diff options
Diffstat (limited to 'jwt/api_jwt.py')
| -rw-r--r-- | jwt/api_jwt.py | 59 |
1 files changed, 52 insertions, 7 deletions
diff --git a/jwt/api_jwt.py b/jwt/api_jwt.py index a011c0f..b08e950 100644 --- a/jwt/api_jwt.py +++ b/jwt/api_jwt.py @@ -15,6 +15,7 @@ from .exceptions import ( InvalidIssuerError, MissingRequiredClaimError, ) +from .warnings import RemovedInPyjwt3Warning class PyJWT: @@ -69,15 +70,32 @@ class PyJWT: key: str = "", algorithms: Optional[List[str]] = None, options: Optional[Dict[str, Any]] = None, + # deprecated arg, remove in pyjwt3 + verify: Optional[bool] = None, + # could be used as passthrough to api_jws, consider removal in pyjwt3 + detached_payload: Optional[bytes] = None, + # passthrough arguments to _validate_claims + # consider putting in options + audience: Optional[str] = None, + issuer: Optional[str] = None, + leeway: Union[int, float, timedelta] = 0, + # kwargs **kwargs, ) -> Dict[str, Any]: + if kwargs: + warnings.warn( + "passing additional kwargs to decode_complete() is deprecated " + "and will be removed in pyjwt version 3. " + f"Unsupported kwargs: {tuple(kwargs.keys())}", + RemovedInPyjwt3Warning, + ) options = dict(options or {}) # shallow-copy or initialize an empty dict options.setdefault("verify_signature", True) # If the user has set the legacy `verify` argument, and it doesn't match # what the relevant `options` entry for the argument is, inform the user # that they're likely making a mistake. - if "verify" in kwargs and kwargs["verify"] != options["verify_signature"]: + if verify is not None and verify != options["verify_signature"]: warnings.warn( "The `verify` argument to `decode` does nothing in PyJWT 2.0 and newer. " "The equivalent is setting `verify_signature` to False in the `options` dictionary. " @@ -102,7 +120,7 @@ class PyJWT: key=key, algorithms=algorithms, options=options, - **kwargs, + detached_payload=detached_payload, ) try: @@ -113,7 +131,9 @@ class PyJWT: raise DecodeError("Invalid payload string: must be a json object") merged_options = {**self.options, **options} - self._validate_claims(payload, merged_options, **kwargs) + self._validate_claims( + payload, merged_options, audience=audience, issuer=issuer, leeway=leeway + ) decoded["payload"] = payload return decoded @@ -124,14 +144,39 @@ class PyJWT: key: str = "", algorithms: Optional[List[str]] = None, options: Optional[Dict[str, Any]] = None, + # deprecated arg, remove in pyjwt3 + verify: Optional[bool] = None, + # could be used as passthrough to api_jws, consider removal in pyjwt3 + detached_payload: Optional[bytes] = None, + # passthrough arguments to _validate_claims + # consider putting in options + audience: Optional[str] = None, + issuer: Optional[str] = None, + leeway: Union[int, float, timedelta] = 0, + # kwargs **kwargs, ) -> Dict[str, Any]: - decoded = self.decode_complete(jwt, key, algorithms, options, **kwargs) + if kwargs: + warnings.warn( + "passing additional kwargs to decode() is deprecated " + "and will be removed in pyjwt version 3. " + f"Unsupported kwargs: {tuple(kwargs.keys())}", + RemovedInPyjwt3Warning, + ) + decoded = self.decode_complete( + jwt, + key, + algorithms, + options, + verify=verify, + detached_payload=detached_payload, + audience=audience, + issuer=issuer, + leeway=leeway, + ) return decoded["payload"] - def _validate_claims( - self, payload, options, audience=None, issuer=None, leeway=0, **kwargs - ): + def _validate_claims(self, payload, options, audience=None, issuer=None, leeway=0): if isinstance(leeway, timedelta): leeway = leeway.total_seconds() |