Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-PyJWT for openSUSE:Factory
checked in at 2023-09-10 13:09:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-PyJWT (Old)
and /work/SRC/openSUSE:Factory/.python-PyJWT.new.1766 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-PyJWT"
Sun Sep 10 13:09:21 2023 rev:29 rq:1109256 version:2.8.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-PyJWT/python-PyJWT.changes
2023-05-21 19:08:41.274428093 +0200
+++ /work/SRC/openSUSE:Factory/.python-PyJWT.new.1766/python-PyJWT.changes
2023-09-10 13:09:30.613010928 +0200
@@ -1,0 +2,10 @@
+Mon Sep 4 17:36:39 UTC 2023 - John Paul Adrian Glaubitz
<adrian.glaub...@suse.com>
+
+- Update to version 2.8.0
+ * Update python version test matrix by @auvipy in #895
+ * Add ``strict_aud`` as an option to ``jwt.decode`` by @woodruffw in #902
+ * Export PyJWKClientConnectionError class by @daviddavis in #887
+ * Allows passing of ssl.SSLContext to PyJWKClient by @juur in #891
+- Skip test_get_jwt_set_sslcontext_default test in testsuite
+
+-------------------------------------------------------------------
Old:
----
PyJWT-2.7.0.tar.gz
New:
----
PyJWT-2.8.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-PyJWT.spec ++++++
--- /var/tmp/diff_new_pack.j75Rcn/_old 2023-09-10 13:09:31.653048085 +0200
+++ /var/tmp/diff_new_pack.j75Rcn/_new 2023-09-10 13:09:31.653048085 +0200
@@ -19,7 +19,7 @@
%global skip_python2 1
%{?sle15_python_module_pythons}
Name: python-PyJWT
-Version: 2.7.0
+Version: 2.8.0
Release: 0
Summary: JSON Web Token implementation in Python
License: MIT
@@ -57,7 +57,7 @@
%python_expand %fdupes %{buildroot}%{$python_sitelib}
%check
-%pytest -k "not test_verify_false_deprecated"
+%pytest -k "not test_verify_false_deprecated" -k "not
test_get_jwt_set_sslcontext_default"
%files %{python_files}
%license LICENSE
++++++ PyJWT-2.7.0.tar.gz -> PyJWT-2.8.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyJWT-2.7.0/.pre-commit-config.yaml
new/PyJWT-2.8.0/.pre-commit-config.yaml
--- old/PyJWT-2.7.0/.pre-commit-config.yaml 2023-05-09 16:57:33.000000000
+0200
+++ new/PyJWT-2.8.0/.pre-commit-config.yaml 2023-07-18 22:00:08.000000000
+0200
@@ -1,12 +1,12 @@
repos:
- repo: https://github.com/psf/black
- rev: 23.3.0
+ rev: 23.7.0
hooks:
- id: black
args: ["--target-version=py37"]
- repo: https://github.com/asottile/blacken-docs
- rev: 1.13.0
+ rev: 1.15.0
hooks:
- id: blacken-docs
args: ["--target-version=py37"]
@@ -36,7 +36,7 @@
args: [--no-build-isolation]
- repo: https://github.com/pre-commit/mirrors-mypy
- rev: "v1.2.0"
+ rev: "v1.4.1"
hooks:
- id: mypy
additional_dependencies: [cryptography>=3.4.0]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyJWT-2.7.0/CHANGELOG.rst
new/PyJWT-2.8.0/CHANGELOG.rst
--- old/PyJWT-2.7.0/CHANGELOG.rst 2023-05-09 21:04:15.000000000 +0200
+++ new/PyJWT-2.8.0/CHANGELOG.rst 2023-07-18 22:00:08.000000000 +0200
@@ -16,6 +16,24 @@
Added
~~~~~
+`v2.8.0 <https://github.com/jpadilla/pyjwt/compare/2.7.0...2.8.0>`__
+-----------------------------------------------------------------------
+
+Changed
+~~~~~~~
+
+- Update python version test matrix by @auvipy in `#895
<https://github.com/jpadilla/pyjwt/pull/895>`__
+
+Fixed
+~~~~~
+
+Added
+~~~~~
+
+- Add ``strict_aud`` as an option to ``jwt.decode`` by @woodruffw in `#902
<https://github.com/jpadilla/pyjwt/pull/902>`__
+- Export PyJWKClientConnectionError class by @daviddavis in `#887
<https://github.com/jpadilla/pyjwt/pull/887>`__
+- Allows passing of ssl.SSLContext to PyJWKClient by @juur in `#891
<https://github.com/jpadilla/pyjwt/pull/891>`__
+
