Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add complete types to take all allowed keys into account #873

Merged
merged 20 commits into from
Apr 16, 2023
Merged

Add complete types to take all allowed keys into account #873

merged 20 commits into from
Apr 16, 2023

Conversation

Viicos
Copy link
Contributor

@Viicos Viicos commented Apr 1, 2023

Fixes #602, #848, #856, #864 (comment)

I think this is the best we can get, without having to make use of TypeVar/Generic for algorithms. Had to tweak some parts to fix mypy errors.

One possible thing (as stated in #843) could be to add overloads to encode. I'll let you decide on this one, as it can hurt code readability.
Regarding the decode method, it can't be done as a list of allowed algorithms is passed.

@Viicos
Copy link
Contributor Author

Viicos commented Apr 10, 2023

Regarding 16da314, maybe we could switch to from __future__ import annotations in this file as well, to be in line with the rest of the project?

There's also the mypy checks failing, because cryptography can't be found when runing in CI

elif str_key[0:4] == "ssh-":
key = load_ssh_public_key(key)
if "-----BEGIN PUBLIC" in key_str:
key = load_pem_public_key(key_bytes) # type: ignore[assignment]
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Weird to see this is uncovered, maybe we should add a test with a key encoded in bytes? https://github.com/jpadilla/pyjwt/pull/873/files#annotation_10396943799

@auvipy auvipy self-requested a review April 10, 2023 16:59
Copy link
Collaborator

@auvipy auvipy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you please check why CI is failing?

@Viicos
Copy link
Contributor Author

Viicos commented Apr 11, 2023

can you please check why CI is failing?

  self = <jwt.api_jwt.PyJWT object at 0x7f36e4b70610>
  payload = {'claim': 'insanity', 'exp': 1681192610, 'iss': 'jeff'}
  now = 1681192613.000076, leeway = 3
  
      def _validate_exp(
          self,
          payload: dict[str, Any],
          now: float,
          leeway: float,
      ) -> None:
          try:
              exp = int(payload["exp"])
          except ValueError:
              raise DecodeError("Expiration Time claim (exp) must be an" " integer.")
      
          if exp <= (now - leeway):
  >           raise ExpiredSignatureError("Signature has expired")
  E           jwt.exceptions.ExpiredSignatureError: Signature has expired
  
  jwt/api_jwt.py:304: ExpiredSignatureError

Seems like this could fail randomly

@@ -767,12 +767,6 @@ def test_okp_ed25519_should_reject_non_string_key(self):
with open(key_path("testkey_ed25519.pub")) as keyfile:
algo.prepare_key(keyfile.read())

def test_okp_ed25519_should_accept_unicode_key(self):
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you please describe why this test is removed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a duplicate of

def test_okp_ed25519_should_reject_non_string_key(self):
algo = OKPAlgorithm()
with pytest.raises(InvalidKeyError):
algo.prepare_key(None)
with open(key_path("testkey_ed25519")) as keyfile:
algo.prepare_key(keyfile.read())

L764-765

In fact I think it's better to move the two valid checks from test_okp_ed25519_should_reject_non_string_key to this removed test_okp_ed25519_should_accept_unicode_key. Tell me if you want me to do it this way

@Viicos
Copy link
Contributor Author

Viicos commented Apr 13, 2023

Most of the remaining mypy errors are due to the fact that alg.prepare_key/alg.from_jwk can return either a public or a private key. Do you want to keep mypy running for tests and have an explicit assignment for the return types of these methods, or just drop mypy for tests?

@auvipy
Copy link
Collaborator

auvipy commented Apr 13, 2023

Do you want to keep mypy running for tests and have an explicit assignment for the return types of these methods

