PyJWT v2.0.0 Release Notes

  • ๐Ÿ”„ Changed

    โฌ‡๏ธ Drop support for Python 2 and Python 3.0-3.5
    ๐Ÿ‘ Python 3.5 is EOL so we decide to drop its support. Version ``1.7.1`` is
    ๐Ÿ‘ the last one supporting Python 3.0-3.5.
    Require cryptography >= 3
    โฌ‡๏ธ Drop support for PyCrypto and ECDSA
    We've kept this around for a long time, mostly for environments that
    didn't allow installing cryptography.
    โฌ‡๏ธ Drop CLI
    โฌ‡๏ธ Dropped the included cli entry point.
    ๐Ÿ‘Œ Improve typings
    We no longer need to use mypy Python 2 compatibility mode (comments)
    ``jwt.encode(...)`` return type
    Tokens are returned as string instead of a byte string
    โฌ‡๏ธ Dropped deprecated errors
    โœ‚ Removed ``ExpiredSignature``, ``InvalidAudience``, and
    ``InvalidIssuer``. Use ``ExpiredSignatureError``,
    ``InvalidAudienceError``, and ``InvalidIssuerError`` instead.
    โฌ‡๏ธ Dropped deprecated ``verify_expiration`` param in ``jwt.decode(...)``
    ๐Ÿ‘‰ Use
    ``jwt.decode(encoded, key, algorithms=["HS256"], options={"verify_exp": False})``
    โฌ‡๏ธ Dropped deprecated ``verify`` param in ``jwt.decode(...)``
    ๐Ÿ‘‰ Use ``jwt.decode(encoded, key, options={"verify_signature": False})``
    0๏ธโƒฃ Require explicit ``algorithms`` in ``jwt.decode(...)`` by default
    Example: ``jwt.decode(encoded, key, algorithms=["HS256"])``.
    โฌ‡๏ธ Dropped deprecated ``require_*`` options in ``jwt.decode(...)``
    For example, instead of
    ``jwt.decode(encoded, key, algorithms=["HS256"], options={"require_exp": True})``,
    ๐Ÿ‘‰ use
    ``jwt.decode(encoded, key, algorithms=["HS256"], options={"require": ["exp"]})``.
    โž• Added

    ๐Ÿ‘ Introduce better experience for JWKs

    Introduce PyJWK, PyJWKSet, and PyJWKClient.

    .. code:: python

    import jwt
    from jwt import PyJWKClient
    token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik5FRTFRVVJCT1RNNE16STVSa0ZETlRZeE9UVTFNRGcyT0Rnd1EwVXpNVGsxUWpZeVJrUkZRdyJ9.eyJpc3MiOiJodHRwczovL2Rldi04N2V2eDlydS5hdXRoMC5jb20vIiwic3ViIjoiYVc0Q2NhNzl4UmVMV1V6MGFFMkg2a0QwTzNjWEJWdENAY2xpZW50cyIsImF1ZCI6Imh0dHBzOi8vZXhwZW5zZXMtYXBpIiwiaWF0IjoxNTcyMDA2OTU0LCJleHAiOjE1NzIwMDY5NjQsImF6cCI6ImFXNENjYTc5eFJlTFdVejBhRTJINmtEME8zY1hCVnRDIiwiZ3R5IjoiY2xpZW50LWNyZWRlbnRpYWxzIn0.PUxE7xn52aTCohGiWoSdMBZGiYAHwE5FYie0Y1qUT68IHSTXwXVd6hn02HTah6epvHHVKA2FqcFZ4GGv5VTHEvYpeggiiZMgbxFrmTEY0csL6VNkX1eaJGcuehwQCRBKRLL3zKmA5IKGy5GeUnIbpPHLHDxr-GXvgFzsdsyWlVQvPX2xjeaQ217r2PtxDeqjlf66UYl6oY6AqNS8DH3iryCvIfCcybRZkc_hdy-6ZMoKT6Piijvk_aXdm7-QQqKJFHLuEqrVSOuBqqiNfVrG27QzAPuPOxvfXTVLXL2jek5meH6n-VWgrBdoMFH93QEszEDowDAEhQPHVs0xj7SIzA"
    url = ""
    jwks_client = PyJWKClient(url)
    signing_key = jwks_client.get_signing_key_from_jwt(token)
    data = jwt.decode(
        options={"verify_exp": False},

