| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
| |
Co-authored-by: José Padilla <jpadilla@users.noreply.github.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Use timezone package as Python 3.5+ is required
This method is deprecated:
https://docs.python.org/3/library/datetime.html#datetime.datetime.utcnow
Replaced with:
https://docs.python.org/3/library/datetime.html#datetime.datetime.utcnow
using:
https://docs.python.org/3/library/datetime.html#datetime.timezone.utc
which seems to indicate this was added in Python 3.2
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
|
|
|
|
|
| |
* Fix Inline variables & Refactor Code Expression
* Fix Linting Issue
|
|
|
|
|
| |
* Add support for Ed448/EdDSA.
* Add test for verification using EdDSA private key.
|
|
|
|
|
| |
* PyJWKClient: Assume JWK is intended for signing if 'use' claim is either 'sig' or not present
* Update CHANGELOG
|
|
|
|
|
| |
* Remove arbitrary kwargs.
* Update CHANGELOG.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Make typ optional.
* Update doc.
* Update CHANGELOG.
* Refine parameter order of for backward compatibility.
* Remove comment.
* Add Optional to typ.
* Keep order of JWT header parameter (typ, alg).
* Make typ optional with headers argument.
* Make typ optional with headers argument.
* Remove unused log.
|
|
|
|
|
|
|
|
|
|
|
| |
* Prefer headers['alg'] to algorithm parameter in encode().
* Fix lack of @crypto_required.
* Prefer headers['alg'] to algorithm parameter in encode().
* Prefer headers['alg'] to algorithm parameter in encode().
* Make algorithm parameter of encode() Optioanl explicitly.
|
|
|
|
|
| |
* Fix aud validation to support {'aud': null} case.
* Fix aud validation to support {'aud': null} case.
|
| |
|
|
|
|
|
| |
* Export PyJWK and PyJWKSet. Closes #646
* Update CHANGELOG
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add to_jwk to Ed25519Algorithm. (#642)
* add test for invalid key
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
* update CHANGELOG for #643
* remove alg from jwk
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
|
|
|
|
|
|
|
| |
Ed25519Algorithm. (#645)
* Add private key support for ECAlgorithm verify.
* Update CHANGELOG.
|
|
|
|
|
|
|
|
|
|
|
| |
* Support JWK without alg.
* Make kty mandatory on PyJWK.
* Add tests for kty=OKP.
* Add tests for OKP-type JWK.
* Add support for ES256K.
|
|
|
|
|
| |
* Support from_jwk on Ed25519Algorithm.
* Update CHANGELOG.
|
|
|
|
|
|
|
|
|
| |
* Add missing exceptions.InvalidKeyError to jwt module __init__ imports.
* flake8
* Update CHANGELOG.rst
Co-authored-by: José Padilla <jpadilla@webapplicate.com>
|
|
|
|
|
|
|
|
|
| |
* Support ES256K.
* Add tests for ES256K.
* Add api_jws tests.
* Update CHANGELOG.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Cache the result of get_signing_key
* Include URI in key for getting known signing keys
* Add test_get_signing_key_caches_result test
* Add test to make sure multiple uris are being distinguished in key caching
* Ignore URI in caching
* Use functools.lru_cache to cache signing keys
* Allow opting out of key caching
* Allow adjusting max cached keys
* Add #611 change to CHANGELOG.rst
* Update CHANGELOG.rst
Co-authored-by: José Padilla <jpadilla@webapplicate.com>
Co-authored-by: José Padilla <jpadilla@webapplicate.com>
|
|
|
|
|
|
|
| |
* Validate claims if configured.
* Remove secret and algorithm since we don't validate the signature.
* Add changelog.
|
| |
|
|
|
|
|
| |
* Fix `from_jwk()` for all algorithms
* Update CHANGELOG.rst
|
|
|
|
|
|
|
| |
* Bump up version to 2.0.0
* Update usage docs
* Update CHANGELOG
|
| |
|
|
|
|
| |
Avoids building a list in memory unnecessarily. Generator expressions
are evaluated lazily.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Simplify black configuration to be closer to upstream defaults
Avoid extra configuration by simply going with Black defaults. This
allows removing some configuration options, thus simplifying the overall
configuration.
It also makes the code style closer to community conventions. As more
projects adopt black formatting, more code will look like the black
defaults.
Further, the default 88 tends to create more readable lines, IMO. The
black rationale is located at:
https://black.readthedocs.io/en/stable/the_black_code_style.html#line-length
* Update tests/test_api_jws.py
Co-authored-by: José Padilla <jpadilla@webapplicate.com>
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
* Update tests/test_api_jws.py
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
Co-authored-by: José Padilla <jpadilla@webapplicate.com>
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
|
|
|
|
|
|
|
|
|
|
|
| |
ModuleNotFoundError was introduced in Python 3. It is raised when the
module does not exist. On the other hand, ImportError is raised during
any import failure. For example, a syntax error or other runtime error.
Using ModuleNotFoundError means that errors unrelated to a missing
package will be propagated to the user. PyJWT doesn't know how to handle
these.