`v2.7.0 <https://github.com/jpadilla/pyjwt/compare/2.6.0...2.7.0>`__
-----------------------------------------------------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyJWT-2.7.0/PKG-INFO new/PyJWT-2.8.0/PKG-INFO
--- old/PyJWT-2.7.0/PKG-INFO 2023-05-09 22:04:10.467066300 +0200
+++ new/PyJWT-2.8.0/PKG-INFO 2023-07-18 22:00:27.777860900 +0200
@@ -1,76 +1,12 @@
Metadata-Version: 2.1
Name: PyJWT
-Version: 2.7.0
+Version: 2.8.0
Summary: JSON Web Token implementation in Python
Home-page: https://github.com/jpadilla/pyjwt
Author: Jose Padilla
Author-email: he...@jpadilla.com
License: MIT
-Description: PyJWT
- =====
-
- .. image:: https://github.com/jpadilla/pyjwt/workflows/CI/badge.svg
- :target:
https://github.com/jpadilla/pyjwt/actions?query=workflow%3ACI
-
- .. image:: https://img.shields.io/pypi/v/pyjwt.svg
- :target: https://pypi.python.org/pypi/pyjwt
-
- .. image::
https://codecov.io/gh/jpadilla/pyjwt/branch/master/graph/badge.svg
- :target: https://codecov.io/gh/jpadilla/pyjwt
-
- .. image:: https://readthedocs.org/projects/pyjwt/badge/?version=stable
- :target: https://pyjwt.readthedocs.io/en/stable/
-
- A Python implementation of `RFC 7519
<https://tools.ietf.org/html/rfc7519>`_. Original implementation was written by
`@progrium <https://github.com/progrium>`_.
-
- Sponsor
- -------
-
-
+--------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
- | |auth0-logo| | If you want to quickly add secure token-based
authentication to Python projects, feel free to check Auth0's Python SDK and
free plan at `auth0.com/developers
<https://auth0.com/developers?utm_source=GHsponsor&utm_medium=GHsponsor&utm_campaign=pyjwt&utm_content=auth>`_.
|
-
+--------------+-----------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
-
- .. |auth0-logo| image::
https://user-images.githubusercontent.com/83319/31722733-de95bbde-b3ea-11e7-96bf-4f4e8f915588.png
-
- Installing
- ----------
-
- Install with **pip**:
-
- .. code-block:: console
-
- $ pip install PyJWT
-
-
- Usage
- -----
-
- .. code-block:: pycon
-
- >>> import jwt
- >>> encoded = jwt.encode({"some": "payload"}, "secret",
algorithm="HS256")
- >>> print(encoded)
-
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb21lIjoicGF5bG9hZCJ9.4twFt5NiznN84AWoo1d7KO1T_yoc0Z6XOpOVswacPZg
- >>> jwt.decode(encoded, "secret", algorithms=["HS256"])
- {'some': 'payload'}
-
- Documentation
- -------------
-
- View the full docs online at https://pyjwt.readthedocs.io/en/stable/
-
-
- Tests
- -----
-
- You can run tests from the project root after cloning with:
-
- .. code-block:: console
-
- $ tox
-
Keywords: json,jwt,security,signing,token,web
-Platform: UNKNOWN
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
Classifier: Natural Language :: English
@@ -86,7 +22,72 @@
Classifier: Topic :: Utilities
Requires-Python: >=3.7
Description-Content-Type: text/x-rst
-Provides-Extra: tests
-Provides-Extra: crypto
Provides-Extra: docs
+Provides-Extra: crypto
+Provides-Extra: tests
Provides-Extra: dev
+License-File: LICENSE
+License-File: AUTHORS.rst
+
+PyJWT
+=====
+
+.. image:: https://github.com/jpadilla/pyjwt/workflows/CI/badge.svg
+ :target: https://github.com/jpadilla/pyjwt/actions?query=workflow%3ACI
+
+.. image:: https://img.shields.io/pypi/v/pyjwt.svg
+ :target: https://pypi.python.org/pypi/pyjwt
+
+.. image:: https://codecov.io/gh/jpadilla/pyjwt/branch/master/graph/badge.svg
+ :target: https://codecov.io/gh/jpadilla/pyjwt
+
+.. image:: https://readthedocs.org/projects/pyjwt/badge/?version=stable
+ :target: https://pyjwt.readthedocs.io/en/stable/
+
+A Python implementation of `RFC 7519 <https://tools.ietf.org/html/rfc7519>`_.
