Merge pull request atlassian#5 from atlassian/update_pyjwt_from_1.3.0_to_1.4.0

Sem-Ver: bugfix update the PyJWT dep from 1.3.0 to 1.4.0.

Author: dbaxa

atlassian_jwt_auth/verifier.py

@@ -17,7 +17,11 @@ def verify_jwt(self, a_jwt, audience, **requests_kwargs):
         """ returns the claims of the given jwt iff verification
             is successful.
         """
-        options = {'verify_signature': True}
+        options = {
+            'verify_signature': True,
+            'require_exp': True,
+            'require_iat': True,
+        }
         key_identifier = key._get_key_id_from_jwt_header(a_jwt)
         public_key = self.public_key_retriever.retrieve(
             key_identifier, **requests_kwargs)

requirements.txt

@@ -1,4 +1,4 @@
 cryptography==1.0.2
-PyJWT==1.3.0
+PyJWT==1.4.0
 requests==2.7.0
 CacheControl==0.11.5