PyJWT v2.0.0 Release Notes
-
๐ Changed
โฌ๏ธ Drop support for Python 2 and Python 3.0-3.5 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ๐ Python 3.5 is EOL so we decide to drop its support. Version ``1.7.1`` is ๐ the last one supporting Python 3.0-3.5. Require cryptography >= 3 ^^^^^^^^^^^^^^^^^^^^^^^^^ โฌ๏ธ Drop support for PyCrypto and ECDSA ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ We've kept this around for a long time, mostly for environments that didn't allow installing cryptography. โฌ๏ธ Drop CLI ^^^^^^^^ โฌ๏ธ Dropped the included cli entry point. ๐ Improve typings ^^^^^^^^^^^^^^^ We no longer need to use mypy Python 2 compatibility mode (comments) ``jwt.encode(...)`` return type ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Tokens are returned as string instead of a byte string โฌ๏ธ Dropped deprecated errors ^^^^^^^^^^^^^^^^^^^^^^^^^ โ Removed ``ExpiredSignature``, ``InvalidAudience``, and ``InvalidIssuer``. Use ``ExpiredSignatureError``, ``InvalidAudienceError``, and ``InvalidIssuerError`` instead. โฌ๏ธ Dropped deprecated ``verify_expiration`` param in ``jwt.decode(...)`` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ๐ Use ``jwt.decode(encoded, key, algorithms=["HS256"], options={"verify_exp": False})`` instead. โฌ๏ธ Dropped deprecated ``verify`` param in ``jwt.decode(...)`` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ๐ Use ``jwt.decode(encoded, key, options={"verify_signature": False})`` instead. 0๏ธโฃ Require explicit ``algorithms`` in ``jwt.decode(...)`` by default ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Example: ``jwt.decode(encoded, key, algorithms=["HS256"])``. โฌ๏ธ Dropped deprecated ``require_*`` options in ``jwt.decode(...)`` ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ For example, instead of ``jwt.decode(encoded, key, algorithms=["HS256"], options={"require_exp": True})``, ๐ use ``jwt.decode(encoded, key, algorithms=["HS256"], options={"require": ["exp"]})``. And the old v1.x syntax ``jwt.decode(token, verify=False)`` is now: ``jwt.decode(jwt=token, key='secret', algorithms=['HS256'], options={"verify_signature": False, "verify_exp": True})`` โ Added ~~~~~ ๐ Introduce better experience for JWKs ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Introduce ``PyJWK``, ``PyJWKSet``, and ``PyJWKClient``. .. code:: python import jwt from jwt import PyJWKClient token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik5FRTFRVVJCT1RNNE16STVSa0ZETlRZeE9UVTFNRGcyT0Rnd1EwVXpNVGsxUWpZeVJrUkZRdyJ9.eyJpc3MiOiJodHRwczovL2Rldi04N2V2eDlydS5hdXRoMC5jb20vIiwic3ViIjoiYVc0Q2NhNzl4UmVMV1V6MGFFMkg2a0QwTzNjWEJWdENAY2xpZW50cyIsImF1ZCI6Imh0dHBzOi8vZXhwZW5zZXMtYXBpIiwiaWF0IjoxNTcyMDA2OTU0LCJleHAiOjE1NzIwMDY5NjQsImF6cCI6ImFXNENjYTc5eFJlTFdVejBhRTJINmtEME8zY1hCVnRDIiwiZ3R5IjoiY2xpZW50LWNyZWRlbnRpYWxzIn0.PUxE7xn52aTCohGiWoSdMBZGiYAHwE5FYie0Y1qUT68IHSTXwXVd6hn02HTah6epvHHVKA2FqcFZ4GGv5VTHEvYpeggiiZMgbxFrmTEY0csL6VNkX1eaJGcuehwQCRBKRLL3zKmA5IKGy5GeUnIbpPHLHDxr-GXvgFzsdsyWlVQvPX2xjeaQ217r2PtxDeqjlf66UYl6oY6AqNS8DH3iryCvIfCcybRZkc_hdy-6ZMoKT6Piijvk_aXdm7-QQqKJFHLuEqrVSOuBqqiNfVrG27QzAPuPOxvfXTVLXL2jek5meH6n-VWgrBdoMFH93QEszEDowDAEhQPHVs0xj7SIzA" kid = "NEE1QURBOTM4MzI5RkFDNTYxOTU1MDg2ODgwQ0UzMTk1QjYyRkRFQw" url = "https://dev-87evx9ru.auth0.com/.well-known/jwks.json" jwks_client = PyJWKClient(url) signing_key = jwks_client.get_signing_key_from_jwt(token) data = jwt.decode( token, signing_key.key, algorithms=["RS256"], audience="https://expenses-api", options={"verify_exp": False}, ) print(data) ๐ Support for JWKs containing ECDSA keys ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ โ Add support for Ed25519 / EdDSA ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Pull Requests
