PyJWT changelog

Changelog History

Page 1

• v2.3.0 Changes

  🛠 Fixed

  
  - ⏪ Revert "Remove arbitrary kwargs." `#701 <https://github.com/jpadilla/pyjwt/pull/701>`__
  
  ➕ Added
  

  • ➕ Add exception chaining #702 <https://github.com/jpadilla/pyjwt/pull/702>__

• v2.2.0 Changes

  🔄 Changed

  
  - ✂ Remove arbitrary kwargs. `#657 <https://github.com/jpadilla/pyjwt/pull/657>`__
  - 📦 Use timezone package as Python 3.5+ is required. `#694 <https://github.com/jpadilla/pyjwt/pull/694>`__
  
  🛠 Fixed
  

  • Assume JWK without the "use" claim is valid for signing as per RFC7517 #668 <https://github.com/jpadilla/pyjwt/pull/668>__
  • Prefer headers["alg"] to algorithm in jwt.encode(). #673 <https://github.com/jpadilla/pyjwt/pull/673>__
  • 🛠 Fix aud validation to support {'aud': null} case. #670 <https://github.com/jpadilla/pyjwt/pull/670>__
  • 👉 Make typ optional in JWT to be compliant with RFC7519. #644 <https://github.com/jpadilla/pyjwt/pull/644>__
  • 🚚 Remove upper bound on cryptography version. #693 <https://github.com/jpadilla/pyjwt/pull/693>__

  ➕ Added

  
  - ➕ Add support for Ed448/EdDSA. `#675 <https://github.com/jpadilla/pyjwt/pull/675>`__
  

• v2.1.0 Changes

  🔄 Changed

  
  - 👍 Allow claims validation without making JWT signature validation mandatory. `#608 <https://github.com/jpadilla/pyjwt/pull/608>`__
  
  🛠 Fixed
  

  • ✂ Remove padding from JWK test data. #628 <https://github.com/jpadilla/pyjwt/pull/628>__
  • 👉 Make kty mandatory in JWK to be compliant with RFC7517. #624 <https://github.com/jpadilla/pyjwt/pull/624>__
  • 👍 Allow JWK without alg to be compliant with RFC7517. #624 <https://github.com/jpadilla/pyjwt/pull/624>__
  • 👍 Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm. #645 <https://github.com/jpadilla/pyjwt/pull/645>__

  ➕ Added

  
  - ➕ Add caching by default to PyJWKClient `#611 <https://github.com/jpadilla/pyjwt/pull/611>`__
  - Add missing exceptions.InvalidKeyError to jwt module __init__ imports `#620 <https://github.com/jpadilla/pyjwt/pull/620>`__
  - ➕ Add support for ES256K algorithm `#629 <https://github.com/jpadilla/pyjwt/pull/629>`__
  - Add `from_jwk()` to Ed25519Algorithm `#621 <https://github.com/jpadilla/pyjwt/pull/621>`__
  - Add `to_jwk()` to Ed25519Algorithm `#643 <https://github.com/jpadilla/pyjwt/pull/643>`__
  - Export `PyJWK` and `PyJWKSet` `#652 <https://github.com/jpadilla/pyjwt/pull/652>`__
  

• v2.0.1 Changes

  🔄 Changed

  
  - 📄 Rename CHANGELOG.md to CHANGELOG.rst and include in docs `#597 <https://github.com/jpadilla/pyjwt/pull/597>`__
  
  🛠 Fixed
  

  • Fix from_jwk() for all algorithms #598 <https://github.com/jpadilla/pyjwt/pull/598>__

  ➕ Added

• v2.0.0 Changes

  🔄 Changed

  
  ⬇️ Drop support for Python 2 and Python 3.0-3.5
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  
  👍 Python 3.5 is EOL so we decide to drop its support. Version ``1.7.1`` is
  👍 the last one supporting Python 3.0-3.5.
  
  Require cryptography >= 3
  ^^^^^^^^^^^^^^^^^^^^^^^^^
  
  ⬇️ Drop support for PyCrypto and ECDSA
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  
  We've kept this around for a long time, mostly for environments that
  didn't allow installing cryptography.
  
  ⬇️ Drop CLI
  ^^^^^^^^
  
  ⬇️ Dropped the included cli entry point.
  
