Skip to content

Releases: jpadilla/pyjwt

2.0.1

17 Jan 17:59
3993ce1
Compare
Choose a tag to compare

Changelog

Changed

  • Rename CHANGELOG.md to CHANGELOG.rst and include in docs #597

Fixed

  • Fix from_jwk() for all algorithms #598

v2.0.0

22 Dec 14:13
4823647
Compare
Choose a tag to compare

Highlights

Introduce better experience for JWKs

Introduce PyJWK, PyJWKSet, and PyJWKClient.

import jwt
from jwt import PyJWKClient

token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik5FRTFRVVJCT1RNNE16STVSa0ZETlRZeE9UVTFNRGcyT0Rnd1EwVXpNVGsxUWpZeVJrUkZRdyJ9.eyJpc3MiOiJodHRwczovL2Rldi04N2V2eDlydS5hdXRoMC5jb20vIiwic3ViIjoiYVc0Q2NhNzl4UmVMV1V6MGFFMkg2a0QwTzNjWEJWdENAY2xpZW50cyIsImF1ZCI6Imh0dHBzOi8vZXhwZW5zZXMtYXBpIiwiaWF0IjoxNTcyMDA2OTU0LCJleHAiOjE1NzIwMDY5NjQsImF6cCI6ImFXNENjYTc5eFJlTFdVejBhRTJINmtEME8zY1hCVnRDIiwiZ3R5IjoiY2xpZW50LWNyZWRlbnRpYWxzIn0.PUxE7xn52aTCohGiWoSdMBZGiYAHwE5FYie0Y1qUT68IHSTXwXVd6hn02HTah6epvHHVKA2FqcFZ4GGv5VTHEvYpeggiiZMgbxFrmTEY0csL6VNkX1eaJGcuehwQCRBKRLL3zKmA5IKGy5GeUnIbpPHLHDxr-GXvgFzsdsyWlVQvPX2xjeaQ217r2PtxDeqjlf66UYl6oY6AqNS8DH3iryCvIfCcybRZkc_hdy-6ZMoKT6Piijvk_aXdm7-QQqKJFHLuEqrVSOuBqqiNfVrG27QzAPuPOxvfXTVLXL2jek5meH6n-VWgrBdoMFH93QEszEDowDAEhQPHVs0xj7SIzA"
kid = "NEE1QURBOTM4MzI5RkFDNTYxOTU1MDg2ODgwQ0UzMTk1QjYyRkRFQw"
url = "https://dev-87evx9ru.auth0.com/.well-known/jwks.json"

jwks_client = PyJWKClient(url)
signing_key = jwks_client.get_signing_key_from_jwt(token)

data = jwt.decode(
    token,
    signing_key.key,
    algorithms=["RS256"],
    audience="https://expenses-api",
    options={"verify_exp": False},
)
print(data)

Support for JWKs containing ECDSA keys

Drop support for Python 2

Require cryptography >= 3

Drop support for PyCrypto and ECDSA

We've kept this around for a long time, mostly for environments that didn't allow installing cryptography.

Drop CLI

Dropped the included cli entry point.

Improve typings

We no longer need to use mypy Python 2 compatibility mode (comments)

Add support for Ed25519 / EdDSA

Changes

Thanks to all that helped made this release happen one way or another. Special shout out to @jdufresne for all the amazing work getting this project into tip-top shape.

2.0.0a2

20 Dec 00:08
Compare
Choose a tag to compare
2.0.0a2 Pre-release
Pre-release
Bump up version to 2.0.0a2

2.0.0a1

02 Nov 13:04
Compare
Choose a tag to compare
2.0.0a1 Pre-release
Pre-release
Fix Example Usage in docs

v1.7.1

07 Dec 13:41
Compare
Choose a tag to compare

Fixed

  • Update test dependencies with pinned ranges (b65e1ac)
  • Fix pytest deprecation warnings (b65e1ac)

v1.7.0

02 Dec 03:50
Compare
Choose a tag to compare

Changed

  • Remove CRLF line endings #353

Fixed

  • Update usage.rst #360

Added

v1.6.4

24 May 02:48
Compare
Choose a tag to compare

Fixed

  • Reverse an unintentional breaking API change to .decode() #352

v1.6.3

19 May 17:18
Compare
Choose a tag to compare

Note: I accidentally published v1.6.2 and removed it from PyPI, that's why the jump to v1.6.3

Changed

  • All exceptions inherit from PyJWTError #340

Added

Docs

  • Added section to usage docs for jwt.get_unverified_header() #350
  • Update legacy instructions for using pycrypto #337

v1.6.1

18 Mar 13:40
Compare
Choose a tag to compare

Fixed

  • Audience parameter throws InvalidAudienceError when application does not specify an audience, but the token does. #336

v1.6.0

03 Mar 16:57
Compare
Choose a tag to compare

Changed

  • Dropped support for python 2.6 and 3.3 #301
  • An invalid signature now raises an InvalidSignatureError instead of DecodeError #316

Fixed

  • Fix over-eager fallback to stdin #304

Added

  • Audience parameter now supports iterables #306