Skip to content

Itsdangerous replacement with PyJWT #144

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open

Itsdangerous replacement with PyJWT #144

wants to merge 9 commits into from
+30 −30

Conversation

gerwout
Copy link

@gerwout gerwout commented Mar 24, 2022

Newer versions of Itsdangerous (i.e. 2.1.1) no longer have support for JWT encoding and/or decoding (https://github.com/pallets/itsdangerous/blob/d1c85670cce70d81f9949619434daf8c0b9cd37e/src/itsdangerous/jws.py#L23-L30). This is a breaking change for flask-oidc. This PR replaces the itsdangerous functionality with PyJWT.

gerwout added 2 commits March 24, 2022 13:49
@gerwout
Replaced itsdangerous JWT encoding and decoding with PyJWT library
3e0be4a 
Itsdangerous no longer has JWT encoding or decoding functionality with
newer versions (i.e. 2.1.1). This will completely break flask_oidc
@gerwout
- removed itsdangerous, added PyJWT
ba139d6
@jiashuChen jiashuChen mentioned this pull request May 11, 2022
Open
@billsteve
Copy link

Very nice.

@palewire
Copy link

palewire commented Jun 8, 2022

It would be great to get this merged and released.

@ecederstrand ecederstrand mentioned this pull request Jul 21, 2022
Open
@ecederstrand ecederstrand mentioned this pull request Jul 21, 2022
Closed
ecederstrand
ecederstrand reviewed Jul 21, 2022
View reviewed changes
ric-evans added a commit to WIPACrepo/mou-dashboard that referenced this pull request Aug 19, 2022
@ric-evans
itsdangerous<2.1 (puiterwijk/flask-oidc#144)
f074608
@jonnydford
Copy link

Is there anything needed to get this PR merged?

@tapanhalani
Copy link

tapanhalani commented Sep 14, 2022
edited
Loading

If everything looks good, please merge this PR asap. We use flask_oidc (1.4.0) with superset which breaks due to this.

@khteh
Copy link

khteh commented Sep 14, 2022

This project / repo needs a new owner.

@ecederstrand
Reuse requirements.txt
41388b4 
This removes duplication and pulls in the itsdangerous -> PyJWT change into setup.pp
@ecederstrand
Pull in requirements.txt into MANIFEST
57ac92f 
This allow installs from the source package to work
@rvhonorato
Copy link

rvhonorato commented Oct 24, 2022
edited
Loading

Any idea when this will be merged? @puiterwijk

@gerwout
Merge pull request #2 from ecederstrand/patch-1
f9e4367 
Reuse requirements.txt to complete PyJWT switch
@gerwout
Copy link
Author

gerwout commented Nov 2, 2022

@ecederstrand sorry for my late response, I overlooked your merge request, but I have merged your changes now as well. Would be nice if this PR can now be merged into master

@Panagiss
Copy link

Panagiss commented Nov 7, 2022

@puiterwijk This needs a merge ASAP!

@Kalzau
Copy link

Kalzau commented Nov 7, 2022

@puiterwijk It would be awesome if you could merge this PR :)

@ser ser mentioned this pull request Nov 12, 2022
Open
@benpocklingtonhes
Copy link

@puiterwijk Please can you merge this

@christian-hawk
Copy link

We should probably consider this repo unmaintained, fork it and fix it.

pypingou pushed a commit to Pagure/pagure that referenced this pull request Feb 13, 2023
@wombelix
build(requirements): pin 'itsdangerous' to < 2.1
7d6573a 
'flask-oidc' 1.4.0 (latest) still use 'JSONWebSignatureSerializer' which was removed in 'itsdangerous' v2.1.
Until puiterwijk/flask-oidc#144 is merged and a new version of flask-oidc is released,
it's necessary to pin 'itsdangerous' to a version below 2.1 if 'flask-oidc' is used.

References:
puiterwijk/flask-oidc#147
https://itsdangerous.palletsprojects.com/en/2.1.x/changes/#version-2-1-0
@zbhuiyan
Copy link

zbhuiyan commented Mar 1, 2023

@ramizarif @puiterwijk can we have this merged please?

@gautierrog
Copy link

Any chance to see this MR merged?

@frozenpandaman
Copy link

Still waiting…

@rvhonorato
Copy link

still waiting :)

@benjaminknox
Copy link

Please merge!

@abompard
Copy link
Collaborator

Hello everyone, this version of flask-oidc is abandoned. It has been forked and is now maintained at https://github.com/fedora-infra/flask-oidc/ . The new version has a few breaking changes though, please read the docs if you upgrade.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

3 more reviewers

@ecederstrand ecederstrand ecederstrand left review comments

@khteh khteh khteh approved these changes

@ramizarif ramizarif ramizarif approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.