  👌 Improve typings
  ^^^^^^^^^^^^^^^
  
  We no longer need to use mypy Python 2 compatibility mode (comments)
  
  ``jwt.encode(...)`` return type
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  
  Tokens are returned as string instead of a byte string
  
  ⬇️ Dropped deprecated errors
  ^^^^^^^^^^^^^^^^^^^^^^^^^
  
  ✂ Removed ``ExpiredSignature``, ``InvalidAudience``, and
  ``InvalidIssuer``. Use ``ExpiredSignatureError``,
  ``InvalidAudienceError``, and ``InvalidIssuerError`` instead.
  
  ⬇️ Dropped deprecated ``verify_expiration`` param in ``jwt.decode(...)``
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  
  👉 Use
  ``jwt.decode(encoded, key, algorithms=["HS256"], options={"verify_exp": False})``
  instead.
  
  ⬇️ Dropped deprecated ``verify`` param in ``jwt.decode(...)``
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  
  👉 Use ``jwt.decode(encoded, key, options={"verify_signature": False})``
  instead.
  
  0️⃣ Require explicit ``algorithms`` in ``jwt.decode(...)`` by default
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  
  Example: ``jwt.decode(encoded, key, algorithms=["HS256"])``.
  
  ⬇️ Dropped deprecated ``require_*`` options in ``jwt.decode(...)``
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  
  For example, instead of
  ``jwt.decode(encoded, key, algorithms=["HS256"], options={"require_exp": True})``,
  👉 use
  ``jwt.decode(encoded, key, algorithms=["HS256"], options={"require": ["exp"]})``.
  
  ➕ Added
  

  👍 Introduce better experience for JWKs

  Introduce PyJWK, PyJWKSet, and PyJWKClient.

  .. code:: python

  import jwt
  from jwt import PyJWKClient
  
  token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ik5FRTFRVVJCT1RNNE16STVSa0ZETlRZeE9UVTFNRGcyT0Rnd1EwVXpNVGsxUWpZeVJrUkZRdyJ9.eyJpc3MiOiJodHRwczovL2Rldi04N2V2eDlydS5hdXRoMC5jb20vIiwic3ViIjoiYVc0Q2NhNzl4UmVMV1V6MGFFMkg2a0QwTzNjWEJWdENAY2xpZW50cyIsImF1ZCI6Imh0dHBzOi8vZXhwZW5zZXMtYXBpIiwiaWF0IjoxNTcyMDA2OTU0LCJleHAiOjE1NzIwMDY5NjQsImF6cCI6ImFXNENjYTc5eFJlTFdVejBhRTJINmtEME8zY1hCVnRDIiwiZ3R5IjoiY2xpZW50LWNyZWRlbnRpYWxzIn0.PUxE7xn52aTCohGiWoSdMBZGiYAHwE5FYie0Y1qUT68IHSTXwXVd6hn02HTah6epvHHVKA2FqcFZ4GGv5VTHEvYpeggiiZMgbxFrmTEY0csL6VNkX1eaJGcuehwQCRBKRLL3zKmA5IKGy5GeUnIbpPHLHDxr-GXvgFzsdsyWlVQvPX2xjeaQ217r2PtxDeqjlf66UYl6oY6AqNS8DH3iryCvIfCcybRZkc_hdy-6ZMoKT6Piijvk_aXdm7-QQqKJFHLuEqrVSOuBqqiNfVrG27QzAPuPOxvfXTVLXL2jek5meH6n-VWgrBdoMFH93QEszEDowDAEhQPHVs0xj7SIzA"
  kid = "NEE1QURBOTM4MzI5RkFDNTYxOTU1MDg2ODgwQ0UzMTk1QjYyRkRFQw"
  url = "https://dev-87evx9ru.auth0.com/.well-known/jwks.json"
  
  jwks_client = PyJWKClient(url)
  signing_key = jwks_client.get_signing_key_from_jwt(token)
  
  data = jwt.decode(
      token,
      signing_key.key,
      algorithms=["RS256"],
      audience="https://expenses-api",
      options={"verify_exp": False},
  )
  print(data)
  