Original implementation was written by `@progrium
<https://github.com/progrium>`_.
+
+Sponsor
+-------
+
++--------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| |auth0-logo| | If you want to quickly add secure token-based authentication
to Python projects, feel free to check Auth0's Python SDK and free plan at
`auth0.com/developers
<https://auth0.com/developers?utm_source=GHsponsor&utm_medium=GHsponsor&utm_campaign=pyjwt&utm_content=auth>`_.
|
++--------------+-----------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+
+.. |auth0-logo| image::
https://user-images.githubusercontent.com/83319/31722733-de95bbde-b3ea-11e7-96bf-4f4e8f915588.png
+
+Installing
+----------
+
+Install with **pip**:
+
+.. code-block:: console
+
+ $ pip install PyJWT
+
+
+Usage
+-----
+
+.. code-block:: pycon
+
+ >>> import jwt
+ >>> encoded = jwt.encode({"some": "payload"}, "secret", algorithm="HS256")
+ >>> print(encoded)
+
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb21lIjoicGF5bG9hZCJ9.4twFt5NiznN84AWoo1d7KO1T_yoc0Z6XOpOVswacPZg
+ >>> jwt.decode(encoded, "secret", algorithms=["HS256"])
+ {'some': 'payload'}
+
+Documentation
+-------------
+
+View the full docs online at https://pyjwt.readthedocs.io/en/stable/
+
+
+Tests
+-----
+
+You can run tests from the project root after cloning with:
+
+.. code-block:: console
+
+ $ tox
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyJWT-2.7.0/PyJWT.egg-info/PKG-INFO
new/PyJWT-2.8.0/PyJWT.egg-info/PKG-INFO
--- old/PyJWT-2.7.0/PyJWT.egg-info/PKG-INFO 2023-05-09 22:04:10.000000000
+0200
+++ new/PyJWT-2.8.0/PyJWT.egg-info/PKG-INFO 2023-07-18 22:00:27.000000000
+0200
@@ -1,76 +1,12 @@
Metadata-Version: 2.1
Name: PyJWT
-Version: 2.7.0
+Version: 2.8.0
Summary: JSON Web Token implementation in Python
Home-page: https://github.com/jpadilla/pyjwt
Author: Jose Padilla
Author-email: he...@jpadilla.com
License: MIT
-Description: PyJWT
- =====
-
- .. image:: https://github.com/jpadilla/pyjwt/workflows/CI/badge.svg
- :target:
https://github.com/jpadilla/pyjwt/actions?query=workflow%3ACI
-
- .. image:: https://img.shields.io/pypi/v/pyjwt.svg
- :target: https://pypi.python.org/pypi/pyjwt
-
- .. image::
https://codecov.io/gh/jpadilla/pyjwt/branch/master/graph/badge.svg
- :target: https://codecov.io/gh/jpadilla/pyjwt
-
- .. image:: https://readthedocs.org/projects/pyjwt/badge/?version=stable
- :target: https://pyjwt.readthedocs.io/en/stable/
-
- A Python implementation of `RFC 7519
<https://tools.ietf.org/html/rfc7519>`_. Original implementation was written by
`@progrium <https://github.com/progrium>`_.
-
- Sponsor
- -------
-
-
+--------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
- | |auth0-logo| | If you want to quickly add secure token-based
authentication to Python projects, feel free to check Auth0's Python SDK and
free plan at `auth0.com/developers
<https://auth0.com/developers?utm_source=GHsponsor&utm_medium=GHsponsor&utm_campaign=pyjwt&utm_content=auth>`_.
