Use a single JWT library
See original GitHub issueExpected behaviour
Use a single python JWT library.
Actual behaviour
As of now this package relies upon two different JWT python lirbaries:
-
PyJWT
, declared inrequirements-base
file, for the following backends:AppleIdAuth
AzureADB2COAuth2
AzureADOAuth2
AzureADTenantOAuth2
ExactTargetOAuth2
KeycloakOAuth2
MediaWiki
MicrosoftOAuth2
-
python-jose
, declared inrequirements-openidconnect
file, for the following backends:Auth0OAuth2
ElixirOpenIdConnect
(which derives fromOpenIdConnectAuth
)OpenIdConnectAuth
Related search: https://github.com/python-social-auth/social-core/search?l=Python&q=jwt
Any other comments?
If there are not any particular need for python-jose
to be used instead of PyJWT
for above listed backends a single JWT implementation should be used as requirements. This will greatly simplify package/requirements management.
Also if there are no need to have two different version of PyJWT
(pyjwt>=1.7.1
in requirements-openidconnect.txt
and PyJWT>=1.4.0
in requirements-base.txt
) a single requirement should be enough…
Issue Analytics
- State:
- Created 3 years ago
- Reactions:4
- Comments:19 (10 by maintainers)
Top GitHub Comments
I was trying to write a PR to handle this by using only pyjwt.
So far the main compatibility issue is https://github.com/jpadilla/pyjwt/issues/314, since jose has builtin-support for this JWT extension required by OIDC but pyjwt no.
If I get some more time I will try to complete this.
@trumpet2012 Thanks, and a happy new year to you too!