- โ Add PyPy3 to the test matrix (#550) by @jdufresne
- Require tweak (#280) by @psafont
- Decode return type is dictstr, Any by @jacopofar
- ๐ Fix linter error in test_cli (#414) by @jaraco
- Run mypy with tox (#421) by @jpadilla
- Document (and prefer) pyjwt[crypto] req format (#426) by @gthb
- Correct type for json_encoder argument (#438) by @jdufresne
- Prefer https:// links where available (#439) by @jdufresne
- Pass python_requires argument to setuptools (#440) by @jdufresne
- Rename [wheel] section to [bdist_wheel] as the former is legacy (#441) by @jdufresne
- ๐ Remove setup.py test command in favor of pytest and tox (#442) by @jdufresne
- Fix mypy errors (#449) by @jpadilla
- DX Tweaks (#450) by @jpadilla
- ๐ Add support of python 3.8 (#452) by @Djailla
- Fix 406 (#454) by @justinbaur
- โ Add support for Ed25519 / EdDSA, with unit tests (#455) by @Someguy123
- ๐ Remove Python 2.7 compatibility (#457) by @Djailla
- Fix simple typo: encododed -> encoded (#462) by @timgates42
- โจ Enhance tracebacks. (#477) by @JulienPalard
- Simplify
python_requires
(#478) by @michael-k - Document top-level .encode and .decode to close #459 (#482) by @dimaqq
- ๐ Improve documentation for audience usage (#484) by @CorreyL
- โ Correct README on how to run tests locally (#489) by @jdufresne
- ๐ Fix
tox -e lint
warnings and errors (#490) by @jdufresne - โฌ๏ธ Run pyupgrade across project to use modern Python 3 conventions (#491) by @jdufresne
- ๐ Add Python-3-only trove classifier and remove "universal" from wheel (#492) by @jdufresne
- โ Emit warnings about user code, not pyjwt code (#494) by @mgedmin
- ๐ Move setup information to declarative setup.cfg (#495) by @jdufresne
- CLI options for verifying audience and issuer (#496) by @GeoffRichards
- Specify the target Python version for mypy (#497) by @jdufresne
- ๐ Remove unnecessary compatibility shims for Python 2 (#498) by @jdufresne
- Setup GH Actions (#499) by @jpadilla
- Implementation of ECAlgorithm.from_jwk (#500) by @jpadilla
- ๐ Remove cli entry point (#501) by @jpadilla
- Expose InvalidKeyError on jwt module (#503) by @russellcardullo
- Avoid loading token twice in pyjwt.decode (#506) by @CaselIT
- ๐ Default links to stable version of documentation (#508) by @salcedo
- โก๏ธ Update README.md badges (#510) by @jpadilla
- ๐ Introduce better experience for JWKs (#511) by @jpadilla
- Fix tox conditional extras (#512) by @jpadilla
- Return tokens as string not bytes (#513) by @jpadilla
- ๐ Drop support for legacy contrib algorithms (#514) by @jpadilla
- ๐ Drop deprecation warnings (#515) by @jpadilla
- โก๏ธ Update Auth0 sponsorship link (#519) by @Sambego
- โก๏ธ Update return type for jwt.encode (#521) by @moomoolive
- โ Run tests against Python 3.9 and add trove classifier (#522) by @michael-k