    ๐Ÿ‘Œ Support for JWKs containing ECDSA keys

    โž• Add support for Ed25519 / EdDSA

    Pull Requests

    - โœ…  Add PyPy3 to the test matrix (#550) by @jdufresne
    -  Require tweak (#280) by @psafont
    -  Decode return type is dict[str, Any] (#393) by @jacopofar
    - ๐Ÿ‘•  Fix linter error in test\_cli (#414) by @jaraco
    -  Run mypy with tox (#421) by @jpadilla
    -  Document (and prefer) pyjwt[crypto] req format (#426) by @gthb
    -  Correct type for json\_encoder argument (#438) by @jdufresne
    -  Prefer https:// links where available (#439) by @jdufresne
    -  Pass python\_requires argument to setuptools (#440) by @jdufresne
    -  Rename [wheel] section to [bdist\_wheel] as the former is legacy
       (#441) by @jdufresne
    - ๐Ÿšš  Remove test command in favor of pytest and tox (#442) by
    -  Fix mypy errors (#449) by @jpadilla
    -  DX Tweaks (#450) by @jpadilla
    - ๐Ÿ‘  Add support of python 3.8 (#452) by @Djailla
    -  Fix 406 (#454) by @justinbaur
    - โœ…  Add support for Ed25519 / EdDSA, with unit tests (#455) by
    - ๐Ÿšš  Remove Python 2.7 compatibility (#457) by @Djailla
    -  Fix simple typo: encododed -> encoded (#462) by @timgates42
    - โœจ  Enhance tracebacks. (#477) by @JulienPalard
    -  Simplify ``python_requires`` (#478) by @michael-k
    -  Document top-level .encode and .decode to close #459 (#482) by
    - ๐Ÿ“š  Improve documentation for audience usage (#484) by @CorreyL
    - โœ…  Correct README on how to run tests locally (#489) by @jdufresne
    - ๐Ÿ‘•  Fix ``tox -e lint`` warnings and errors (#490) by @jdufresne
    - โฌ†๏ธ  Run pyupgrade across project to use modern Python 3 conventions
       (#491) by @jdufresne
    - ๐Ÿšš  Add Python-3-only trove classifier and remove "universal" from wheel
       (#492) by @jdufresne
    - โš    Emit warnings about user code, not pyjwt code (#494) by @mgedmin
    - ๐Ÿšš  Move setup information to declarative setup.cfg (#495) by @jdufresne
    -  CLI options for verifying audience and issuer (#496) by
    -  Specify the target Python version for mypy (#497) by @jdufresne
    - ๐Ÿšš  Remove unnecessary compatibility shims for Python 2 (#498) by
    -  Setup GH Actions (#499) by @jpadilla
    -  Implementation of ECAlgorithm.from\_jwk (#500) by @jpadilla
    - ๐Ÿšš  Remove cli entry point (#501) by @jpadilla
    -  Expose InvalidKeyError on jwt module (#503) by @russellcardullo
    -  Avoid loading token twice in pyjwt.decode (#506) by @CaselIT
    - ๐Ÿ“š  Default links to stable version of documentation (#508) by @salcedo
    - โšก๏ธ  Update badges (#510) by @jpadilla
    - ๐Ÿ‘  Introduce better experience for JWKs (#511) by @jpadilla
    -  Fix tox conditional extras (#512) by @jpadilla
    -  Return tokens as string not bytes (#513) by @jpadilla
    - ๐Ÿ‘  Drop support for legacy contrib algorithms (#514) by @jpadilla
    - ๐Ÿ—„  Drop deprecation warnings (#515) by @jpadilla
    - โšก๏ธ  Update Auth0 sponsorship link (#519) by @Sambego
    - โšก๏ธ  Update return type for jwt.encode (#521) by @moomoolive
    - โœ…  Run tests against Python 3.9 and add trove classifier (#522) by
    - ๐Ÿšš  Removed redundant ``default_backend()`` (#523) by @rohitkg98
    -  Documents how to use private keys with passphrases (#525) by @rayluo