  👌 Support for JWKs containing ECDSA keys

  ➕ Add support for Ed25519 / EdDSA

  Pull Requests

  
  - ✅  Add PyPy3 to the test matrix (#550) by @jdufresne
  -  Require tweak (#280) by @psafont
  -  Decode return type is dict[str, Any] (#393) by @jacopofar
  - 👕  Fix linter error in test\_cli (#414) by @jaraco
  -  Run mypy with tox (#421) by @jpadilla
  -  Document (and prefer) pyjwt[crypto] req format (#426) by @gthb
  -  Correct type for json\_encoder argument (#438) by @jdufresne
  -  Prefer https:// links where available (#439) by @jdufresne
  -  Pass python\_requires argument to setuptools (#440) by @jdufresne
  -  Rename [wheel] section to [bdist\_wheel] as the former is legacy
     (#441) by @jdufresne
  - 🚚  Remove setup.py test command in favor of pytest and tox (#442) by
     @jdufresne
  -  Fix mypy errors (#449) by @jpadilla
  -  DX Tweaks (#450) by @jpadilla
  - 👍  Add support of python 3.8 (#452) by @Djailla
  -  Fix 406 (#454) by @justinbaur
  - ✅  Add support for Ed25519 / EdDSA, with unit tests (#455) by
     @Someguy123
  - 🚚  Remove Python 2.7 compatibility (#457) by @Djailla
  -  Fix simple typo: encododed -> encoded (#462) by @timgates42
  - ✨  Enhance tracebacks. (#477) by @JulienPalard
  -  Simplify ``python_requires`` (#478) by @michael-k
  -  Document top-level .encode and .decode to close #459 (#482) by
     @dimaqq
  - 📚  Improve documentation for audience usage (#484) by @CorreyL
  - ✅  Correct README on how to run tests locally (#489) by @jdufresne
  - 👕  Fix ``tox -e lint`` warnings and errors (#490) by @jdufresne
  - ⬆️  Run pyupgrade across project to use modern Python 3 conventions
     (#491) by @jdufresne
  - 🚚  Add Python-3-only trove classifier and remove "universal" from wheel
     (#492) by @jdufresne
  - ⚠   Emit warnings about user code, not pyjwt code (#494) by @mgedmin
  - 🚚  Move setup information to declarative setup.cfg (#495) by @jdufresne
  -  CLI options for verifying audience and issuer (#496) by
     @GeoffRichards
  -  Specify the target Python version for mypy (#497) by @jdufresne
  - 🚚  Remove unnecessary compatibility shims for Python 2 (#498) by
     @jdufresne
  -  Setup GH Actions (#499) by @jpadilla
  -  Implementation of ECAlgorithm.from\_jwk (#500) by @jpadilla
  - 🚚  Remove cli entry point (#501) by @jpadilla
  -  Expose InvalidKeyError on jwt module (#503) by @russellcardullo
  -  Avoid loading token twice in pyjwt.decode (#506) by @CaselIT
  - 📚  Default links to stable version of documentation (#508) by @salcedo
  - ⚡️  Update README.md badges (#510) by @jpadilla
  - 👍  Introduce better experience for JWKs (#511) by @jpadilla
  -  Fix tox conditional extras (#512) by @jpadilla
  -  Return tokens as string not bytes (#513) by @jpadilla
  - 👍  Drop support for legacy contrib algorithms (#514) by @jpadilla
  - 🗄  Drop deprecation warnings (#515) by @jpadilla
  - ⚡️  Update Auth0 sponsorship link (#519) by @Sambego
  - ⚡️  Update return type for jwt.encode (#521) by @moomoolive
  - ✅  Run tests against Python 3.9 and add trove classifier (#522) by
     @michael-k
  - 🚚  Removed redundant ``default_backend()`` (#523) by @rohitkg98
  -  Documents how to use private keys with passphrases (#525) by @rayluo
  - ⚡️  Update version to 2.0.0a1 (#528) by @jpadilla
  -  Fix usage example (#530) by @nijel
  - 📄  add EdDSA to docs (#531) by @CircleOnCircles
  - 🚚  Remove support for EOL Python 3.5 (#532) by @jdufresne
  - ⬆️  Upgrade to isort 5 and adjust configurations (#533) by @jdufresne
  - 🚚  Remove unused argument "verify" from PyJWS.decode() (#534) by
     @jdufresne
  - ⚡️  Update typing syntax and usage for Python 3.6+ (#535) by @jdufresne
  - ⬆️  Run pyupgrade to simplify code and use Python 3.6 syntax (#536) by
     @jdufresne
  - ✅  Drop unknown pytest config option: strict (#537) by @jdufresne
  - ⬆️  Upgrade black version and usage (#538) by @jdufresne
  - 🚚  Remove "Command line" sections from docs (#539) by @jdufresne
  - ✅  Use existing key\_path() utility function throughout tests (#540) by
     @jdufresne
  -  Replace force\_bytes()/force\_unicode() in tests with literals (#541)
     by @jdufresne
  - 🚚  Remove unnecessary Unicode decoding before json.loads() (#542) by
     @jdufresne
  -  Remove unnecessary force\_bytes() calls priot to base64url\_decode()
     (#543) by @jdufresne
  - 🚚  Remove deprecated arguments from docs (#544) by @jdufresne
  - ⚡️  Update code blocks in docs (#545) by @jdufresne
  - 🔨  Refactor jwt/jwks\_client.py without requests dependency (#546) by
     @jdufresne
  - 🚚  Tighten bytes/str boundaries and remove unnecessary coercing (#547)
     by @jdufresne
  -  Replace codecs.open() with builtin open() (#548) by @jdufresne
  -  Replace int\_from\_bytes() with builtin int.from\_bytes() (#549) by
     @jdufresne
  -  Enforce .encode() return type using mypy (#551) by @jdufresne
  -  Prefer direct indexing over options.get() (#552) by @jdufresne
  -  Cleanup "noqa" comments (#553) by @jdufresne
  - 🔀  Replace merge\_dict() with builtin dict unpacking generalizations
     (#555) by @jdufresne
  - 🛰  Do not mutate the input payload in PyJWT.encode() (#557) by
     @jdufresne
  -  Use direct indexing in PyJWKClient.get\_signing\_key\_from\_jwt()
     (#558) by @jdufresne
  -  Split PyJWT/PyJWS classes to tighten type interfaces (#559) by
     @jdufresne
  - ✅  Simplify mocked\_response test utility function (#560) by @jdufresne
  - ⚡️  Autoupdate pre-commit hooks and apply them (#561) by @jdufresne
  - 👌  Remove unused argument "payload" from PyJWS.\ *verify*\ signature()
     (#562) by @jdufresne
  - ✅  Add utility functions to assist test skipping (#563) by @jdufresne
  -  Type hint jwt.utils module (#564) by @jdufresne
  -  Prefer ModuleNotFoundError over ImportError (#565) by @jdufresne
  -  Fix tox "manifest" environment to pass (#566) by @jdufresne
  - 📄  Fix tox "docs" environment to pass (#567) by @jdufresne
  - 🔧  Simplify black configuration to be closer to upstream defaults (#568)
     by @jdufresne
  -  Use generator expressions (#569) by @jdufresne
  -  Simplify from\_base64url\_uint() (#570) by @jdufresne
  - 👕  Drop lint environment from GitHub actions in favor of pre-commit.ci
     (#571) by @jdufresne
  - ⚡️  [pre-commit.ci] pre-commit autoupdate (#572)
  - 🔧  Simplify tox configuration (#573) by @jdufresne
  - ✅  Combine identical test functions using pytest.mark.parametrize()
     (#574) by @jdufresne
  -  Complete type hinting of jwks\_client.py (#578) by @jdufresne
  

