Python-jwt

-----------------------------------------------------------------------

Changed
~~~~~~~

- Update python version test matrix by auvipy in `895 <https://github.com/jpadilla/pyjwt/pull/895>`__

Fixed
~~~~~

Added
~~~~~

- Add ``strict_aud`` as an option to ``jwt.decode`` by woodruffw in `902 <https://github.com/jpadilla/pyjwt/pull/902>`__
- Export PyJWKClientConnectionError class by daviddavis in `887 <https://github.com/jpadilla/pyjwt/pull/887>`__
- Allows passing of ssl.SSLContext to PyJWKClient by juur in `891 <https://github.com/jpadilla/pyjwt/pull/891>`__

-----------------------------------------------------------------------

Changed
~~~~~~~

- Changed the error message when the token audience doesn't match the expected audience by irdkwmnsb `809 <https://github.com/jpadilla/pyjwt/pull/809>`__
- Improve error messages when cryptography isn't installed by Viicos in `846 <https://github.com/jpadilla/pyjwt/pull/846>`__
- Make `Algorithm` an abstract base class by Viicos in `845 <https://github.com/jpadilla/pyjwt/pull/845>`__
- ignore invalid keys in a jwks by timw6n in `863 <https://github.com/jpadilla/pyjwt/pull/863>`__

Fixed
~~~~~

- Add classifier for Python 3.11 by eseifert in `818 <https://github.com/jpadilla/pyjwt/pull/818>`__
- Fix ``_validate_iat`` validation by Viicos in `847 <https://github.com/jpadilla/pyjwt/pull/847>`__
- fix: use datetime.datetime.timestamp function to have a milliseconds by daillouf `821 <https://github.com/jpadilla/pyjwt/pull/821>`__
- docs: correct mistake in the changelog about verify param by gbillig in `866 <https://github.com/jpadilla/pyjwt/pull/866>`__

Added
~~~~~

- Add ``compute_hash_digest`` as a method of ``Algorithm`` objects, which uses
the underlying hash algorithm to compute a digest. If there is no appropriate
hash algorithm, a ``NotImplementedError`` will be raised in `775 <https://github.com/jpadilla/pyjwt/pull/775>`__
- Add optional ``headers`` argument to ``PyJWKClient``. If provided, the headers
will be included in requests that the client uses when fetching the JWK set by thundercat1 in `823 <https://github.com/jpadilla/pyjwt/pull/823>`__
- Add PyJWT._{de,en}code_payload hooks by akx in `829 <https://github.com/jpadilla/pyjwt/pull/829>`__
- Add `sort_headers` parameter to `api_jwt.encode` by evroon in `832 <https://github.com/jpadilla/pyjwt/pull/832>`__
- Make mypy configuration stricter and improve typing by akx in `830 <https://github.com/jpadilla/pyjwt/pull/830>`__
- Add more types by Viicos in `843 <https://github.com/jpadilla/pyjwt/pull/843>`__
- Add a timeout for PyJWKClient requests by daviddavis in `875 <https://github.com/jpadilla/pyjwt/pull/875>`__
- Add client connection error exception by daviddavis in `876 <https://github.com/jpadilla/pyjwt/pull/876>`__
- Add complete types to take all allowed keys into account by Viicos in `873 <https://github.com/jpadilla/pyjwt/pull/873>`__
- Add `as_dict` option to `Algorithm.to_jwk` by fluxth in `881 <https://github.com/jpadilla/pyjwt/pull/881>`__

-----------------------------------------------------------------------

Changed
~~~~~~~

- bump up cryptography >= 3.4.0 by jpadilla in `807 <https://github.com/jpadilla/pyjwt/pull/807>`_
- Remove `types-cryptography` from `crypto` extra by lautat in `805 <https://github.com/jpadilla/pyjwt/pull/805>`_

Fixed
~~~~~

- Invalidate token on the exact second the token expires `797 <https://github.com/jpadilla/pyjwt/pull/797>`_
- fix: version 2.5.0 heading typo by c0state in `803 <https://github.com/jpadilla/pyjwt/pull/803>`_

Added
~~~~~
- Adding validation for `issued_at` when `iat > (now + leeway)` as `ImmatureSignatureError` by sriharan16 in https://github.com/jpadilla/pyjwt/pull/794

-----------------------------------------------------------------------

Changed
~~~~~~~