|
-
+--------------+-----------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
-
- .. |auth0-logo| image::
https://user-images.githubusercontent.com/83319/31722733-de95bbde-b3ea-11e7-96bf-4f4e8f915588.png
-
- Installing
- ----------
-
- Install with **pip**:
-
- .. code-block:: console
-
- $ pip install PyJWT
-
-
- Usage
- -----
-
- .. code-block:: pycon
-
- >>> import jwt
- >>> encoded = jwt.encode({"some": "payload"}, "secret",
algorithm="HS256")
- >>> print(encoded)
-
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb21lIjoicGF5bG9hZCJ9.4twFt5NiznN84AWoo1d7KO1T_yoc0Z6XOpOVswacPZg
- >>> jwt.decode(encoded, "secret", algorithms=["HS256"])
- {'some': 'payload'}
-
- Documentation
- -------------
-
- View the full docs online at https://pyjwt.readthedocs.io/en/stable/
-
-
- Tests
- -----
-
- You can run tests from the project root after cloning with:
-
- .. code-block:: console
-
- $ tox
-
Keywords: json,jwt,security,signing,token,web
-Platform: UNKNOWN
Classifier: Development Status :: 5 - Production/Stable
Classifier: Intended Audience :: Developers
Classifier: Natural Language :: English
@@ -86,7 +22,72 @@
Classifier: Topic :: Utilities
Requires-Python: >=3.7
Description-Content-Type: text/x-rst
-Provides-Extra: tests
-Provides-Extra: crypto
Provides-Extra: docs
+Provides-Extra: crypto
+Provides-Extra: tests
Provides-Extra: dev
+License-File: LICENSE
+License-File: AUTHORS.rst
+
+PyJWT
+=====
+
+.. image:: https://github.com/jpadilla/pyjwt/workflows/CI/badge.svg
+ :target: https://github.com/jpadilla/pyjwt/actions?query=workflow%3ACI
+
+.. image:: https://img.shields.io/pypi/v/pyjwt.svg
+ :target: https://pypi.python.org/pypi/pyjwt
+
+.. image:: https://codecov.io/gh/jpadilla/pyjwt/branch/master/graph/badge.svg
+ :target: https://codecov.io/gh/jpadilla/pyjwt
+
+.. image:: https://readthedocs.org/projects/pyjwt/badge/?version=stable
+ :target: https://pyjwt.readthedocs.io/en/stable/
+
+A Python implementation of `RFC 7519 <https://tools.ietf.org/html/rfc7519>`_.
Original implementation was written by `@progrium
<https://github.com/progrium>`_.
+
+Sponsor
+-------
+
++--------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| |auth0-logo| | If you want to quickly add secure token-based authentication
to Python projects, feel free to check Auth0's Python SDK and free plan at
`auth0.com/developers
<https://auth0.com/developers?utm_source=GHsponsor&utm_medium=GHsponsor&utm_campaign=pyjwt&utm_content=auth>`_.
|
++--------------+-----------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+
+.. |auth0-logo| image::
https://user-images.githubusercontent.com/83319/31722733-de95bbde-b3ea-11e7-96bf-4f4e8f915588.png
+
+Installing
+----------
+
+Install with **pip**:
+
+.. code-block:: console
+
+ $ pip install PyJWT
+
+
+Usage
+-----
+
+.. code-block:: pycon
+
+ >>> import jwt
+ >>> encoded = jwt.encode({"some": "payload"}, "secret", algorithm="HS256")
+ >>> print(encoded)
+
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb21lIjoicGF5bG9hZCJ9.4twFt5NiznN84AWoo1d7KO1T_yoc0Z6XOpOVswacPZg
+ >>> jwt.decode(encoded, "secret", algorithms=["HS256"])
+ {'some': 'payload'}
+
+Documentation
+-------------
+
+View the full docs online at https://pyjwt.readthedocs.io/en/stable/
+
+
+Tests
+-----
+
+You can run tests from the project root after cloning with:
+
+.. code-block:: console
+
+ $ tox
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyJWT-2.7.0/docs/api.rst new/PyJWT-2.8.0/docs/api.rst
--- old/PyJWT-2.7.0/docs/api.rst 2022-09-20 12:55:34.000000000 +0200
