Releases: jpadilla/pyjwt
Releases · jpadilla/pyjwt
2.8.0
What's Changed
- Export PyJWKClientConnectionError class by @daviddavis in #887
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #889
- Patch 1 by @juur in #891
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #896
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #898
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #900
- Update python version by @auvipy in #895
- api_jwt: add a
strict_aud
option by @woodruffw in #902
New Contributors
Full Changelog: 2.7.0...2.8.0
2.7.0
What's Changed
- Add classifier for Python 3.11 by @eseifert in #818
- Add
Algorithm.compute_hash_digest
and use it to implement at_hash validation example by @sirosen in #775 - fix: use datetime.datetime.timestamp function to have a milliseconds by @daillouf in #821
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #825
- Custom header configuration in jwk client by @thundercat1 in #823
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #828
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #833
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #835
- Add PyJWT._{de,en}code_payload hooks by @akx in #829
- Add
sort_headers
parameter toapi_jwt.encode
by @evroon in #832 - Make mypy configuration stricter and improve typing by @akx in #830
- Bump actions/stale from 6 to 7 by @dependabot in #840
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #838
- Add more types by @Viicos in #843
- Differentiate between two errors by @irdkwmnsb in #809
- Fix
_validate_iat
validation by @Viicos in #847 - Improve error messages when cryptography isn't installed by @Viicos in #846
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #852
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #855
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #859
- Make
Algorithm
an abstract base class by @Viicos in #845 - docs: correct mistake in the changelog about verify param by @gbillig in #866
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #868
- Bump actions/stale from 7 to 8 by @dependabot in #872
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #874
- Add a timeout for PyJWKClient requests by @daviddavis in #875
- Add client connection error exception by @daviddavis in #876
- Add complete types to take all allowed keys into account by @Viicos in #873
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #878
- Build and upload PyPI package by @jpadilla in #884
- Fix for issue #862 - ignore invalid keys in a jwks. by @timw6n in #863
- Add
as_dict
option toAlgorithm.to_jwk
by @fluxth in #881
New Contributors
- @eseifert made their first contribution in #818
- @daillouf made their first contribution in #821
- @thundercat1 made their first contribution in #823
- @evroon made their first contribution in #832
- @Viicos made their first contribution in #843
- @irdkwmnsb made their first contribution in #809
- @gbillig made their first contribution in #866
- @daviddavis made their first contribution in #875
- @timw6n made their first contribution in #863
- @fluxth made their first contribution in #881
Full Changelog: 2.6.0...2.7.0
2.6.0
What's Changed
- fix: version 2.5.0 heading typo by @c0state in #803
- Remove
types-cryptography
fromcrypto
extra by @lautat in #805 - bump up cryptography >= 3.4.0 by @jpadilla in #807
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #798
- Bump actions/stale from 5 to 6 by @dependabot in #808
- Invalidate exp when exp == now() by @wcedmisten-reify in #797
- Handling 'ImmatureSignatureError' for issued_at time by @sriharan16 in #794
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #810
- Bump version to 2.6.0 by @jpadilla in #813
New Contributors
- @c0state made their first contribution in #803
- @lautat made their first contribution in #805
- @wcedmisten-reify made their first contribution in #797
- @sriharan16 made their first contribution in #794
Full Changelog: 2.5.0...2.6.0
2.5.0
What's Changed
- Bump actions/checkout from 2 to 3 by @dependabot in #758
- Bump codecov/codecov-action from 1 to 3 by @dependabot in #757
- Bump actions/setup-python from 2 to 3 by @dependabot in #756
- adding support for compressed payloads by @danieltmiles in #753
- Revert "adding support for compressed payloads" by @auvipy in #761
- Add to_jwk static method to ECAlgorithm by @leonsmith in #732
- Remove redundant wheel dep from pyproject.toml by @mgorny in #765
- Adjust expected exceptions in option merging tests for PyPy3 by @mgorny in #763
- Do not fail when an unusable key occurs by @DaGuich in #762
- Fixes for pyright on strict mode by @brandon-leapyear in #747
- Bump actions/setup-python from 3 to 4 by @dependabot in #769
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #770
- docs: fix simple typo, iinstance -> isinstance by @timgates42 in #774
- Expose get_algorithm_by_name as new method by @sirosen in #773
- Remove support for python3.6 by @sirosen in #777
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #778
- Emit a deprecation warning for unsupported kwargs by @sirosen in #776
- Fix typo: priot -> prior by @jdufresne in #780
- Fix for headers disorder issue by @kadabusha in #721
- Update audience typing by @JulianMaurin in #782
- Improve PyJWKSet error accuracy by @JulianMaurin in #786
