| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add `as_dict` option to `Algorithm.to_jwt`
* Update unit tests
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
* fixup! Add `as_dict` option to `Algorithm.to_jwt`
* fixup! Add `as_dict` option to `Algorithm.to_jwt`
* fixup! Update unit tests
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
* Fix type errors
* Fix tox test errors
* Fix typing for Python 3.7
* Add OKP jwk tests
* Add `pragma: no cover` to method overloads
* Add pragma: no cover to exclude lines
---------
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Use new style typing
* Fix type annotations to allow all keys
* Use string type annotations where required
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
* Remove outdated comment
* Ignore `if TYPE_CHECKING:` lines in coverage
* Remove duplicate test
* Fix mypy errors
* Update algorithms.py
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
* Fully switch to modern annotations
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
* Update `pre-commit` mypy config
* Use Python 3.11 for mypy
* Update mypy Python version in `pyproject.toml`
* Few tests mypy fixes
* fix mypy errors on tests
* Fix key imports
* Remove unused import
* Fix randomly failing test
---------
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* Make `Algorithm` an abstract base class
This also removes some tests that are not relevant anymore
Raise `NotImplementedError` for `NoneAlgorithm`
* Use `hasattr` instead of `getattr`
* Only allow `dict` in `encode`
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* [pre-commit.ci] pre-commit autoupdate
updates:
- [github.com/psf/black: 22.12.0 → 23.1.0](https://github.com/psf/black/compare/22.12.0...23.1.0)
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
---------
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
|
| |
|
|
|
|
|
| |
* Add return types in `JWKSetCache`
* Add types for hash algorithms
* Add missing type annotation in `ECAlgorithm`
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* PyJWS._verify_signature: raise early KeyError if header is missing alg
* Make Mypy configuration stricter
* Improve typing in jwt.utils
* Improve typing in jwt.help
* Improve typing in jwt.exceptions
* Improve typing in jwt.api_jwk
* Improve typing in jwt.api_jws
* Improve typing & clean up imports in jwt.algorithms
* Correct JWS.decode rettype to any (payload could be something else)
* Update typing in api_jwt
* Improve typing in jwks_client
* Improve typing in docs/conf.py
* Fix (benign) mistyping in test_advisory
* Fix misc type complaints in tests
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
validation example (#775)
* Add compute_hash_digest to Algorithm objects
`Algorithm.compute_hash_digest` is defined as a method which inspects
the object to see that it has the requisite attributes, `hash_alg`.
If `hash_alg` is not set, then the method raises a
NotImplementedError. This applies to classes like NoneAlgorithm.
If `hash_alg` is set, then it is checked for
```
has_crypto # is cryptography available?
and isinstance(hash_alg, type)
and issubclass(hash_alg, hashes.HashAlgorithm)
```
to see which API for computing a digest is appropriate --
`hashlib` vs `cryptography.hazmat.primitives.hashes`.
These checks could be avoided at runtime if it were necessary to
optimize further (e.g. attach compute_hash_digest methods to classes
with a class decorator) but this is not clearly a worthwhile
optimization. Such perf tuning is intentionally omitted for now.
* Add doc example of OIDC login flow
The goal of this doc example is to demonstrate usage of
`get_algorithm_by_name` and `compute_hash_digest` for the purpose of
`at_hash` validation. It is not meant to be a "guaranteed correct" and
spec-compliant example.
closes #314
|
| |
|
|
|
| |
There is a small typo in jwt/algorithms.py.
Should read `isinstance` rather than `iinstance`.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add to_jwk static method to ECAlgorithm
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
* Add in tests for ECAlgorithm.to_jwk
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
* Add to_jwk pull request to changelog
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
|
| |
|
| |
Co-authored-by: José Padilla <jpadilla@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
| |
* Explicit check the key for ECAlgorithm
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
|
| |
|
|
|
| |
* Fix Inline variables & Refactor Code Expression
* Fix Linting Issue
|
| |
|
|
|
| |
* Add support for Ed448/EdDSA.
* Add test for verification using EdDSA private key.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add to_jwk to Ed25519Algorithm. (#642)
* add test for invalid key
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
* update CHANGELOG for #643
* remove alg from jwk
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
|
| |
|
|
|
|
|
| |
Ed25519Algorithm. (#645)
* Add private key support for ECAlgorithm verify.
* Update CHANGELOG.
|
| |
|
|
|
| |
* Support from_jwk on Ed25519Algorithm.
* Update CHANGELOG.
|
| |
|
|
|
|
|
|
|
| |
* Support ES256K.
* Add tests for ES256K.
* Add api_jws tests.
* Update CHANGELOG.
|
| |
|
|
|
| |
* Fix `from_jwk()` for all algorithms
* Update CHANGELOG.rst
|
| |
|
|
| |
Avoids building a list in memory unnecessarily. Generator expressions
are evaluated lazily.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Simplify black configuration to be closer to upstream defaults
Avoid extra configuration by simply going with Black defaults. This
allows removing some configuration options, thus simplifying the overall
configuration.