- Skip keys with incompatible alg when loading JWKSet by DaGuich in `762 <https://github.com/jpadilla/pyjwt/pull/762>`__
- Remove support for python3.6 by sirosen in `777 <https://github.com/jpadilla/pyjwt/pull/777>`__
- Emit a deprecation warning for unsupported kwargs by sirosen in `776 <https://github.com/jpadilla/pyjwt/pull/776>`__
- Remove redundant wheel dep from pyproject.toml by mgorny in `765 <https://github.com/jpadilla/pyjwt/pull/765>`__
- Do not fail when an unusable key occurs by DaGuich in `762 <https://github.com/jpadilla/pyjwt/pull/762>`__
- Update audience typing by JulianMaurin in `782 <https://github.com/jpadilla/pyjwt/pull/782>`__
- Improve PyJWKSet error accuracy by JulianMaurin in `786 <https://github.com/jpadilla/pyjwt/pull/786>`__
- Mypy as pre-commit check + api_jws typing by JulianMaurin in `787 <https://github.com/jpadilla/pyjwt/pull/787>`__

Fixed
~~~~~

- Adjust expected exceptions in option merging tests for PyPy3 by mgorny in `763 <https://github.com/jpadilla/pyjwt/pull/763>`__
- Fixes for pyright on strict mode by brandon-leapyear in `747 <https://github.com/jpadilla/pyjwt/pull/747>`__
- docs: fix simple typo, iinstance -> isinstance by timgates42 in `774 <https://github.com/jpadilla/pyjwt/pull/774>`__
- Fix typo: priot -> prior by jdufresne in `780 <https://github.com/jpadilla/pyjwt/pull/780>`__
- Fix for headers disorder issue by kadabusha in `721 <https://github.com/jpadilla/pyjwt/pull/721>`__

Added
~~~~~

- Add to_jwk static method to ECAlgorithm by leonsmith in `732 <https://github.com/jpadilla/pyjwt/pull/732>`__
- Expose get_algorithm_by_name as new method by sirosen in `773 <https://github.com/jpadilla/pyjwt/pull/773>`__
- Add type hints to jwt/help.py and add missing types dependency by kkirsche in `784 <https://github.com/jpadilla/pyjwt/pull/784>`__
- Add cacheing functionality for JWK set by wuhaoyujerry in `781 <https://github.com/jpadilla/pyjwt/pull/781>`__

-----------------------------------------------------------------------

Security
~~~~~~~~

- [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24

Changed
~~~~~~~

- Explicit check the key for ECAlgorithm by estin in https://github.com/jpadilla/pyjwt/pull/713
- Raise DeprecationWarning for jwt.decode(verify=...) by akx in https://github.com/jpadilla/pyjwt/pull/742

Fixed
~~~~~

- Don't use implicit optionals by rekyungmin in https://github.com/jpadilla/pyjwt/pull/705
- documentation fix: show correct scope for decode_complete() by sseering in https://github.com/jpadilla/pyjwt/pull/661
- fix: Update copyright information by kkirsche in https://github.com/jpadilla/pyjwt/pull/729
- Don't mutate options dictionary in .decode_complete() by akx in https://github.com/jpadilla/pyjwt/pull/743

Added
~~~~~

- Add support for Python 3.10 by hugovk in https://github.com/jpadilla/pyjwt/pull/699
- api_jwk: Add PyJWKSet.__getitem__ by woodruffw in https://github.com/jpadilla/pyjwt/pull/725
- Update usage.rst by guneybilen in https://github.com/jpadilla/pyjwt/pull/727
- Docs: mention performance reasons for reusing RSAPrivateKey when encoding by dmahr1 in https://github.com/jpadilla/pyjwt/pull/734
- Fixed typo in usage.rst by israelabraham in https://github.com/jpadilla/pyjwt/pull/738
- Add detached payload support for JWS encoding and decoding by fviard in https://github.com/jpadilla/pyjwt/pull/723
- Replace various string interpolations with f-strings by akx in https://github.com/jpadilla/pyjwt/pull/744
- Update CHANGELOG.rst by hipertracker in https://github.com/jpadilla/pyjwt/pull/751

-----------------------------------------------------------------------

Fixed
~~~~~

- Revert "Remove arbitrary kwargs." `701 <https://github.com/jpadilla/pyjwt/pull/701>`__

Added
~~~~~

- Add exception chaining `702 <https://github.com/jpadilla/pyjwt/pull/702>`__