- Add type hints to jwt/help.py and add missing types dependency by @kkirsche in #784
- Add cacheing functionality for JWK set by @wuhaoyujerry in #781
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #788
- Mypy as pre-commit check + api_jws typing by @JulianMaurin in #787
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #791
- Bump version to 2.5.0 by @jpadilla in #801
New Contributors
- @dependabot made their first contribution in #758
- @danieltmiles made their first contribution in #753
- @leonsmith made their first contribution in #732
- @mgorny made their first contribution in #765
- @DaGuich made their first contribution in #762
- @brandon-leapyear made their first contribution in #747
- @sirosen made their first contribution in #773
- @kadabusha made their first contribution in #721
- @JulianMaurin made their first contribution in #782
- @wuhaoyujerry made their first contribution in #781
Full Changelog: 2.4.0...2.5.0
2.4.0
Security
- [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. GHSA-ffqj-6fqr-9h24
What's Changed
- Add support for Python 3.10 by @hugovk in #699
- Don't use implicit optionals by @rekyungmin in #705
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #708
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #710
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #711
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #712
- documentation fix: show correct scope for decode_complete() by @sseering in #661
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #716
- Explicit check the key for ECAlgorithm by @estin in #713
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #720
- api_jwk: Add PyJWKSet.getitem by @woodruffw in #725
- Update usage.rst by @guneybilen in #727
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #728
- fix: Update copyright information by @kkirsche in #729
- Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @dmahr1 in #734
- Fixed typo in usage.rst by @israelabraham in #738
- Add detached payload support for JWS encoding and decoding by @fviard in #723
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #740
- Raise DeprecationWarning for jwt.decode(verify=...) by @akx in #742
- Don't mutate options dictionary in .decode_complete() by @akx in #743
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #748
- Replace various string interpolations with f-strings by @akx in #744
- Update CHANGELOG.rst by @hipertracker in #751
New Contributors
- @hugovk made their first contribution in #699
- @rekyungmin made their first contribution in #705
- @sseering made their first contribution in #661
- @estin made their first contribution in #713
- @woodruffw made their first contribution in #725
- @guneybilen made their first contribution in #727
- @dmahr1 made their first contribution in #734
- @israelabraham made their first contribution in #738
- @fviard made their first contribution in #723
- @akx made their first contribution in #742
- @hipertracker made their first contribution in #751
Full Changelog: 2.3.0...2.4.0
2.3.0
What's Changed
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #700
- Add exception chaining by @ehdgua01 in #702
- Revert "Remove arbitrary kwargs." by @auvipy in #701
- Bump up version to v2.3.0 by @jpadilla in #703
New Contributors
Full Changelog: 2.2.0...2.3.0
2.2.0
What's Changed
- Complete
jwt
documentation by @johachi in #654 - Ignore coverage files generated during test runs by @makusu2 in #617
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #656
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #658
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #667
- Fix aud validation to support {'aud': null} case. by @dajiaji in #670
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #678
- Prefer headers['alg'] to algorithm parameter in encode(). by @dajiaji in #673
- DOC: Clarify RSA encoding and decoding depend on the cryptography package by @TPXP in #664
- Make typ optional by @dajiaji in #644
- Remove arbitrary kwargs. by @dajiaji in #657
- Assume JWK is valid for signing if "use" is omitted by @Klavionik in #668
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #684
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #686
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #689
- Remove upper bound on cryptography version by @riconnon in #693
- Add support for Ed448/EdDSA. by @dajiaji in #675
- Chore: inline Variables that immediately Returned by @yezz123 in #690
- Use timezone package as Python 3.5+ is required by @kkirsche in #694
- Bump up version to v2.2.0 by @jpadilla in #697
New Contributors
- @TPXP made their first contribution in #664
- @Klavionik made their first contribution in #668
- @riconnon made their first contribution in #693
- @yezz123 made their first contribution in #690
- @kkirsche made their first contribution in #694
Full Changelog: 2.1.0...2.2.0
2.1.0
Changelog
Changed
- Allow claims validation without making JWT signature validation mandatory. #608
Fixed
- Remove padding from JWK test data. #628
- Make
kty
mandatory in JWK to be compliant with RFC7517. #624 - Allow JWK without
alg
to be compliant with RFC7517. #624 - Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm. #645
Added
2.0.1
v2.0.0
Highlights
Introduce better experience for JWKs
Introduce PyJWK
, PyJWKSet
, and PyJWKClient
.
