All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning.
- Audience parameter throws
InvalidAudienceError
when application does not specify an audience, but the token does. #336
- Dropped support for python 2.6 and 3.3 #301
- An invalid signature now raises an
InvalidSignatureError
instead ofDecodeError
#316
- Fix over-eager fallback to stdin #304
- Audience parameter now supports iterables #306
- Increase required version of the cryptography package to >=1.4.0.
- Remove uses of deprecated functions from the cryptography package.
- Warn about missing
algorithms
param todecode()
only whenverify
param isTrue
#281
- Ensure correct arguments order in decode super call 7c1e61d
- Change optparse for argparse. #238
- Guard against PKCS1 PEM encododed public keys #277
- Add deprecation warning when decoding without specifying
algorithms
#277 - Improve deprecation messages #270
- PyJWT.decode: move verify param into options #271
- Add support for ECDSA public keys in RFC 4253 (OpenSSH) format #244
- Renamed commandline script
jwt
tojwt-cli
to avoid issues with the script clobbering thejwt
module in some circumstances. #187 - Better error messages when using an algorithm that requires the cryptography package, but it isn't available #230
- Tokens with future 'iat' values are no longer rejected #190
- Non-numeric 'iat' values now raise InvalidIssuedAtError instead of DecodeError
- Remove rejection of future 'iat' claims #252
- Add back 'ES512' for backward compatibility (for now) #225
- Fix incorrectly named ECDSA algorithm #219
- Fix rpm build #196
- Add JWK support for HMAC and RSA keys #202
- A PEM-formatted key encoded as bytes could cause a
TypeError
to be raised #213
- Newer versions of Pytest could not detect warnings properly #182
- Non-string 'kid' value now raises
InvalidTokenError
#174 jwt.decode(None)
now gracefully fails withInvalidTokenError
#183
- Exclude Python cache files from PyPI releases.
- Added new options to require certain claims
(require_nbf, require_iat, require_exp) and raise
MissingRequiredClaimError
if they are not present. - If
audience=
orissuer=
is specified but the claim is not present,MissingRequiredClaimError
is now raised instead ofInvalidAudienceError
andInvalidIssuerError
- ECDSA (ES256, ES384, ES512) signatures are now being properly serialized #158
- RSA-PSS (PS256, PS384, PS512) signatures now use the proper salt length for PSS padding. #163
- Added a new
jwt.get_unverified_header()
to parse and return the header portion of a token prior to signature verification.
- Python 3.2 is no longer a supported platform. This version of Python is rarely used. Users affected by this should upgrade to 3.3+.
- Added back
verify_expiration=
argument tojwt.decode()
that was erroneously removed in v1.1.0.
- Refactored JWS-specific logic out of PyJWT and into PyJWS superclass. #141
verify_expiration=
argument tojwt.decode()
is now deprecated and will be removed in a future version. Use theoption=
argument instead.
- Added support for PS256, PS384, and PS512 algorithms. #132
- Added flexible and complete verification options during decode. #131
- Added this CHANGELOG.md file.
- Deprecated usage of the .decode(..., verify=False) parameter.
- Fixed command line encoding. #128
- Include jwt/contrib' and jwt/contrib/algorithms` in setup.py so that they will actually be included when installing. 882524d
- Fix bin/jwt after removing jwt.header(). bd57b02