Fastapi-cognito

Latest version: v2.7.0

Safety actively analyzes 689525 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 2

2.7.0

What's Changed
Updated Fastapi dependency version constraint, it will now use any version above 0.111.0, but will not support major version change. Generic exception handler in `_decode_token` method is removed since it was returning response with details of the exception, this will be handled by raising `HTTPException` with generic message.

Changelog
* FastAPI dependecy version constraint changed from `"^0.111.0"` to `">=0.111.0,<1.0.0"` to support newer versions of FastAPI.
* Exception handler in `_decode_token` method is removed, errors will return different message and won't turn exception details directly.

**Full Changelog**: https://github.com/markomirosavljev/fastapi-cognito/compare/v2.6.0...v2.7.0

2.6.0

What's Changed
Library will now use `httpx` instead of `aiohttp` to retrieve JWKS from cognito userpool. Increased Async LRU cache for function that retrieves JWKS. Added support for settings JWKS_URL per userpool

Major changes
* `aiohttp` is removed as dependency, instead `httpx` will be used since `aiohttp` in some cases blocked async execution. https://github.com/markomirosavljev/fastapi-cognito/issues/23

Changelog
* `httpx` library is being used instead of `aiohttp`
* Async LRU cache on `cognito_jwt.decode.__get_keys_async` is increased to 10 as temporal workaround to prevent application from retrieving JWKS with each request that uses different userpool than previous one. In the future there is idea to make this dynamic(either to set value through configuration or set it to length of `userpools` configuration field.).
* Added support for `JWKS_URL` configuration per userpool which allow setting explicit URL where JWKS can be found for that userpool.

**Full Changelog**: https://github.com/markomirosavljev/fastapi-cognito/compare/v2.5.0...v2.6.0

2.5.0

What's Changed

Dependency `cognito_jwt` is removed since library is not maintained anymore and it was using `python_jose`(also not maintained), that was using `ecdsa` with critical vulnerability. Code related to retrieving public keys and validating tokens is now part of this library and only dependency is `joserfc` that is used to replace `python_jose` functionalities. Thanks to YaraslauZhylko for pointing out this issue and suggestions in https://github.com/markomirosavljev/fastapi-cognito/issues/19

Other changes were related to some minor improvements and fixes.

Changelog
* Moved to poetry
* Type of `userpools` field changed from `dict` to `Dict` - https://github.com/markomirosavljev/fastapi-cognito/issues/17
* Added generic exception handling in `fastapi_cognito._decode_token` method. - https://github.com/markomirosavljev/fastapi-cognito/pull/22
* Removed `cognito_jwt` library and implement it's functionalities in this library - https://github.com/markomirosavljev/fastapi-cognito/pull/22
* Moved away from [`python_jose`](https://github.com/mpdavis/python-jose/) to [`joserfc`](https://github.com/authlib/joserfc) https://github.com/markomirosavljev/fastapi-cognito/pull/22
* Updating documentation - https://github.com/markomirosavljev/fastapi-cognito/pull/22


**Full Changelog**: https://github.com/markomirosavljev/fastapi-cognito/compare/v2.4.2...v2.5.0

2.4.2

Not secure
What's Changed
* Updated model config settings to support Pydantic v2


**Full Changelog**: https://github.com/markomirosavljev/fastapi-cognito/compare/v2.4.1...v2.4.2

2.4.1

Not secure
* Fixed `requests` library import exception

**Full Changelog**: https://github.com/markomirosavljev/fastapi-cognito/compare/v2.4.0...v2.4.1

2.4.0

Not secure
What's Changed
* Updated Pydantic to v2
* Updated additional dependencies and their required versions
* `cognitojwt` library now uses `decode_async` method to decode Cognito JWT
* Custom token models should now be provided as param when creating `CognitoAuth` object instead of BaseSettings. Every CognitoAuth object can use different model if needed.


**Full Changelog**: https://github.com/markomirosavljev/fastapi-cognito/compare/v.2.3.0...v2.4.0

v.2.3.0
What's Changed
* Added support for multiple userpool `app_client_ids`


**Full Changelog**: https://github.com/markomirosavljev/fastapi-cognito/compare/v2.2.1...v.2.3.0

Page 1 of 2

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.