+++ new/PyJWT-2.8.0/docs/api.rst 2023-07-18 22:00:08.000000000 +0200
@@ -53,6 +53,7 @@
* ``verify_exp=verify_signature`` check that ``exp`` (expiration)
claim value is in the future
* ``verify_iat=verify_signature`` check that ``iat`` (issued at) claim
value is an integer
* ``verify_nbf=verify_signature`` check that ``nbf`` (not before)
claim value is in the past
+ * ``strict_aud=False`` check that the ``aud`` claim is a single value
(not a list), and matches ``audience`` exactly
.. warning::
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyJWT-2.7.0/jwt/__init__.py
new/PyJWT-2.8.0/jwt/__init__.py
--- old/PyJWT-2.7.0/jwt/__init__.py 2023-05-09 16:55:28.000000000 +0200
+++ new/PyJWT-2.8.0/jwt/__init__.py 2023-07-18 22:00:08.000000000 +0200
@@ -19,6 +19,7 @@
InvalidSignatureError,
InvalidTokenError,
MissingRequiredClaimError,
+ PyJWKClientConnectionError,
PyJWKClientError,
PyJWKError,
PyJWKSetError,
@@ -26,7 +27,7 @@
)
from .jwks_client import PyJWKClient
-__version__ = "2.7.0"
+__version__ = "2.8.0"
__title__ = "PyJWT"
__description__ = "JSON Web Token implementation in Python"
@@ -65,6 +66,7 @@
"InvalidSignatureError",
"InvalidTokenError",
"MissingRequiredClaimError",
+ "PyJWKClientConnectionError",
"PyJWKClientError",
"PyJWKError",
"PyJWKSetError",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyJWT-2.7.0/jwt/api_jwt.py
new/PyJWT-2.8.0/jwt/api_jwt.py
--- old/PyJWT-2.7.0/jwt/api_jwt.py 2023-05-09 15:25:05.000000000 +0200
+++ new/PyJWT-2.8.0/jwt/api_jwt.py 2023-07-18 22:00:08.000000000 +0200
@@ -251,7 +251,9 @@
self._validate_iss(payload, issuer)
if options["verify_aud"]:
- self._validate_aud(payload, audience)
+ self._validate_aud(
+ payload, audience, strict=options.get("strict_aud", False)
+ )
def _validate_required_claims(
self,
@@ -307,6 +309,8 @@
self,
payload: dict[str, Any],
audience: str | Iterable[str] | None,
+ *,
+ strict: bool = False,
) -> None:
if audience is None:
if "aud" not in payload or not payload["aud"]:
@@ -322,6 +326,22 @@
audience_claims = payload["aud"]
+ # In strict mode, we forbid list matching: the supplied audience
+ # must be a string, and it must exactly match the audience claim.
+ if strict:
+ # Only a single audience is allowed in strict mode.
+ if not isinstance(audience, str):
+ raise InvalidAudienceError("Invalid audience (strict)")
+
+ # Only a single audience claim is allowed in strict mode.
+ if not isinstance(audience_claims, str):
+ raise InvalidAudienceError("Invalid claim format in token
(strict)")
+
+ if audience != audience_claims:
+ raise InvalidAudienceError("Audience doesn't match (strict)")
+
+ return
+
if isinstance(audience_claims, str):
audience_claims = [audience_claims]
if not isinstance(audience_claims, list):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyJWT-2.7.0/jwt/jwks_client.py
new/PyJWT-2.8.0/jwt/jwks_client.py
--- old/PyJWT-2.7.0/jwt/jwks_client.py 2023-05-09 15:25:05.000000000 +0200
+++ new/PyJWT-2.8.0/jwt/jwks_client.py 2023-07-18 22:00:08.000000000 +0200
@@ -1,6 +1,7 @@
import json
import urllib.request
from functools import lru_cache
+from ssl import SSLContext
from typing import Any, Dict, List, Optional
from urllib.error import URLError
@@ -20,6 +21,7 @@
lifespan: int = 300,
headers: Optional[Dict[str, Any]] = None,
timeout: int = 30,
+ ssl_context: Optional[SSLContext] = None,
):
if headers is None:
headers = {}
@@ -27,6 +29,7 @@
self.jwk_set_cache: Optional[JWKSetCache] = None
self.headers = headers
self.timeout = timeout
+ self.ssl_context = ssl_context
if cache_jwk_set:
