Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fastapi-jwt should have other jwt backends besides python-jose. Authlib seems a good candidate. #40

Open
hasB4K opened this issue Feb 27, 2024 · 0 comments
Open

fastapi-jwt should have other jwt backends besides python-jose. Authlib seems a good candidate. #40

hasB4K opened this issue Feb 27, 2024 · 0 comments

Comments

@hasB4K
Copy link
Contributor

hasB4K commented Feb 27, 2024

Hello @k4black,

First, I would like to thank you for your project. I sincerely believe that this project should be merged into the main branch of fastapi.

Now, I think fastapi-jwt should either deprecate python-jose and/or offer an alternative.
python-jose did not received a new release since 2021, and the last commit was 10 month ago. A lot of people are worried about the safety of this repo now:

I think fastapi-jwt offers a lot, I don't want to manually code a jwt handler everytime I start a new project with fastapi like the doc of fastapi suggest. So I would suggest to create a JWT Backend mechanism to support at least authlib (which is heavily maintained). I think PyJWT could be a third option. fastapi-jwt should be generic enough to have custom JWT implementation defined by the user if necessary.

I have a PR coming, but I wanted to create an issue first to explain why I think this feature is mandatory.

Kind regards,
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hasB4K