From 9e069e58c3dde2fd0eb7a3fe8c2649ac135bd204 Mon Sep 17 00:00:00 2001
From: Roman Vlasenko <klavionik@gmail.com>
Date: Tue, 6 Jul 2021 19:45:35 +0300
Subject: [PATCH 1/2] PyJWKClient: Assume JWK is intended for signing if 'use'
 claim is either 'sig' or not present

---
 jwt/jwks_client.py        |  2 +-
 tests/test_jwks_client.py | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/jwt/jwks_client.py b/jwt/jwks_client.py
index dc86c3be..dc052de2 100644
--- a/jwt/jwks_client.py
+++ b/jwt/jwks_client.py
@@ -29,7 +29,7 @@ def get_signing_keys(self) -> List[PyJWK]:
         signing_keys = []
 
         for jwk_set_key in jwk_set.keys:
-            if jwk_set_key.public_key_use == "sig" and jwk_set_key.key_id:
+            if jwk_set_key.public_key_use in ["sig", None] and jwk_set_key.key_id:
                 signing_keys.append(jwk_set_key)
 
         if len(signing_keys) == 0:
diff --git a/tests/test_jwks_client.py b/tests/test_jwks_client.py
index a512200c..3e42da17 100644
--- a/tests/test_jwks_client.py
+++ b/tests/test_jwks_client.py
@@ -61,6 +61,20 @@ def test_get_signing_keys(self):
         assert len(signing_keys) == 1
         assert isinstance(signing_keys[0], PyJWK)
 
+    def test_get_signing_keys_if_no_use_provided(self):
+        url = "https://dev-87evx9ru.auth0.com/.well-known/jwks.json"
+
+        mocked_key = RESPONSE_DATA["keys"][0].copy()
+        del mocked_key["use"]
+        response = {"keys": [mocked_key]}
+
+        with mocked_response(response):
+            jwks_client = PyJWKClient(url)
+            signing_keys = jwks_client.get_signing_keys()
+
+        assert len(signing_keys) == 1
+        assert isinstance(signing_keys[0], PyJWK)
+
     def test_get_signing_keys_raises_if_none_found(self):
         url = "https://dev-87evx9ru.auth0.com/.well-known/jwks.json"
 

From d5b517a76486942fe8fe8619e42c7d68e7be9448 Mon Sep 17 00:00:00 2001
From: Roman Vlasenko <klavionik@gmail.com>
Date: Mon, 9 Aug 2021 13:31:19 +0300
Subject: [PATCH 2/2] Update CHANGELOG

---
 CHANGELOG.rst | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index b138569a..a8c98c40 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -12,6 +12,7 @@ Changed
 
 Fixed
 ~~~~~
+- Assume JWK without the "use" claim is valid for signing as per RFC7517 `#668 <https://github.com/jpadilla/pyjwt/pull/668>`__
 
 Added
 ~~~~~