summaryrefslogtreecommitdiff
path: root/jwt
Commit message (Collapse)AuthorAgeFilesLines
* Reflect that --no-verify also ignores claimsGunnlaugur Thor Briem2015-11-301-1/+1
| | | The --no-verify option disables both signature verification and claims verification (e.g. expiry); reflect that in the command-line help.
* binary_type verification added to make the code more future-proofMauricio Aizaga2015-10-232-4/+7
|
* Fixed syntax for python 2.6Mauricio Aizaga2015-10-221-1/+1
|
* Fixed #183 AttributeError: 'NoneType' object has no attribute 'rsplit'Mauricio Aizaga2015-10-221-0/+3
| | | | | | The issue also occurs when payload is int raising: AttributeError: 'int' object has no attribute 'rsplit' Test for None and int payload added
* Change TypeError on bad `kid` to InvalidTokenErrorGabriel Gironda2015-07-231-2/+2
|
* Fail on encode and decode of bad JWS header valuesGabriel Gironda2015-07-211-2/+13
| | | | | | | | | | | | | | | The JWS spec: https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-41#section-4.1.4 States that if `kid` is present then it **MUST** be a string. Currently, the library allows silent creation of invalid JWS (and thus, JWT), as it allows any type for `kid`. This commit adds checks to help ensure output meets the spec. * Add jwt.api_jws.PyJWS._validate_headers for validating JWS headers on encode and decode * Add tests
* Bump up version to v1.4.01.4.0José Padilla2015-07-161-1/+1
|
* Merge branch 'master' of https://github.com/jpadilla/pyjwtAlexandru Mihai2015-06-223-5/+29
|\
| * Added new options for requiring exp, iat, and nbf claims.Mark Adams2015-06-023-5/+29
| | | | | | | | Thanks to David Black <dblack@atlassian.com> for the suggestion.
* | Fixed #167 throw InvalidAlgorithmError if alg not in headerAlexandru Mihai2015-06-221-1/+1
|/
* Preparing for 1.3 releaseMark Adams2015-05-221-1/+1
|
* Changed RSA-PSS algorithm to use the digest size of the hash function for ↵Mark Adams2015-05-191-2/+2
| | | | the salt length instead of the maximum salt length per the JWA spec. Fixes #162.
* Merged master branch in to remove Python 3.2 support and add the newMark Adams2015-05-185-9/+150
|\ | | | | | | test vectors from #160
| * refactor scripts, testing, travis and toxGabi Davar2015-05-171-0/+135
| |
| * Removed constant_time_compare branch that was only needed for Python 3.2Mark Adams2015-05-161-8/+3
| |
| * Added get_unverified_header to public APIMark Adams2015-05-093-1/+4
| |
| * Added get_unverified_header method so that unverified headers can be ↵Mark Adams2015-05-081-0/+8
| | | | | | | | retrieved by the application. Closes #155
* | Fix python3 and pep8 issuesesneider2015-05-132-3/+3
| |
* | Fix the ECDSA signature serialization format when using cryptographyesneider2015-05-132-2/+50
| |
* | Fix the ECDSA signature serialization formatesneider2015-05-101-3/+3
|/
* Made options a mandatory argument to PyJWT._validate_claims and reordered ↵Mark Adams2015-05-041-3/+3
| | | | the arguments to reflect the change. Resolves #148.
* Bump up version1.2.0José Padilla2015-04-281-1/+1
|
* `verify_expiration` was removed too soonbring-verify_expiration-backJosé Padilla2015-04-261-0/+7
| | | | - Merge with `verify_exp` option - Add deprecation warning
* Removed an extra attempt to encode the payload that I missed when I was ↵Mark Adams2015-04-192-4/+2
| | | | refactoring
* Refactored PyJWT._validate_claims into multiple PyJWT._validate_*Mark Adams2015-04-191-41/+69
| | | | submethods to eliminate a lot of complexity.
* Refactored JWS-specific logic out of PyJWT and into PyJWS superclassMark Adams2015-04-194-261/+320
|
* Bump up versionJosé Padilla2015-04-151-1/+1
|
* Merge pull request #135 from mark-adams/minor-updatesJosé Padilla2015-04-142-19/+18
|\ | | | | Minor refactorings to make things a little cleaner
| * Added a test to improve coverage and cleaned up some existing tests.Mark Adams2015-04-121-1/+1
| |
| * Created merge_dict utility functionMark Adams2015-04-122-18/+17
| |
| * Optimized _merge_options and changed some variable namesMark Adams2015-04-121-8/+8
| |
| * Changed PyJWT.default_options to optionsMark Adams2015-04-121-4/+4
| | | | | | | | and updated the CHANGELOG
* | Added a deprecation warning for using verify= instead of options= on decode()Mark Adams2015-04-121-0/+3
|/
* Added support for RSASSA-PSS algorithms (PS256, PS384, PS512)Mark Adams2015-04-081-7/+45
|
* refactor option merging, add myself to AUTHORS, s/dict()/{}Michael Davis2015-04-081-12/+8
|
* Remove dict comprehension for py26 compatibilityMichael Davis2015-04-061-5/+12
|
* Add flexible and complete verification optionsMichael Davis2015-04-061-11/+38
| | | | Attempts to fix #127
* Made some PEP8 fixes that came from the last commit.Mark Adams2015-03-292-4/+4
|
* Added checks on iat to make sure that a token can't be issued for theMark Adams2015-03-293-13/+23
| | | | | future Changed nbf exception to ImmatureSignatureError
* Moved claims validation into a seperate private method to make it simpler to ↵Mark Adams2015-03-291-9/+13
| | | | understand the code.
* Changed _verify_signature to use int() casted values for comparisons.Mark Adams2015-03-291-2/+2
|
* Added validation for 'nbf' claim to ensure it is an int value. #121Mark Adams2015-03-291-0/+5
|
* Added validation for 'iat' claim to ensure it is an int value. #121Mark Adams2015-03-291-1/+7
|
* Added validation for 'exp' claim to ensure it is an int value. #121Mark Adams2015-03-291-0/+5
|
* Bump up versionv1.0.11.0.1José Padilla2015-03-261-1/+1
|
* Fixed some warnings in algorithms.py related to the relocation of some ↵Mark Adams2015-03-181-5/+11
| | | | cryptography primitives
* Bump up versionJosé Padilla2015-03-181-1/+1
|
* Added unregister_algorithm to the public APIMark Adams2015-03-172-1/+4
|
* Added the ability to specify both a global alg whitelist for a PyJWT object ↵Mark Adams2015-03-173-28/+57
| | | | and a whitelist for calls to decode. (Fixes #107)
* Fix typoJosé Padilla2015-03-171-1/+1
|
View Lorry Controller Status