Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Looking for maintainers (and Thank You to the community!) #207

Closed
davesque opened this issue Feb 8, 2020 · 55 comments
Closed

Looking for maintainers (and Thank You to the community!) #207

davesque opened this issue Feb 8, 2020 · 55 comments

Comments

@davesque
Copy link
Member

davesque commented Feb 8, 2020

Hey folks! So Simple JWT has really come a ways in terms of popularity (further than I probably would have imagined). For that, I owe a big "Thank you!" to the community of Django and REST devs that have used and contributed to the project!

However, for a while now I haven't had a lot of time to devote to addressing issues and feature requests. My professional life dominates my schedule and it also hasn't tended to involve much REST API development in recent years. But the library continues to enjoy widespread use. Contributors request/develop features and identify usability/security issues on a daily basis. I don't have enough time in my personal schedule to serve all of the community's needs! But I want to see the project continue to succeed.

For that reason, I'm interested in hearing from any devs that wish to become involved in maintaining this project. I'm particularly interested in hearing from devs who have contributed to this project in the past and/or who can demonstrate experience with similar engineering projects. Significant histories of open source contribution are obviously a plus! If you're located in Boulder, CO (which is in the US), that's also a huge plus. We could potentially meet in person to get acquainted.

Please reply to this issue if you think you match the above criteria! I'm looking forward to hearing from all of you!

@Andrew-Chen-Wang
Copy link
Member

@davesque Did you try to move this to JazzBand? This repository is used a lot and was the only maintained JWT package for Django.

@rfschubert
Copy link

rfschubert commented Feb 19, 2020

Hi there, I'm contributor of Masonite project, and currently I'm using Django-rest-framework-simplejwt on many projects.

We use many open source projects inside of our company and I'll be glad to offer to help maintain it :)

ps. currently I'm using mostly Gitlab as repo of my private projects, so my contribution graph here is being very simple last months :)

@Andrew-Chen-Wang
Copy link
Member

@davesque Any progress in getting a maintainer? If not, I'll go and ask JazzBand if they would like to maintain this. I would also be happy to assist in maintenance if JazzBand doesn't work out BUT I can't be alone; basically, I would need someone (maybe multiple people) to help maintain.

@dqjackso
Copy link

I'm interested in being a maintainer!

@davesque
Copy link
Member Author

@Andrew-Chen-Wang I applied to join JazzBand, but haven't received any response yet.

@davesque
Copy link
Member Author

davesque commented Mar 6, 2020

@Andrew-Chen-Wang Actually, I think I might make an open source github org for this. If so, care to be a member?

@Andrew-Chen-Wang
Copy link
Member

@davesque Sure, I’m down. Looking forward to it.

@catalincoroeanu
Copy link

@davesque you can count me in too...

Thanks in advance

@guillaumevincent
Copy link

Hello here, I can help you if needed for issues triaging for example, or code review.
I'm the creator and maintainer of https://github.com/lesspass/lesspass 3.8k stars

@pauloxnet
Copy link
Member

@davesque consider moving the project to @jazzband also dj-rest-auth was moved there and there's a PR to replace rest_framework_jwt with django-rest-framework-simplejwt

@stunaz
Copy link

stunaz commented Apr 7, 2020

So what's the roadmap?

@Andrew-Chen-Wang
Copy link
Member

@stunaz Currently, there is a big PR regarding support for HTTP cookies for SPAs. @pauloxnet Apparently, Dave already tried going to Jazzband awhile ago, but there was no response. There's also an "experimental feature" using the TokenUser model that you can play around with. I haven't had the time to consider the security measures of it and its future full-time use, though. Otherwise, there are a couple members in the SImpleJWT org that'll try to update this repo as much as possible and answer as many issues, too.

This library is also under MIT license. Although, we don't have a CONTRIBUTORS.txt, we could spin one up really quickly once someone opens and issue for it.

@mjlabe
Copy link
Contributor

mjlabe commented Apr 14, 2020

Considering dj-rest-auth just officially switched to django-rest-framework-simplejwt, JazzBand may be more interested now. I would definitely volunteer some time to be a maintainer (mostly selfish since I want my PR's merged) but I could also try contacting JazzBand to point out how integral this is.

@RaddishIoW
Copy link

I'm new to using this framework, but would be willing to pitch in as much as I could to help out.

@affonsobrian
Copy link
Member

I'm currently using your library on some of my DRF projects, and for sure I'd be glad to collaborate on this project! Do you have any roadmap where we should take a look to get started? I don't have a lot of contributions on open source projects (maybe that's the chance to change it? 😄), I guess I have one or two contributions of small things, but I've being working with python for a while now, so I guess I can help with something.

@hvitis
Copy link

hvitis commented May 7, 2020

Hey guys,

I'm starting on using DRF and I wanted to use some JWT implementation app. From what I see now there is a bit of confusion as per different apps, I´ve seen that others lost support/maintainers. Any suggestion as per what are currently supported apps that could extend DRF with AUTH / JWT ready to use solutions?