import jwt
from jwt import PyJWKClient
token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik5FRTFRVVJCT1RNNE16STVSa0ZETlRZeE9UVTFNRGcyT0Rnd1EwVXpNVGsxUWpZeVJrUkZRdyJ9.eyJpc3MiOiJodHRwczovL2Rldi04N2V2eDlydS5hdXRoMC5jb20vIiwic3ViIjoiYVc0Q2NhNzl4UmVMV1V6MGFFMkg2a0QwTzNjWEJWdENAY2xpZW50cyIsImF1ZCI6Imh0dHBzOi8vZXhwZW5zZXMtYXBpIiwiaWF0IjoxNTcyMDA2OTU0LCJleHAiOjE1NzIwMDY5NjQsImF6cCI6ImFXNENjYTc5eFJlTFdVejBhRTJINmtEME8zY1hCVnRDIiwiZ3R5IjoiY2xpZW50LWNyZWRlbnRpYWxzIn0.PUxE7xn52aTCohGiWoSdMBZGiYAHwE5FYie0Y1qUT68IHSTXwXVd6hn02HTah6epvHHVKA2FqcFZ4GGv5VTHEvYpeggiiZMgbxFrmTEY0csL6VNkX1eaJGcuehwQCRBKRLL3zKmA5IKGy5GeUnIbpPHLHDxr-GXvgFzsdsyWlVQvPX2xjeaQ217r2PtxDeqjlf66UYl6oY6AqNS8DH3iryCvIfCcybRZkc_hdy-6ZMoKT6Piijvk_aXdm7-QQqKJFHLuEqrVSOuBqqiNfVrG27QzAPuPOxvfXTVLXL2jek5meH6n-VWgrBdoMFH93QEszEDowDAEhQPHVs0xj7SIzA"
kid = "NEE1QURBOTM4MzI5RkFDNTYxOTU1MDg2ODgwQ0UzMTk1QjYyRkRFQw"
url = "https://dev-87evx9ru.auth0.com/.well-known/jwks.json"
jwks_client = PyJWKClient(url)
signing_key = jwks_client.get_signing_key_from_jwt(token)
data = jwt.decode(
token,
signing_key.key,
algorithms=["RS256"],
audience="https://expenses-api",
options={"verify_exp": False},
)
print(data)
Support for JWKs containing ECDSA keys
Drop support for Python 2
Require cryptography >= 3
Drop support for PyCrypto and ECDSA
We've kept this around for a long time, mostly for environments that didn't allow installing cryptography.
Drop CLI
Dropped the included cli entry point.
Improve typings
We no longer need to use mypy Python 2 compatibility mode (comments)
Add support for Ed25519 / EdDSA
Changes
- Add PyPy3 to the test matrix (#550) by @jdufresne
- Require tweak (#280) by @psafont
- Decode return type is dict[str, Any] (#393) by @jacopofar
- Fix linter error in test_cli (#414) by @jaraco
- Run mypy with tox (#421) by @jpadilla
- Document (and prefer) pyjwt[crypto] req format (#426) by @gthb
- Correct type for json_encoder argument (#438) by @jdufresne
- Prefer https:// links where available (#439) by @jdufresne
- Pass python_requires argument to setuptools (#440) by @jdufresne
- Rename [wheel] section to [bdist_wheel] as the former is legacy (#441) by @jdufresne
- Remove setup.py test command in favor of pytest and tox (#442) by @jdufresne
- Fix mypy errors (#449) by @jpadilla
- DX Tweaks (#450) by @jpadilla
- Add support of python 3.8 (#452) by @Djailla
- Fix 406 (#454) by @justinbaur
- Add support for Ed25519 / EdDSA, with unit tests (#455) by @Someguy123
- Remove Python 2.7 compatibility (#457) by @Djailla
- Fix simple typo: encododed -> encoded (#462) by @timgates42
- Enhance tracebacks. (#477) by @JulienPalard
- Simplify
python_requires
(#478) by @michael-k - Document top-level .encode and .decode to close #459 (#482) by @dimaqq
- Improve documentation for audience usage (#484) by @CorreyL
- Correct README on how to run tests locally (#489) by @jdufresne
- Fix
tox -e lint
warnings and errors (#490) by @jdufresne - Run pyupgrade across project to use modern Python 3 conventions (#491) by @jdufresne
- Add Python-3-only trove classifier and remove "universal" from wheel (#492) by @jdufresne
- Emit warnings about user code, not pyjwt code (#494) by @mgedmin
- Move setup information to declarative setup.cfg (#495) by @jdufresne
- CLI options for verifying audience and issuer (#496) by @GeoffRichards
- Specify the target Python version for mypy (#497) by @jdufresne
- Remove unnecessary compatibility shims for Python 2 (#498) by @jdufresne
- Setup GH Actions (#499) by @jpadilla
- Implementation of ECAlgorithm.from_jwk (#500) by @jpadilla
- Remove cli entry point (#501) by @jpadilla
- Expose InvalidKeyError on jwt module (#503) by @russellcardullo
- Avoid loading token twice in pyjwt.decode (#506) by @CaselIT
- Default links to stable version of documentation (#508) by @salcedo