It also makes the code style closer to community conventions. As more
projects adopt black formatting, more code will look like the black
defaults.
Further, the default 88 tends to create more readable lines, IMO. The
black rationale is located at:
https://black.readthedocs.io/en/stable/the_black_code_style.html#line-length
* Update tests/test_api_jws.py
Co-authored-by: José Padilla <jpadilla@webapplicate.com>
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
* Update tests/test_api_jws.py
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
Co-authored-by: José Padilla <jpadilla@webapplicate.com>
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
ModuleNotFoundError was introduced in Python 3. It is raised when the
module does not exist. On the other hand, ImportError is raised during
any import failure. For example, a syntax error or other runtime error.
Using ModuleNotFoundError means that errors unrelated to a missing
package will be propagated to the user. PyJWT doesn't know how to handle
these.
This also allows more functions to always be available for import
|
| |
|
|
| |
- Remove "noqa" comments that are unnecessary
- Remove unused imports from api_jwt.py
|
| |
|
|
|
|
| |
Follows upstream cryptography commit:
https://github.com/pyca/cryptography/commit/5528a3182fdd6ed1c44c126d451a87bcf39e79de
Since Python 3.2, this bytes to an int is a native feature.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that the project is Python 3 only, the boundaries between bytes and
Unicode strings is more explicit.
This allows removing several unnecessary force_bytes() and
force_unicode() calls that handled differences between Python 2 and
Python 3. All uses of force_unicode() have been removed.
For values that are known to be bytes, use `.decode()` instead. For
values are that known to be str, use `.encode()` instead. This strategy
makes the type explicit and reduces a function call.
Key handling continues to use force_bytes() to allow callers to pass
either bytes or str.
To help enforce bytes/str handling in the future, the `-b` option is
passed to Python when testing. This option will emit a warning if bytes
and str are improperly mixed together.
|
| |
|
|
|
|
|
|
|
| |
The first line of base64url_decode() is:
if isinstance(input, str):
input = input.encode("ascii")
It therefore accepts either str or bytes. Don't bother coercing to bytes
at the call site.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
pyugrade is a command line tool to automatically update Python syntax to
modern usage and patterns. For additional details, see:
https://github.com/asottile/pyupgrade
Changes made by the tool:
- Use short Python3 super() syntax.
- Use f-strings when they are simple and more readable.
- Drop Python 2 u prefix from strings.
- Drop "r" argument from open(). It is the default and so specifying it is
unnecessary.
|
| |
|
|
|
|
|
|
|
|
|
| |
With isort 5, asottile/seed-isort-config is deprecated and unnecessary.
The official isort main repo now has a pre-commit hook file.
isort is now better at recognizing first party and third party packages.
isort can now handle imports inside blocks, files have been updated.
isort now supports "profiles" for simpler configuration.
|
| |
|
| |
- Cryptography now has default_backend by default
|
| |
|
|
|
|
|
| |
* ECAlgorithm.to_jwk
* Fix failing linting
Co-authored-by: Evert Lammerts <evert@lucipher.net>
|
| |
|
|
|
| |
* Drop support for legacy contrib algorithms
* Update cryptography dep
|
| |
|
|
|
|
|
|
|
|
|
| |
* Introduce better experience for JWKs
* Remove explicit inheritance
* Add tests for PyJWK
* Fix failing test
* Get rid of lambda
|
| |
|
|
|
|
|
|
|
|
|
| |
As the project is Python 3 only, can remove the compatibility shims in
compat.py.
Type checking has been simplified where it can:
- str is iterable
- bytes is iterable
- use isinstance instead of issubclass
The remaining function bytes_from_int() has been moved to utils.py.
|
| |
|
| |
Now successfully passes when running `tox -e lint`.
|
| |
|
|
|
|
|
|
| |
pyupgrade is a tool to automatically upgrade Python syntax for newer
versions of the language. Running pyupgrade removes several
Python-2-isms that are no longer necessary now that the project is
Python 3 only.
https://github.com/asottile/pyupgrade
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Setup pre-commit hooks
* Run initial `tox -e lint`
* Fix package name
* Fix .travis.yml
|
| |
|
|
|
| |
The signer/verifier interfaces are deprecated in cryptography==2.0. The
alternative sign/verify interfaces were added in cryptography==1.4.
|
| | |
|
| |
|
|
|
|
|
|
| |
Cryptography previously lacked support for ECDSA keys in RFC 4253
format. Now that they have support for those keys, we should take
advantage of it and support them in PyJWT.
Implements #243.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\ |
|
| | | |
|
| | |\
| | |
| | | |
Fix incorrectly named ECDSA algorithm
|
| | | | |
|
| | |/
| |
| |
| |
| |
| |
| | |
- JWKs for RSA and HMAC can be encoded / decoded using the .to_jwk() and
.from_jwk() methods on their respective jwt.algorithms instances
- Replaced tests.utils ensure_unicode and ensure_bytes with jwt.utils versions
|
| |/ |
|
| | |
|