This also allows more functions to always be available for import
|
|
|
|
| |
int.from_bytes() has been available since Python 3.2. Using it avoids
string formatting.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The class PyJWT was previously a subclass of PyJWS. However, this
combination does not follow the Liskov substitution principle. That is,
using PyJWT in place of a PyJWS would not produce correct results or
follow type contracts.
While these classes look to share a common interface it doesn't go
beyond the method names "encode" and "decode" and so is merely
superficial.
The classes have been split into two. PyJWT now uses composition instead
of inheritance to achieve the desired behavior. Splitting the classes in
this way allowed for precising the type interfaces.
The complete parameter to .decode() has been removed. This argument was
used to alter the return type of .decode(). Now, there are two different
methods with more explicit return types and values. The new method name
is .decode_complete(). This fills the previous role filled by
.decode(..., complete=True).
Closes #554, #396, #394
Co-authored-by: Sam Bull <git@sambull.org>
Co-authored-by: Sam Bull <git@sambull.org>
|
| |
|
|
|
|
| |
When complete=True is passed to api_jwt.decode() (aliased as
decode_token()), the "header" key always exists.
|
|
|
| |
In Python 3, these values will always be str.
|
|
|
|
|
|
|
|
| |
Merging two dict is support since Python 3.5 using the ** syntax.
See:
- https://docs.python.org/3.9/whatsnew/3.5.html#whatsnew-pep-448
- https://www.python.org/dev/peps/pep-0448/
|
|
|
|
|
|
| |
Default options are set using PyJWT._get_default_options() therefore,
there should never be a KeyError when indexing options directly. Enforce
this expectation. Also avoids duplicating the default for the "require"
option.
|
|
|
|
| |
- Remove "noqa" comments that are unnecessary
- Remove unused imports from api_jwt.py
|
|
|
|
|
|
| |
Follows upstream cryptography commit:
https://github.com/pyca/cryptography/commit/5528a3182fdd6ed1c44c126d451a87bcf39e79de
Since Python 3.2, this bytes to an int is a native feature.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that the project is Python 3 only, the boundaries between bytes and
Unicode strings is more explicit.
This allows removing several unnecessary force_bytes() and
force_unicode() calls that handled differences between Python 2 and
Python 3. All uses of force_unicode() have been removed.
For values that are known to be bytes, use `.decode()` instead. For
values are that known to be str, use `.encode()` instead. This strategy
makes the type explicit and reduces a function call.
Key handling continues to use force_bytes() to allow callers to pass
either bytes or str.
To help enforce bytes/str handling in the future, the `-b` option is
passed to Python when testing. This option will emit a warning if bytes
and str are improperly mixed together.
|
|
|
| |
Closes #505
|
|
|
|
|
|
|
|
|
| |
Allows dropping a dependency that isn't very necessary.
The requests library was used for a single line of code. This same code
is just as easily expressible using the stdlib, thus alllows removing a
dependency.
Tests were adjusted to mock this new approach.
|
|
|
|
|
|
|
|
| |
Since Python 3.6, json.loads() accepts both Unicode and byte strings.
https://docs.python.org/3/library/json.html#json.loads
> Changed in version 3.6: s can now be of type bytes or bytearray. The
> input encoding should be UTF-8, UTF-16 or UTF-32.
|
|
|
|
|
|
|
|
|
| |
The first line of base64url_decode() is:
if isinstance(input, str):
input = input.encode("ascii")
It therefore accepts either str or bytes. Don't bother coercing to bytes
at the call site.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pyugrade is a command line tool to automatically update Python syntax to
modern usage and patterns. For additional details, see:
https://github.com/asottile/pyupgrade
Changes made by the tool:
- Use short Python3 super() syntax.
- Use f-strings when they are simple and more readable.
- Drop Python 2 u prefix from strings.
- Drop "r" argument from open(). It is the default and so specifying it is
unnecessary.
|
|
|
|
|
|
| |
Upgrade black to version 20.8b1 and specify that Python 3.6+ syntax
should be used.
Run it on all files to upgrade syntax.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that Python 2 is not supported, can move away from type comments to
type annotation 🎉.
The typing module is always available, so remove the guards.
Specify the supported Python in the mypy configuration.
Move other mypy configurations to one place. This way, whether tox is
used or not, the same mypy errors appear.
Distribute and install PEP-561 compliant py.typed file. When PyJWT is a
imported as a library, this tells mypy to use the provided type
annotations rather than going through typeshed. This way, the types are
always up to date when running mypy.
Remove outdated ignores since dropping Python 2.
|
|
|
|
| |
The method signature of PyJWT.decode() now matches the parent
PyJWS.decode().
|
|
|
|
|
|
|
|
|
|
|
| |
With isort 5, asottile/seed-isort-config is deprecated and unnecessary.
The official isort main repo now has a pre-commit hook file.
isort is now better at recognizing first party and third party packages.
isort can now handle imports inside blocks, files have been updated.
isort now supports "profiles" for simpler configuration.
|
|
|
| |
Removes a call to _load that was unused.
|
|
|
|
|
| |
* Update version to 2.0.0a1
* Adjust project codecov target
|