- ๐ Removed redundant
default_backend()
(#523) by @rohitkg98 - Documents how to use private keys with passphrases (#525) by @rayluo
- โก๏ธ Update version to 2.0.0a1 (#528) by @jpadilla
- Fix usage example (#530) by @nijel
- ๐ add EdDSA to docs (#531) by @CircleOnCircles
- ๐ Remove support for EOL Python 3.5 (#532) by @jdufresne
- โฌ๏ธ Upgrade to isort 5 and adjust configurations (#533) by @jdufresne
- ๐ Remove unused argument "verify" from PyJWS.decode() (#534) by @jdufresne
- โก๏ธ Update typing syntax and usage for Python 3.6+ (#535) by @jdufresne
- โฌ๏ธ Run pyupgrade to simplify code and use Python 3.6 syntax (#536) by @jdufresne
- โ Drop unknown pytest config option: strict (#537) by @jdufresne
- โฌ๏ธ Upgrade black version and usage (#538) by @jdufresne
- ๐ Remove "Command line" sections from docs (#539) by @jdufresne
- โ Use existing key_path() utility function throughout tests (#540) by @jdufresne
- Replace force_bytes()/force_unicode() in tests with literals (#541) by @jdufresne
- ๐ Remove unnecessary Unicode decoding before json.loads() (#542) by @jdufresne
- Remove unnecessary force_bytes() calls priot to base64url_decode() (#543) by @jdufresne
- ๐ Remove deprecated arguments from docs (#544) by @jdufresne
- โก๏ธ Update code blocks in docs (#545) by @jdufresne
- ๐จ Refactor jwt/jwks_client.py without requests dependency (#546) by @jdufresne
- ๐ Tighten bytes/str boundaries and remove unnecessary coercing (#547) by @jdufresne
- Replace codecs.open() with builtin open() (#548) by @jdufresne
- Replace int_from_bytes() with builtin int.from_bytes() (#549) by @jdufresne
- Enforce .encode() return type using mypy (#551) by @jdufresne
- Prefer direct indexing over options.get() (#552) by @jdufresne
- Cleanup "noqa" comments (#553) by @jdufresne
- ๐ Replace merge_dict() with builtin dict unpacking generalizations (#555) by @jdufresne
- ๐ฐ Do not mutate the input payload in PyJWT.encode() (#557) by @jdufresne
- Use direct indexing in PyJWKClient.get_signing_key_from_jwt() (#558) by @jdufresne
- Split PyJWT/PyJWS classes to tighten type interfaces (#559) by @jdufresne
- โ Simplify mocked_response test utility function (#560) by @jdufresne
- โก๏ธ Autoupdate pre-commit hooks and apply them (#561) by @jdufresne
- ๐ Remove unused argument "payload" from PyJWS.\ verify\ signature() (#562) by @jdufresne
- โ Add utility functions to assist test skipping (#563) by @jdufresne
- Type hint jwt.utils module (#564) by @jdufresne
- Prefer ModuleNotFoundError over ImportError (#565) by @jdufresne
- Fix tox "manifest" environment to pass (#566) by @jdufresne
- ๐ Fix tox "docs" environment to pass (#567) by @jdufresne
- ๐ง Simplify black configuration to be closer to upstream defaults (#568) by @jdufresne
- Use generator expressions (#569) by @jdufresne
- Simplify from_base64url_uint() (#570) by @jdufresne
- ๐ Drop lint environment from GitHub actions in favor of pre-commit.ci (#571) by @jdufresne
- โก๏ธ [pre-commit.ci] pre-commit autoupdate (#572)
- ๐ง Simplify tox configuration (#573) by @jdufresne
- โ Combine identical test functions using pytest.mark.parametrize() (#574) by @jdufresne
- Complete type hinting of jwks_client.py (#578) by @jdufresne