Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Use a single JWT library

See original GitHub issue

Expected behaviour

Use a single python JWT library.

Actual behaviour

As of now this package relies upon two different JWT python lirbaries:

  • PyJWT, declared in requirements-base file, for the following backends:

    • AppleIdAuth
    • AzureADB2COAuth2
    • AzureADOAuth2
    • AzureADTenantOAuth2
    • ExactTargetOAuth2
    • KeycloakOAuth2
    • MediaWiki
    • MicrosoftOAuth2

  • python-jose, declared in requirements-openidconnect file, for the following backends:

    • Auth0OAuth2
    • ElixirOpenIdConnect (which derives from OpenIdConnectAuth)
    • OpenIdConnectAuth

Related search: https://github.com/python-social-auth/social-core/search?l=Python&q=jwt

Any other comments?

If there are not any particular need for python-jose to be used instead of PyJWT for above listed backends a single JWT implementation should be used as requirements. This will greatly simplify package/requirements management.

Also if there are no need to have two different version of PyJWT (pyjwt>=1.7.1 in requirements-openidconnect.txt and PyJWT>=1.4.0 in requirements-base.txt) a single requirement should be enough…

Issue Analytics

  • State:open
  • Created 3 years ago
  • Reactions:4
  • Comments:19 (10 by maintainers)

github_iconTop GitHub Comments

1reaction
sevdogcommented, Jan 17, 2022

I was trying to write a PR to handle this by using only pyjwt.

So far the main compatibility issue is https://github.com/jpadilla/pyjwt/issues/314, since jose has builtin-support for this JWT extension required by OIDC but pyjwt no.

If I get some more time I will try to complete this.

1reaction
shaibcommented, Dec 31, 2020

@trumpet2012 Thanks, and a happy new year to you too!

Read more comments on GitHub >

github_iconTop Results From Across the Web

JWT authentication: Best practices and when to use it
Learn how to best use JWT to trust requests by using signatures, exchanging information between parties, and preventing basic security ...
Read more >
JSON Web Token Introduction - jwt.io
Single Sign On is a feature that widely uses JWT nowadays, because of its small overhead and its ability to be easily used...
Read more >
Build your own JSON Web Token (JWT) Library From Scratch
Repository: https://github.com/TomDoesTech/ JWT -LibraryIn this video, we follow Test-Driven Development (TDD) practices to build out our own ...
Read more >
JSON Web Tokens - Auth0
More secure: JWTs can use a public/private key pair in the form of an X.509 certificate for signing. A JWT can also be...
Read more >
A guide for adding JWT token-based authentication to your ...
JWT authentication is becoming very popular these days. The traditional authentication uses cookies and sessions . With the advent of Single ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Migration error when calling runserver after upgrade from PSA

Next page

Auth0 backend improvements