• v2.0.0.a1

  November 02, 2020

• v1.7.1 Changes

  December 07, 2018

  🛠 Fixed

  • ⚡️ Update test dependencies with pinned ranges (b65e1ac)
  • 🛠 Fix pytest deprecation warnings (b65e1ac)

• v1.7.0 Changes

  December 02, 2018

  🔄 Changed

  
  - 🚚  Remove CRLF line endings
     `#353 <https://github.com/jpadilla/pyjwt/pull/353>`__
  
  🛠 Fixed
  

  • ⚡️ Update usage.rst #360 <https://github.com/jpadilla/pyjwt/pull/360>__

  ➕ Added

  
  - 👍  Support for Python 3.7
     `#375 <https://github.com/jpadilla/pyjwt/pull/375>`__
     `#379 <https://github.com/jpadilla/pyjwt/pull/379>`__
     `#384 <https://github.com/jpadilla/pyjwt/pull/384>`__
  

• v1.6.4 Changes

  May 24, 2018

  🛠 Fixed

  
  -  Reverse an unintentional breaking API change to .decode()
     `#352 <https://github.com/jpadilla/pyjwt/pull/352>`__
  

• v1.6.3 Changes

  May 19, 2018

  🚚 Note: I accidentally published v1.6.2 and removed it from PyPI, that's why the jump to v1.6.3

  🔄 Changed

  • All exceptions inherit from PyJWTError #340

  ➕ Added

  • ➕ Add type hints #344
  • ➕ Add help module 7ca41e5

  📄 Docs

  • Added section to usage docs for jwt.get_unverified_header() #350
  • ⚡️ Update legacy instructions for using pycrypto #337

• 1
• 2
• 3
• Next ›
• Last »