# Init jwt set cache with default or given lifespan.
@@ -48,7 +51,9 @@
jwk_set: Any = None
try:
r = urllib.request.Request(url=self.uri, headers=self.headers)
- with urllib.request.urlopen(r, timeout=self.timeout) as response:
+ with urllib.request.urlopen(
+ r, timeout=self.timeout, context=self.ssl_context
+ ) as response:
jwk_set = json.load(response)
except (URLError, TimeoutError) as e:
raise PyJWKClientConnectionError(
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyJWT-2.7.0/tests/test_api_jwt.py
new/PyJWT-2.8.0/tests/test_api_jwt.py
--- old/PyJWT-2.7.0/tests/test_api_jwt.py 2023-05-09 15:25:05.000000000
+0200
+++ new/PyJWT-2.8.0/tests/test_api_jwt.py 2023-07-18 22:00:08.000000000
+0200
@@ -723,3 +723,82 @@
jwt.decode_complete(jwt_message, secret, algorithms=["HS256"],
foo="bar")
assert len(record) == 1
assert "foo" in str(record[0].message)
+
+ def test_decode_strict_aud_forbids_list_audience(self, jwt, payload):
+ secret = "secret"
+ payload["aud"] = "urn:foo"
+ jwt_message = jwt.encode(payload, secret)
+
+ # Decodes without `strict_aud`.
+ jwt.decode(
+ jwt_message,
+ secret,
+ audience=["urn:foo", "urn:bar"],
+ options={"strict_aud": False},
+ algorithms=["HS256"],
+ )
+
+ # Fails with `strict_aud`.
+ with pytest.raises(InvalidAudienceError, match=r"Invalid audience
\(strict\)"):
+ jwt.decode(
+ jwt_message,
+ secret,
+ audience=["urn:foo", "urn:bar"],
+ options={"strict_aud": True},
+ algorithms=["HS256"],
+ )
+
+ def test_decode_strict_aud_forbids_list_claim(self, jwt, payload):
+ secret = "secret"
+ payload["aud"] = ["urn:foo", "urn:bar"]
+ jwt_message = jwt.encode(payload, secret)
+
+ # Decodes without `strict_aud`.
+ jwt.decode(
+ jwt_message,
+ secret,
+ audience="urn:foo",
+ options={"strict_aud": False},
+ algorithms=["HS256"],
+ )
+
+ # Fails with `strict_aud`.
+ with pytest.raises(
+ InvalidAudienceError, match=r"Invalid claim format in token
\(strict\)"
+ ):
+ jwt.decode(
+ jwt_message,
+ secret,
+ audience="urn:foo",
+ options={"strict_aud": True},
+ algorithms=["HS256"],
+ )
+
+ def test_decode_strict_aud_does_not_match(self, jwt, payload):
+ secret = "secret"
+ payload["aud"] = "urn:foo"
+ jwt_message = jwt.encode(payload, secret)
+
+ with pytest.raises(
+ InvalidAudienceError, match=r"Audience doesn't match \(strict\)"
+ ):
+ jwt.decode(
+ jwt_message,
+ secret,
+ audience="urn:bar",
+ options={"strict_aud": True},
+ algorithms=["HS256"],
+ )
+
+ def test_decode_strict_ok(self, jwt, payload):
+ secret = "secret"
+ payload["aud"] = "urn:foo"
+ jwt_message = jwt.encode(payload, secret)
+
+ jwt.decode(
+ jwt_message,
+ secret,
+ audience="urn:foo",
+ options={"strict_aud": True},
+ algorithms=["HS256"],
+ )
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/PyJWT-2.7.0/tests/test_jwks_client.py
new/PyJWT-2.8.0/tests/test_jwks_client.py
--- old/PyJWT-2.7.0/tests/test_jwks_client.py 2023-05-09 15:25:05.000000000
+0200
+++ new/PyJWT-2.8.0/tests/test_jwks_client.py 2023-07-18 22:00:08.000000000
+0200
@@ -1,5 +1,6 @@
import contextlib
import json
+import ssl
import time
from unittest import mock
from urllib.error import URLError
@@ -335,3 +336,22 @@
jwks_client.get_jwk_set()
assert 'Fail to fetch data from the url, err: "timed out"' in
str(exc.value)
+
+ def test_get_jwt_set_sslcontext_default(self):
+ url = "https://dev-87evx9ru.auth0.com/.well-known/jwks.json";
+ jwks_client = PyJWKClient(url,
ssl_context=ssl.create_default_context())
+
+ jwk_set = jwks_client.get_jwk_set()
+
+ assert jwk_set is not None
+
+ def test_get_jwt_set_sslcontext_no_ca(self):
+ url = "https://dev-87evx9ru.auth0.com/.well-known/jwks.json";
+ jwks_client = PyJWKClient(
+ url, ssl_context=ssl.SSLContext(protocol=ssl.PROTOCOL_TLS_CLIENT)
+ )
+
+ with pytest.raises(PyJWKClientError):
+ jwks_client.get_jwk_set()
+
+ assert "Failed to get an expected error"