    - โšก๏ธ  Update version to 2.0.0a1 (#528) by @jpadilla
    -  Fix usage example (#530) by @nijel
    - ๐Ÿ“„  add EdDSA to docs (#531) by @CircleOnCircles
    - ๐Ÿšš  Remove support for EOL Python 3.5 (#532) by @jdufresne
    - โฌ†๏ธ  Upgrade to isort 5 and adjust configurations (#533) by @jdufresne
    - ๐Ÿšš  Remove unused argument "verify" from PyJWS.decode() (#534) by
    - โšก๏ธ  Update typing syntax and usage for Python 3.6+ (#535) by @jdufresne
    - โฌ†๏ธ  Run pyupgrade to simplify code and use Python 3.6 syntax (#536) by
    - โœ…  Drop unknown pytest config option: strict (#537) by @jdufresne
    - โฌ†๏ธ  Upgrade black version and usage (#538) by @jdufresne
    - ๐Ÿšš  Remove "Command line" sections from docs (#539) by @jdufresne
    - โœ…  Use existing key\_path() utility function throughout tests (#540) by
    -  Replace force\_bytes()/force\_unicode() in tests with literals (#541)
       by @jdufresne
    - ๐Ÿšš  Remove unnecessary Unicode decoding before json.loads() (#542) by
    -  Remove unnecessary force\_bytes() calls priot to base64url\_decode()
       (#543) by @jdufresne
    - ๐Ÿšš  Remove deprecated arguments from docs (#544) by @jdufresne
    - โšก๏ธ  Update code blocks in docs (#545) by @jdufresne
    - ๐Ÿ”จ  Refactor jwt/jwks\ without requests dependency (#546) by
    - ๐Ÿšš  Tighten bytes/str boundaries and remove unnecessary coercing (#547)
       by @jdufresne
    -  Replace with builtin open() (#548) by @jdufresne
    -  Replace int\_from\_bytes() with builtin int.from\_bytes() (#549) by
    -  Enforce .encode() return type using mypy (#551) by @jdufresne
    -  Prefer direct indexing over options.get() (#552) by @jdufresne
    -  Cleanup "noqa" comments (#553) by @jdufresne
    - ๐Ÿ”€  Replace merge\_dict() with builtin dict unpacking generalizations
       (#555) by @jdufresne
    - ๐Ÿ›ฐ  Do not mutate the input payload in PyJWT.encode() (#557) by
    -  Use direct indexing in PyJWKClient.get\_signing\_key\_from\_jwt()
       (#558) by @jdufresne
    -  Split PyJWT/PyJWS classes to tighten type interfaces (#559) by
    - โœ…  Simplify mocked\_response test utility function (#560) by @jdufresne
    - โšก๏ธ  Autoupdate pre-commit hooks and apply them (#561) by @jdufresne
    - ๐Ÿ‘Œ  Remove unused argument "payload" from PyJWS.\ *verify*\ signature()
       (#562) by @jdufresne
    - โœ…  Add utility functions to assist test skipping (#563) by @jdufresne
    -  Type hint jwt.utils module (#564) by @jdufresne
    -  Prefer ModuleNotFoundError over ImportError (#565) by @jdufresne
    -  Fix tox "manifest" environment to pass (#566) by @jdufresne
    - ๐Ÿ“„  Fix tox "docs" environment to pass (#567) by @jdufresne
    - ๐Ÿ”ง  Simplify black configuration to be closer to upstream defaults (#568)
       by @jdufresne
    -  Use generator expressions (#569) by @jdufresne
    -  Simplify from\_base64url\_uint() (#570) by @jdufresne
    - ๐Ÿ‘•  Drop lint environment from GitHub actions in favor of
       (#571) by @jdufresne
    - โšก๏ธ  [] pre-commit autoupdate (#572)
    - ๐Ÿ”ง  Simplify tox configuration (#573) by @jdufresne
    - โœ…  Combine identical test functions using pytest.mark.parametrize()
       (#574) by @jdufresne
    -  Complete type hinting of jwks\ (#578) by @jdufresne