- Update README.md badges (#510) by @jpadilla
- Introduce better experience for JWKs (#511) by @jpadilla
- Fix tox conditional extras (#512) by @jpadilla
- Return tokens as string not bytes (#513) by @jpadilla
- Drop support for legacy contrib algorithms (#514) by @jpadilla
- Drop deprecation warnings (#515) by @jpadilla
- Update Auth0 sponsorship link (#519) by @Sambego
- Update return type for jwt.encode (#521) by @moomoolive
- Run tests against Python 3.9 and add trove classifier (#522) by @michael-k
- Removed redundant
default_backend()
(#523) by @rohitkg98 - Documents how to use private keys with passphrases (#525) by @rayluo
- Update version to 2.0.0a1 (#528) by @jpadilla
- Fix usage example (#530) by @nijel
- add EdDSA to docs (#531) by @CircleOnCircles
- Remove support for EOL Python 3.5 (#532) by @jdufresne
- Upgrade to isort 5 and adjust configurations (#533) by @jdufresne
- Remove unused argument "verify" from PyJWS.decode() (#534) by @jdufresne
- Update typing syntax and usage for Python 3.6+ (#535) by @jdufresne
- Run pyupgrade to simplify code and use Python 3.6 syntax (#536) by @jdufresne
- Drop unknown pytest config option: strict (#537) by @jdufresne
- Upgrade black version and usage (#538) by @jdufresne
- Remove "Command line" sections from docs (#539) by @jdufresne
- Use existing key_path() utility function throughout tests (#540) by @jdufresne
- Replace force_bytes()/force_unicode() in tests with literals (#541) by @jdufresne
- Remove unnecessary Unicode decoding before json.loads() (#542) by @jdufresne
- Remove unnecessary force_bytes() calls priot to base64url_decode() (#543) by @jdufresne
- Remove deprecated arguments from docs (#544) by @jdufresne
- Update code blocks in docs (#545) by @jdufresne
- Refactor jwt/jwks_client.py without requests dependency (#546) by @jdufresne
- Tighten bytes/str boundaries and remove unnecessary coercing (#547) by @jdufresne
- Replace codecs.open() with builtin open() (#548) by @jdufresne
- Replace int_from_bytes() with builtin int.from_bytes() (#549) by @jdufresne
- Enforce .encode() return type using mypy (#551) by @jdufresne
- Prefer direct indexing over options.get() (#552) by @jdufresne
- Cleanup "noqa" comments (#553) by @jdufresne
- Replace merge_dict() with builtin dict unpacking generalizations (#555) by @jdufresne
- Do not mutate the input payload in PyJWT.encode() (#557) by @jdufresne
- Use direct indexing in PyJWKClient.get_signing_key_from_jwt() (#558) by @jdufresne
- Split PyJWT/PyJWS classes to tighten type interfaces (#559) by @jdufresne
- Simplify mocked_response test utility function (#560) by @jdufresne
- Autoupdate pre-commit hooks and apply them (#561) by @jdufresne
- Remove unused argument "payload" from PyJWS._verify_signature() (#562) by @jdufresne
- Add utility functions to assist test skipping (#563) by @jdufresne
- Type hint jwt.utils module (#564) by @jdufresne
- Prefer ModuleNotFoundError over ImportError (#565) by @jdufresne
- Fix tox "manifest" environment to pass (#566) by @jdufresne
- Fix tox "docs" environment to pass (#567) by @jdufresne
- Simplify black configuration to be closer to upstream defaults (#568) by @jdufresne
- Use generator expressions (#569) by @jdufresne
- Simplify from_base64url_uint() (#570) by @jdufresne
- Drop lint environment from GitHub actions in favor of pre-commit.ci (#571) by @jdufresne
- [pre-commit.ci] pre-commit autoupdate (#572)
- Simplify tox configuration (#573) by @jdufresne
- Combine identical test functions using pytest.mark.parametrize() (#574) by @jdufresne
- Complete type hinting of jwks_client.py (#578) by @jdufresne
Thanks to all that helped made this release happen one way or another. Special shout out to @jdufresne for all the amazing work getting this project into tip-top shape.