fails to validate because my audience is incorrect. https://github.com/mpdavis/python-jose/blob/be8e914a63e8940cd34ac0f5a066d114f10dad48/jose/jwt.py#L342-L350 With the above, it becomes non-trivial for me to do the following: ``` if failed because audience...
* Makes possible to fake a time without using `freezegun:freeze_time` or `unittest.mock:patch`. Less monkey patching == better code. * Makes possible to reuse current time fetched elsewhere (e.g. from request).
bump version
hello — i'm trying to use this library to decrypt JWE, but the latest release was before JWE support was added. I can get it to work by doing something...
It should read 2021, and it says 2020. Cheers
