Comments (4)
As an alternative, setuptools extension points could be used instead. With the current approach, any external "extension package" containing an additional algorithm implementation must be imported by the application before it could be used, because the extension package would register the algorithms only at import time.
With extension points, which are designed for use cases like these, this isn't needed anymore. A simple pip install pyjwt pyjwt-my-supercool-new-crypto-algo-addon
would suffice.
The stevedore
package takes care of most of the required plumbing; see http://stevedore.readthedocs.org/en/latest/index.html for details and examples. The "driver" approach would work for the use cases outlined in this issue, I think.
from pyjwt.
That's a neat idea! I could see that being super useful in applications that see a lot of plug-ins being developed (things like Django, SqlAlchemy, flask) and I have some ideas for where I want to use it. Thanks for sharing it! =)
For this library, I anticipate that 99.9999% of the use-cases will be people who are only using the algorithms listed in the JWA spec (which we implement all of the required, all of the reccomended, and most of the optional). I think that someone registering their own non-standard algorithms with this library would be very uncommon so I'm not sure it justifies the additional dependency on stevedore
.
I wouldn't be opposed to the setuptools option though. I'll have to read up on it.
But that's just my two cents :-)
from pyjwt.
Actually I tend to agree with you here @mark-adams. The ugly import-time side-effect and the resulting seemingly "unused" import in application code is just the price one has to pay for using non-standardized crypto! :)
from pyjwt.
For future reference: follow-up discussion in #71.
from pyjwt.
Related Issues (20)
- Why not sort_keys during json.dump ? HOT 2
- Unable to catch errors using flask @app.errorhandler HOT 1
- Add parameter for user-supplied timestamp when validating claims HOT 1
- SHA-256 not FIPS-202 compliant and a SHA-3 Update Required by NIST HOT 4
- Cryptography generated EC key is invalid HOT 1
- Ability to disable refresh & retry on `kid` mismatch HOT 4
- Security scan flags up the token being printed HOT 4
- options verify_exp not working HOT 1
- sharing namespace jwt conflict, is this possible to prevent, pip install pyJWT give no warning HOT 3
- Please stop validating that `iat <= now` by default HOT 3
- Got error: Algorithm 'ES256' could not be found. Do you have cryptography installed? HOT 3
- Migration guide for python-jose users HOT 3
- Remove algorithm parameter overwrite in PyJWS.encode HOT 1
- There should be a check on the type of algorithms in signature verification HOT 1
- Decoding fails with "Invalid payload string: must be a json object" when the JSON is an array HOT 1
- https://nvd.nist.gov/vuln/detail/CVE-2024-26130 update cryptography HOT 2
- When is python 3.12 expected to be released as a package on PIP? HOT 2
- Consider cryptography 42.x.x new validation HOT 2
- Make a release 2.9.0? Or create a checklist that contributors can help with? HOT 3
- Minimal example of implementation with encode and decode
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pyjwt.