yes

@auvipy auvipy merged commit 56b3d56 into jpadilla:master Apr 16, 2023
inmantaci pushed a commit to inmanta/inmanta-core that referenced this pull request May 11, 2023
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.6.0 to 2.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/releases">pyjwt's releases</a>.</em></p>
<blockquote>
<h2>2.7.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add classifier for Python 3.11 by <a href="https://github.com/eseifert"><code>@​eseifert</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/818">jpadilla/pyjwt#818</a></li>
<li>Add <code>Algorithm.compute_hash_digest</code> and use it to implement at_hash validation example by <a href="https://github.com/sirosen"><code>@​sirosen</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/775">jpadilla/pyjwt#775</a></li>
<li>fix: use datetime.datetime.timestamp function to have a milliseconds by <a href="https://github.com/daillouf"><code>@​daillouf</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/821">jpadilla/pyjwt#821</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/825">jpadilla/pyjwt#825</a></li>
<li>Custom header configuration in jwk client by <a href="https://github.com/thundercat1"><code>@​thundercat1</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/823">jpadilla/pyjwt#823</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/828">jpadilla/pyjwt#828</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/833">jpadilla/pyjwt#833</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/835">jpadilla/pyjwt#835</a></li>
<li>Add PyJWT._{de,en}code_payload hooks by <a href="https://github.com/akx"><code>@​akx</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/829">jpadilla/pyjwt#829</a></li>
<li>Add <code>sort_headers</code> parameter to <code>api_jwt.encode</code> by <a href="https://github.com/evroon"><code>@​evroon</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/832">jpadilla/pyjwt#832</a></li>
<li>Make mypy configuration stricter and improve typing by <a href="https://github.com/akx"><code>@​akx</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/830">jpadilla/pyjwt#830</a></li>
<li>Bump actions/stale from 6 to 7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/840">jpadilla/pyjwt#840</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/838">jpadilla/pyjwt#838</a></li>
<li>Add more types by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/843">jpadilla/pyjwt#843</a></li>
<li>Differentiate between two errors by <a href="https://github.com/irdkwmnsb"><code>@​irdkwmnsb</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/809">jpadilla/pyjwt#809</a></li>
<li>Fix <code>_validate_iat</code> validation by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/847">jpadilla/pyjwt#847</a></li>
<li>Improve error messages when cryptography isn't installed by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/846">jpadilla/pyjwt#846</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/852">jpadilla/pyjwt#852</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/855">jpadilla/pyjwt#855</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/859">jpadilla/pyjwt#859</a></li>
<li>Make <code>Algorithm</code> an abstract base class by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/845">jpadilla/pyjwt#845</a></li>
<li>docs: correct mistake in the changelog about verify param by <a href="https://github.com/gbillig"><code>@​gbillig</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/866">jpadilla/pyjwt#866</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/868">jpadilla/pyjwt#868</a></li>
<li>Bump actions/stale from 7 to 8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/872">jpadilla/pyjwt#872</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/874">jpadilla/pyjwt#874</a></li>
<li>Add a timeout for PyJWKClient requests by <a href="https://github.com/daviddavis"><code>@​daviddavis</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/875">jpadilla/pyjwt#875</a></li>
<li>Add client connection error exception by <a href="https://github.com/daviddavis"><code>@​daviddavis</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/876">jpadilla/pyjwt#876</a></li>
<li>Add complete types to take all allowed keys into account by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/873">jpadilla/pyjwt#873</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/878">jpadilla/pyjwt#878</a></li>
<li>Build  and upload PyPI package by <a href="https://github.com/jpadilla"><code>@​jpadilla</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/884">jpadilla/pyjwt#884</a></li>
<li>Fix for issue <a href="https://github.com/jpadilla/pyjwt/issues/862">#862</a> - ignore invalid keys in a jwks. by <a href="https://github.com/timw6n"><code>@​timw6n</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/863">jpadilla/pyjwt#863</a></li>
<li>Add <code>as_dict</code> option to <code>Algorithm.to_jwk</code> by <a href="https://github.com/fluxth"><code>@​fluxth</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/881">jpadilla/pyjwt#881</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/eseifert"><code>@​eseifert</code></a> made their first contribution in <a href="https://github.com/jpadilla/pyjwt/pull/818">jpadilla/pyjwt#818</a></li>
<li><a href="https://github.com/daillouf"><code>@​daillouf</code></a> made their first contribution in <a href="https://github.com/jpadilla/pyjwt/pull/821">jpadilla/pyjwt#821</a></li>
<li><a href="https://github.com/thundercat1"><code>@​thundercat1</code></a> made their first contribution in <a href="https://github.com/jpadilla/pyjwt/pull/823">jpadilla/pyjwt#823</a></li>
<li><a href="https://github.com/evroon"><code>@​evroon</code></a> made their first contribution in <a href="https://github.com/jpadilla/pyjwt/pull/832">jpadilla/pyjwt#832</a></li>
<li><a href="https://github.com/Viicos"><code>@​Viicos</code></a> made their first contribution in <a href="https://github.com/jpadilla/pyjwt/pull/843">jpadilla/pyjwt#843</a></li>
<li><a href="https://github.com/irdkwmnsb"><code>@​irdkwmnsb</code></a> made their first contribution in <a href="https://github.com/jpadilla/pyjwt/pull/809">jpadilla/pyjwt#809</a></li>
<li><a href="https://github.com/gbillig"><code>@​gbillig</code></a> made their first contribution in <a href="https://github.com/jpadilla/pyjwt/pull/866">jpadilla/pyjwt#866</a></li>
<li><a href="https://github.com/daviddavis"><code>@​daviddavis</code></a> made their first contribution in <a href="https://github.com/jpadilla/pyjwt/pull/875">jpadilla/pyjwt#875</a></li>
<li><a href="https://github.com/timw6n"><code>@​timw6n</code></a> made their first contribution in <a href="https://github.com/jpadilla/pyjwt/pull/863">jpadilla/pyjwt#863</a></li>
<li><a href="https://github.com/fluxth"><code>@​fluxth</code></a> made their first contribution in <a href="https://github.com/jpadilla/pyjwt/pull/881">jpadilla/pyjwt#881</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/jpadilla/pyjwt/compare/2.6.0...2.7.0">https://github.com/jpadilla/pyjwt/compare/2.6.0...2.7.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst">pyjwt's changelog</a>.</em></p>
<blockquote>
<h2><code>v2.7.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.6.0...2.7.0&gt;</code>__</h2>
<p>Changed</p>
<pre><code>
- Changed the error message when the token audience doesn't match the expected audience by @irdkwmnsb `[#809](jpadilla/pyjwt#809) &lt;https://github.com/jpadilla/pyjwt/pull/809&gt;`__
- Improve error messages when cryptography isn't installed by @Viicos in `[#846](jpadilla/pyjwt#846) &lt;https://github.com/jpadilla/pyjwt/pull/846&gt;`__
- Make `Algorithm` an abstract base class by @Viicos in `[#845](jpadilla/pyjwt#845) &lt;https://github.com/jpadilla/pyjwt/pull/845&gt;`__
- ignore invalid keys in a jwks by @timw6n in `[#863](jpadilla/pyjwt#863) &lt;https://github.com/jpadilla/pyjwt/pull/863&gt;`__
<p>Fixed</p>
<pre><code>
- Add classifier for Python 3.11 by @eseifert in `[#818](jpadilla/pyjwt#818) &amp;lt;https://github.com/jpadilla/pyjwt/pull/818&amp;gt;`__
- Fix ``_validate_iat`` validation by @Viicos in `[#847](jpadilla/pyjwt#847) &amp;lt;https://github.com/jpadilla/pyjwt/pull/847&amp;gt;`__
- fix: use datetime.datetime.timestamp function to have a milliseconds by @daillouf `[#821](jpadilla/pyjwt#821) &amp;lt;https://github.com/jpadilla/pyjwt/pull/821&amp;gt;`__
- docs: correct mistake in the changelog about verify param by @gbillig in `[#866](jpadilla/pyjwt#866) &amp;lt;https://github.com/jpadilla/pyjwt/pull/866&amp;gt;`__

Added
</code></pre>
<ul>
<li>Add <code>compute_hash_digest</code> as a method of <code>Algorithm</code> objects, which uses
the underlying hash algorithm to compute a digest. If there is no appropriate
hash algorithm, a <code>NotImplementedError</code> will be raised in <code>[#775](jpadilla/pyjwt#775) &amp;lt;https://github.com/jpadilla/pyjwt/pull/775&amp;gt;</code>__</li>
<li>Add optional <code>headers</code> argument to <code>PyJWKClient</code>. If provided, the headers
will be included in requests that the client uses when fetching the JWK set by <a href="https://github.com/thundercat1"><code>@​thundercat1</code></a> in <code>[#823](jpadilla/pyjwt#823) &amp;lt;https://github.com/jpadilla/pyjwt/pull/823&amp;gt;</code>__</li>
<li>Add PyJWT._{de,en}code_payload hooks by <a href="https://github.com/akx"><code>@​akx</code></a> in <code>[#829](jpadilla/pyjwt#829) &amp;lt;https://github.com/jpadilla/pyjwt/pull/829&amp;gt;</code>__</li>
<li>Add <code>sort_headers</code> parameter to <code>api_jwt.encode</code> by <a href="https://github.com/evroon"><code>@​evroon</code></a> in <code>[#832](jpadilla/pyjwt#832) &amp;lt;https://github.com/jpadilla/pyjwt/pull/832&amp;gt;</code>__</li>
<li>Make mypy configuration stricter and improve typing by <a href="https://github.com/akx"><code>@​akx</code></a> in <code>[#830](jpadilla/pyjwt#830) &amp;lt;https://github.com/jpadilla/pyjwt/pull/830&amp;gt;</code>__</li>
<li>Add more types by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <code>[#843](jpadilla/pyjwt#843) &amp;lt;https://github.com/jpadilla/pyjwt/pull/843&amp;gt;</code>__</li>
<li>Add a timeout for PyJWKClient requests by <a href="https://github.com/daviddavis"><code>@​daviddavis</code></a> in <code>[#875](jpadilla/pyjwt#875) &amp;lt;https://github.com/jpadilla/pyjwt/pull/875&amp;gt;</code>__</li>
<li>Add client connection error exception by <a href="https://github.com/daviddavis"><code>@​daviddavis</code></a> in <code>[#876](jpadilla/pyjwt#876) &amp;lt;https://github.com/jpadilla/pyjwt/pull/876&amp;gt;</code>__</li>
<li>Add complete types to take all allowed keys into account by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <code>[#873](jpadilla/pyjwt#873) &amp;lt;https://github.com/jpadilla/pyjwt/pull/873&amp;gt;</code>__</li>
<li>Add <code>as_dict</code> option to <code>Algorithm.to_jwk</code> by <a href="https://github.com/fluxth"><code>@​fluxth</code></a> in <code>[#881](jpadilla/pyjwt#881) &amp;lt;https://github.com/jpadilla/pyjwt/pull/881&amp;gt;</code>__
</code></pre></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/jpadilla/pyjwt/commit/d7c54dbebdab2ae17f7948fd4432b15e1bb82852"><code>d7c54db</code></a> chore: update readme</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/c35e59b9f2c0bc0cf1a71b440a115d997f1e0535"><code>c35e59b</code></a> Add <code>as_dict</code> option to <code>Algorithm.to_jwk</code> (<a href="https://github.com/jpadilla/pyjwt/issues/881">#881</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/6a273419949b68ddccbe3867fd4bd8680cacf097"><code>6a27341</code></a> Fix for issue <a href="https://github.com/jpadilla/pyjwt/issues/862">#862</a> - ignore invalid keys in a jwks. (<a href="https://github.com/jpadilla/pyjwt/issues/863">#863</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/abeeacb99a30a5c2ae60c1696bb7ead012405349"><code>abeeacb</code></a> bump up version to 2.7.0</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/d8b12421654840418fd25b86553795c0c09ed0a9"><code>d8b1242</code></a> Update pypi-package.yml</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/6d1c3d341af3378653af3653436bd9ff411e5e63"><code>6d1c3d3</code></a> Update pypi-package.yml</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/81b9ef4888fc75f8a3b7224f15eb8b18146f4b44"><code>81b9ef4</code></a> Create pypi-package.yml (<a href="https://github.com/jpadilla/pyjwt/issues/884">#884</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/97711b1a4fc322796092faa6bb18f8097b8eed62"><code>97711b1</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github.com/jpadilla/pyjwt/issues/878">#878</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/56b3d5633160e79e1f4c5c09023d68759cbf84a6"><code>56b3d56</code></a> Add complete types to take all allowed keys into account (<a href="https://github.com/jpadilla/pyjwt/issues/873">#873</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/ba726444a6cee75af59feb8ea08294d0ac89bedb"><code>ba72644</code></a> Add client connection error exception (<a href="https://github.com/jpadilla/pyjwt/issues/876">#876</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/jpadilla/pyjwt/compare/2.6.0...2.7.0">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt&package-manager=pip&previous-version=2.6.0&new-version=2.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
inmantaci pushed a commit to inmanta/inmanta-core that referenced this pull request May 11, 2023
Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.6.0 to 2.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/releases">pyjwt's releases</a>.</em></p>
<blockquote>
<h2>2.7.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add classifier for Python 3.11 by <a href="https://github.com/eseifert"><code>@​eseifert</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/818">jpadilla/pyjwt#818</a></li>
<li>Add <code>Algorithm.compute_hash_digest</code> and use it to implement at_hash validation example by <a href="https://github.com/sirosen"><code>@​sirosen</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/775">jpadilla/pyjwt#775</a></li>
<li>fix: use datetime.datetime.timestamp function to have a milliseconds by <a href="https://github.com/daillouf"><code>@​daillouf</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/821">jpadilla/pyjwt#821</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/825">jpadilla/pyjwt#825</a></li>
<li>Custom header configuration in jwk client by <a href="https://github.com/thundercat1"><code>@​thundercat1</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/823">jpadilla/pyjwt#823</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/828">jpadilla/pyjwt#828</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/833">jpadilla/pyjwt#833</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/835">jpadilla/pyjwt#835</a></li>
<li>Add PyJWT._{de,en}code_payload hooks by <a href="https://github.com/akx"><code>@​akx</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/829">jpadilla/pyjwt#829</a></li>
<li>Add <code>sort_headers</code> parameter to <code>api_jwt.encode</code> by <a href="https://github.com/evroon"><code>@​evroon</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/832">jpadilla/pyjwt#832</a></li>
<li>Make mypy configuration stricter and improve typing by <a href="https://github.com/akx"><code>@​akx</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/830">jpadilla/pyjwt#830</a></li>
<li>Bump actions/stale from 6 to 7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/840">jpadilla/pyjwt#840</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/838">jpadilla/pyjwt#838</a></li>
<li>Add more types by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/843">jpadilla/pyjwt#843</a></li>
<li>Differentiate between two errors by <a href="https://github.com/irdkwmnsb"><code>@​irdkwmnsb</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/809">jpadilla/pyjwt#809</a></li>
<li>Fix <code>_validate_iat</code> validation by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/847">jpadilla/pyjwt#847</a></li>
<li>Improve error messages when cryptography isn't installed by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/846">jpadilla/pyjwt#846</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/852">jpadilla/pyjwt#852</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/855">jpadilla/pyjwt#855</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/859">jpadilla/pyjwt#859</a></li>
<li>Make <code>Algorithm</code> an abstract base class by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/845">jpadilla/pyjwt#845</a></li>
<li>docs: correct mistake in the changelog about verify param by <a href="https://github.com/gbillig"><code>@​gbillig</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/866">jpadilla/pyjwt#866</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/868">jpadilla/pyjwt#868</a></li>
<li>Bump actions/stale from 7 to 8 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/872">jpadilla/pyjwt#872</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/874">jpadilla/pyjwt#874</a></li>
<li>Add a timeout for PyJWKClient requests by <a href="https://github.com/daviddavis"><code>@​daviddavis</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/875">jpadilla/pyjwt#875</a></li>
<li>Add client connection error exception by <a href="https://github.com/daviddavis"><code>@​daviddavis</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/876">jpadilla/pyjwt#876</a></li>
<li>Add complete types to take all allowed keys into account by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/873">jpadilla/pyjwt#873</a></li>
<li>[pre-commit.ci] pre-commit autoupdate by <a href="https://github.com/pre-commit-ci"><code>@​pre-commit-ci</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/878">jpadilla/pyjwt#878</a></li>
<li>Build  and upload PyPI package by <a href="https://github.com/jpadilla"><code>@​jpadilla</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/884">jpadilla/pyjwt#884</a></li>
<li>Fix for issue <a href="https://github.com/jpadilla/pyjwt/issues/862">#862</a> - ignore invalid keys in a jwks. by <a href="https://github.com/timw6n"><code>@​timw6n</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/863">jpadilla/pyjwt#863</a></li>
<li>Add <code>as_dict</code> option to <code>Algorithm.to_jwk</code> by <a href="https://github.com/fluxth"><code>@​fluxth</code></a> in <a href="https://github.com/jpadilla/pyjwt/pull/881">jpadilla/pyjwt#881</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/eseifert"><code>@​eseifert</code></a> made their first contribution in <a href="https://github.com/jpadilla/pyjwt/pull/818">jpadilla/pyjwt#818</a></li>
<li><a href="https://github.com/daillouf"><code>@​daillouf</code></a> made their first contribution in <a href="https://github.com/jpadilla/pyjwt/pull/821">jpadilla/pyjwt#821</a></li>
<li><a href="https://github.com/thundercat1"><code>@​thundercat1</code></a> made their first contribution in <a href="https://github.com/jpadilla/pyjwt/pull/823">jpadilla/pyjwt#823</a></li>
<li><a href="https://github.com/evroon"><code>@​evroon</code></a> made their first contribution in <a href="https://github.com/jpadilla/pyjwt/pull/832">jpadilla/pyjwt#832</a></li>
<li><a href="https://github.com/Viicos"><code>@​Viicos</code></a> made their first contribution in <a href="https://github.com/jpadilla/pyjwt/pull/843">jpadilla/pyjwt#843</a></li>
<li><a href="https://github.com/irdkwmnsb"><code>@​irdkwmnsb</code></a> made their first contribution in <a href="https://github.com/jpadilla/pyjwt/pull/809">jpadilla/pyjwt#809</a></li>
<li><a href="https://github.com/gbillig"><code>@​gbillig</code></a> made their first contribution in <a href="https://github.com/jpadilla/pyjwt/pull/866">jpadilla/pyjwt#866</a></li>
<li><a href="https://github.com/daviddavis"><code>@​daviddavis</code></a> made their first contribution in <a href="https://github.com/jpadilla/pyjwt/pull/875">jpadilla/pyjwt#875</a></li>
<li><a href="https://github.com/timw6n"><code>@​timw6n</code></a> made their first contribution in <a href="https://github.com/jpadilla/pyjwt/pull/863">jpadilla/pyjwt#863</a></li>
<li><a href="https://github.com/fluxth"><code>@​fluxth</code></a> made their first contribution in <a href="https://github.com/jpadilla/pyjwt/pull/881">jpadilla/pyjwt#881</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/jpadilla/pyjwt/compare/2.6.0...2.7.0">https://github.com/jpadilla/pyjwt/compare/2.6.0...2.7.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst">pyjwt's changelog</a>.</em></p>
<blockquote>
<h2><code>v2.7.0 &lt;https://github.com/jpadilla/pyjwt/compare/2.6.0...2.7.0&gt;</code>__</h2>
<p>Changed</p>
<pre><code>
- Changed the error message when the token audience doesn't match the expected audience by @irdkwmnsb `[#809](jpadilla/pyjwt#809) &lt;https://github.com/jpadilla/pyjwt/pull/809&gt;`__
- Improve error messages when cryptography isn't installed by @Viicos in `[#846](jpadilla/pyjwt#846) &lt;https://github.com/jpadilla/pyjwt/pull/846&gt;`__
- Make `Algorithm` an abstract base class by @Viicos in `[#845](jpadilla/pyjwt#845) &lt;https://github.com/jpadilla/pyjwt/pull/845&gt;`__
- ignore invalid keys in a jwks by @timw6n in `[#863](jpadilla/pyjwt#863) &lt;https://github.com/jpadilla/pyjwt/pull/863&gt;`__
<p>Fixed</p>
<pre><code>
- Add classifier for Python 3.11 by @eseifert in `[#818](jpadilla/pyjwt#818) &amp;lt;https://github.com/jpadilla/pyjwt/pull/818&amp;gt;`__
- Fix ``_validate_iat`` validation by @Viicos in `[#847](jpadilla/pyjwt#847) &amp;lt;https://github.com/jpadilla/pyjwt/pull/847&amp;gt;`__
- fix: use datetime.datetime.timestamp function to have a milliseconds by @daillouf `[#821](jpadilla/pyjwt#821) &amp;lt;https://github.com/jpadilla/pyjwt/pull/821&amp;gt;`__
- docs: correct mistake in the changelog about verify param by @gbillig in `[#866](jpadilla/pyjwt#866) &amp;lt;https://github.com/jpadilla/pyjwt/pull/866&amp;gt;`__

Added
</code></pre>
<ul>
<li>Add <code>compute_hash_digest</code> as a method of <code>Algorithm</code> objects, which uses
the underlying hash algorithm to compute a digest. If there is no appropriate
hash algorithm, a <code>NotImplementedError</code> will be raised in <code>[#775](jpadilla/pyjwt#775) &amp;lt;https://github.com/jpadilla/pyjwt/pull/775&amp;gt;</code>__</li>
<li>Add optional <code>headers</code> argument to <code>PyJWKClient</code>. If provided, the headers
will be included in requests that the client uses when fetching the JWK set by <a href="https://github.com/thundercat1"><code>@​thundercat1</code></a> in <code>[#823](jpadilla/pyjwt#823) &amp;lt;https://github.com/jpadilla/pyjwt/pull/823&amp;gt;</code>__</li>
<li>Add PyJWT._{de,en}code_payload hooks by <a href="https://github.com/akx"><code>@​akx</code></a> in <code>[#829](jpadilla/pyjwt#829) &amp;lt;https://github.com/jpadilla/pyjwt/pull/829&amp;gt;</code>__</li>
<li>Add <code>sort_headers</code> parameter to <code>api_jwt.encode</code> by <a href="https://github.com/evroon"><code>@​evroon</code></a> in <code>[#832](jpadilla/pyjwt#832) &amp;lt;https://github.com/jpadilla/pyjwt/pull/832&amp;gt;</code>__</li>
<li>Make mypy configuration stricter and improve typing by <a href="https://github.com/akx"><code>@​akx</code></a> in <code>[#830](jpadilla/pyjwt#830) &amp;lt;https://github.com/jpadilla/pyjwt/pull/830&amp;gt;</code>__</li>
<li>Add more types by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <code>[#843](jpadilla/pyjwt#843) &amp;lt;https://github.com/jpadilla/pyjwt/pull/843&amp;gt;</code>__</li>
<li>Add a timeout for PyJWKClient requests by <a href="https://github.com/daviddavis"><code>@​daviddavis</code></a> in <code>[#875](jpadilla/pyjwt#875) &amp;lt;https://github.com/jpadilla/pyjwt/pull/875&amp;gt;</code>__</li>
<li>Add client connection error exception by <a href="https://github.com/daviddavis"><code>@​daviddavis</code></a> in <code>[#876](jpadilla/pyjwt#876) &amp;lt;https://github.com/jpadilla/pyjwt/pull/876&amp;gt;</code>__</li>
<li>Add complete types to take all allowed keys into account by <a href="https://github.com/Viicos"><code>@​Viicos</code></a> in <code>[#873](jpadilla/pyjwt#873) &amp;lt;https://github.com/jpadilla/pyjwt/pull/873&amp;gt;</code>__</li>
<li>Add <code>as_dict</code> option to <code>Algorithm.to_jwk</code> by <a href="https://github.com/fluxth"><code>@​fluxth</code></a> in <code>[#881](jpadilla/pyjwt#881) &amp;lt;https://github.com/jpadilla/pyjwt/pull/881&amp;gt;</code>__
</code></pre></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/jpadilla/pyjwt/commit/d7c54dbebdab2ae17f7948fd4432b15e1bb82852"><code>d7c54db</code></a> chore: update readme</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/c35e59b9f2c0bc0cf1a71b440a115d997f1e0535"><code>c35e59b</code></a> Add <code>as_dict</code> option to <code>Algorithm.to_jwk</code> (<a href="https://github.com/jpadilla/pyjwt/issues/881">#881</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/6a273419949b68ddccbe3867fd4bd8680cacf097"><code>6a27341</code></a> Fix for issue <a href="https://github.com/jpadilla/pyjwt/issues/862">#862</a> - ignore invalid keys in a jwks. (<a href="https://github.com/jpadilla/pyjwt/issues/863">#863</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/abeeacb99a30a5c2ae60c1696bb7ead012405349"><code>abeeacb</code></a> bump up version to 2.7.0</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/d8b12421654840418fd25b86553795c0c09ed0a9"><code>d8b1242</code></a> Update pypi-package.yml</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/6d1c3d341af3378653af3653436bd9ff411e5e63"><code>6d1c3d3</code></a> Update pypi-package.yml</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/81b9ef4888fc75f8a3b7224f15eb8b18146f4b44"><code>81b9ef4</code></a> Create pypi-package.yml (<a href="https://github.com/jpadilla/pyjwt/issues/884">#884</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/97711b1a4fc322796092faa6bb18f8097b8eed62"><code>97711b1</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github.com/jpadilla/pyjwt/issues/878">#878</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/56b3d5633160e79e1f4c5c09023d68759cbf84a6"><code>56b3d56</code></a> Add complete types to take all allowed keys into account (<a href="https://github.com/jpadilla/pyjwt/issues/873">#873</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/ba726444a6cee75af59feb8ea08294d0ac89bedb"><code>ba72644</code></a> Add client connection error exception (<a href="https://github.com/jpadilla/pyjwt/issues/876">#876</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/jpadilla/pyjwt/compare/2.6.0...2.7.0">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pyjwt&package-manager=pip&previous-version=2.6.0&new-version=2.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

encode()/decode() key parameter type should not be str
2 participants