@catalincoroeanu
Copy link

catalincoroeanu commented May 9, 2020

hi @hvitis

I am one of the maintainers and also I personally used this library in production for a few projects i have worked on in the last years...

This is a good and stable package. Also one of the nice benefits I find for it is the refresh_token + access_token and there is no DB involved into this process.

my personal toolkit is DRF + SimpleJWT + Djoser ==> and you have a nice start setup: Authentication & User management working out of the box all together

Feel free to decide for yourself.

@Andrew-Chen-Wang
Copy link
Member

Andrew-Chen-Wang commented May 14, 2020

@affonsobrian There is no roadmap, but I can list some stuff that would be helpful to many looking to help contribute:

  • Easier callable mechanism for any new methods for flexibility (e.g. signals and permission-based authentication Implement django authentication signals #190).
  • Better release mechanism. We could utilize a GitHub workflow to have enough people authorize a release (or just Dave rather than 4 members approving) and let another GitHub workflow build and push the package to PyPa.
  • Official support for a method for rotating signing keys.
  • Docs explaining what this repo is for... and what it shouldn't be for. Security is a touchy thing, and many people are deploying this and forgetting a lot of security measures...

I can also make this unofficial roadmap into a new issue, but that's a starting point :) I don't want this to be too flexible of an app (while I don't contribute in code much since I'm busy, but I still don't want security vulnerabilities or non-secure mindsets to arise).

@bnisevic
Copy link

Hi! Is this invitation still open? I would like to be a maintainer.

@Andrew-Chen-Wang
Copy link
Member

ping @davesque

@Alig1493
Copy link
Contributor

Alig1493 commented Aug 9, 2020

I could volunteer to help as a maintainer if possible. I haven't worked on open source projects in a while so would be a bit slow on the uptake, just a heads up.

@bnisevic
Copy link

Nobody's responding. The project looks dead. That would be unfortunate. If the owner can not maintain it, he should pass it to the people willing to help.

@Andrew-Chen-Wang
Copy link
Member

Andrew-Chen-Wang commented Aug 10, 2020 via email

@bnisevic
Copy link

Hi @Andrew-Chen-Wang !
Thanks for responding. @Alig1493 would like also to help. And I would also like to contribute. When you catch time send me more info via email how I can help. Best regards!

@bnisevic
Copy link

@Andrew-Chen-Wang you can assign the SimpleJWT project to JazzBand for maintaining https://jazzband.co

@Andrew-Chen-Wang
Copy link
Member

Hi @bnisevic
I believe it's been tried before - perhaps several times. If you'd like to become a maintainer or triage member and help me out answering questions and closing issues, email David (email in his profile).

@jaketae
Copy link

jaketae commented Sep 6, 2020

Hi, I just stumbled across this issue while digging for answers to some questions. I know that @Andrew-Chen-Wang and other maintainers have already tried contacting JazzBand before, but nonetheless I wanted to leave this link from JazzBand's website in case it becomes relevant detail. I may be mistaken, but the gist of it is that there exists a pretty standard procedure for transferring an existing project to JazzBand.

Hope this helps, and thank you to all developers who've helped maintained this wonderful project.

@bnisevic
Copy link

bnisevic commented Sep 7, 2020

It is wonderful project, but it seams dead now.

@Andrew-Chen-Wang
Copy link
Member

Andrew-Chen-Wang commented Sep 7, 2020

There are some missing details in this repo that doesn't conform to Jazzband, but I've been given merge perms so I'm able to merge some PRs. Just gotten busier with college lately, so that's why v5.0.0 is coming a little slow, although I've already merged a couple of PRs already @bnisevic.

Again, if you'd like to help maintain, that'd be great. Please email David (his email's in his GitHub repo or setup.py)

@AjibsBaba
Copy link

I'm interested in being a maintainer

@sshishov
Copy link

I also have experience in implementing JWT authentication on our internal web portal (microservices). It also used access + refresh tokens along with database where users were stored, nginx+lua where tokens were verified and Redis where we store vaild tokens for users. It eliminates need to cleanup the database and you can set TTL for the key regarding your lifetime of the token. Access tokens cannot be blacklisted but generally they should be 5 to 30 mins max. Refresh token is saved to redis with TTL of lifetime. In case of refresh we just rotate it (remove old and add new).

Also we had interesting implementation of anonymous users for being able to store some data for not logged in users. These users also require tokens but we do not store them as blacklisting them (logging users out) are useless in this setup.

Also we had implementation about User-Agents and possible misuse of a token (stolen). Token inside it has the user agent and if it stolen and then tried to be reused, you have to have almost exact user-agent, or you can come up with some fingerprints.

And... I would like to participate in the life of this project as I am also using it, had some comments, even forked/copied it once to fix some problem.

Thanks. Looking forward for cooperation.

@Andrew-Chen-Wang
Copy link
Member

Andrew-Chen-Wang commented Nov 11, 2020

Hi all, if you're interested in becoming a maintainer, please email David. (It's in the GitHub organization repo). David usually doesn't look at this entire repository's issues; he'll only look at his email if there's some kind of request. Just don't spam it.

@bnisevic
Copy link

We already did email David. And we got no reply.

@auvipy
Copy link
Contributor

auvipy commented Jan 15, 2021

as a co-maintainer of pyJWT, I would love to be a maintainer of this project.

@BishnuHari11
Copy link

ERROR: Could not find a version that satisfies the requirement djangorestframeork.simplejwt

@Andrew-Chen-Wang
Copy link
Member

Hey all, we've decided to get this to Jazzband if they accept this. Sit tight!

@guillaumevincent
Copy link

Jazzband web site for people like me who don't know hat Jazzband is https://jazzband.co/

@bnisevic
Copy link

Hey all, we've decided to get this to Jazzband if they accept this. Sit tight!

Nice to hear that! There is hope for this project!

@stunaz
Copy link

stunaz commented Mar 15, 2021

Well I dont get it... jazzband or not, maintainers are still required. jazzband's team will not just pick up the project from here and fix bugs and develop new features from it. I think they might maintain as in keeping the project alive, running against new django releases, do some triages, review some PR. but i doubt they will develop new features nor fixes our long standing issues

@Andrew-Chen-Wang
Copy link
Member

@stunaz It's just a way to relinquish control to an organization who can give out permissions and do the job. I'm not exactly a good maintainer, and I've also lost time due to school. If someone can do what I did which was review some PRs BUT ALSO have merge capabilities, I'm for it rather than a stale library.

@stunaz
Copy link

stunaz commented Mar 15, 2021

Agreed with you @Andrew-Chen-Wang. But in the other hand, I see nice people willing to maintain this project like @auvipy , but we dont see no follow-up on this.

@auvipy
Copy link
Contributor

auvipy commented Mar 15, 2021

instead of moving to jazzband, I would like to maintain it here. but if you still persist, I had to do it after the transfer

@bnisevic
Copy link

If your only motivation is to contribute this project, you can easily join the jazzband and contribute through there.

@Andrew-Chen-Wang
Copy link
Member

@auvipy @bnisevic I've already emailed him about you wanting to become a maintainer after I missed his email about the Jazzband news from 4 days ago. I too would like for SimpleJWT to stay in this organization, but it's still up to David, but the response rate from him is low due to work (David's been MIA for 4 months).

@auvipy
Copy link
Contributor

auvipy commented Mar 16, 2021

If your only motivation is to contribute this project, you can easily join the jazzband and contribute through there.

i already contribute to some jazzband projects.

@jezdez
Copy link
Member

jezdez commented Mar 16, 2021

Hey all, Jazzband founder and roadie here, if you have any questions, please don't hesitate to ask away. There is also #382 now that the transfer has happened. Welcome!

Full disclosure since dj-rest-auth has been mentioned in this ticket, some time ago the project was transferred back to the original author following a discussion around the need for Jazzband projects to move to GitHub Actions from other 3rd party CI systems (original PR with discussion).

@Andrew-Chen-Wang
Copy link
Member

@auvipy Thanks for taking over! and @jezdez Thanks for getting SimpleJWT to Jazzband! No need to worry about dj-rest-auth; it has already migrated to simplejwt as I think this repo is becoming the standard for getting a quick refresh/access auth type system going.

@japsimrans13
Copy link

I want to contribute to SimpleJWT but i am new to open source. Please guide me.

@auvipy
Copy link
Contributor

auvipy commented Apr 19, 2021

I want to contribute to SimpleJWT but i am new to open source. Please guide me.

please check the issues

@jezdez
Copy link
Member

jezdez commented Apr 19, 2021

I want to contribute to SimpleJWT but i am new to open source. Please guide me.

@japsimrans13 I'm afraid Jazzband isn't a great place to learn about Open Source, or at least it's not built to provide guided mentorship like you may be looking for.

please check the issues

Hey @auvipy, I think this isn't the right way to provide mentorship to learn about Open Source, especially in a security senstive application like this.

@Andrew-Chen-Wang
Copy link
Member

@japsimrans13 refer to our docs if you would like to add a feature or implement an existing issue.

This issue is for maintainership purposes and not contributions. I'm closing this issue since anyone can join Jazzband and help maintain.

@satyamsoni2211
Copy link

I would like to maintain the repository

@XFrankly
Copy link

I can contribute to SimpleJWT . and I have some project with django. @davesque please @SuboFrank

@ngocngoan
Copy link

Hi @davesque

I have re-written this project to be compatible with MongoEngine and release it with version 1.0.0. Currently, it supports Simple JWT versions: 4.6 and 4.7

Please visit the Github project's link: https://github.com/ngocngoan/djangorestframework-simplejwt-mongoengine

@Coronon
Copy link

Coronon commented Oct 26, 2021

Hi @davesque

I have re-written this project to be compatible with MongoEngine and release it with version 1.0.0. Currently, it supports Simple JWT versions: 4.6 and 4.7

Please visit the Github project's link: https://github.com/ngocngoan/djangorestframework-simplejwt-mongoengine

While you may have updated some crucial parts, you licensed your code under GPL3. I would assume that most potential users are developing closed source software, therefore it is simply not an appropriate replacement/update to this project.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests