Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deprecate JWS #129

Closed
davidism opened this issue Apr 2, 2019 · 4 comments · Fixed by #153
Closed

Deprecate JWS #129

davidism opened this issue Apr 2, 2019 · 4 comments · Fixed by #153
Milestone

Comments

@davidism
Copy link
Member

davidism commented Apr 2, 2019

I'm not very familiar with the standard, so it's hard to maintain. People keep mistaking JWS for JWT and then think we're not implementing things correctly. JWS seems to behave somewhat orthogonally to itsdangerous. There are libraries with dedicated JW* implementations, such as pyjwt or authlib or python-jose. It should still be possible to create a signer subclass that uses these libraries.

@davidism
Copy link
Member Author

davidism commented Apr 2, 2019

#54 has some previous discussion.

@lepture
Copy link
Contributor

lepture commented Apr 6, 2019

It is caused by the names used in itsdangerous. If we put names like exp into payload, it is a valid JWT then.

@lepture
Copy link
Contributor

lepture commented Sep 15, 2019

JWS is not used in Flask. I think we can remove it from itsdangerous.

@aviau
Copy link

aviau commented Oct 8, 2019

Ah. That's unfortunate. Given the popularity of itsdangerous I would expect that the JWS implementation has a large number of users.

@davidism davidism added this to the 2.0.0 milestone Apr 14, 2020
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 9, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants