Workflow

Flask-jwt-extended

Latest version: v4.7.1

Safety actively analyzes 687918 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 7 of 16

3.15.0

* Adds the `JWT_DECODE_LEEWAY` option (218). Thanks otetard!
* Adds the ability to use other data structures besides lists (such as sets, tuples, etc) as config values (215) Thanks illia-v!

3.14.0

In this release we are modifying how decoded tokens work, so that this extension can be more easily used by other JWT providers (212). The important changes in this release are:

* added the `JWT_DECODE_AUDIENCE` configuration option, for using the `aud` claim in JWTs
* Change the `decode_key_callback()` function to now take the unverified headers as well as the unverified claims as arguments. If you have existing code that only takes one argument, it will still work, but you will see a depreciation warning when it is called. You should update your callback to take a second parameter to fix that. As an example `decode_key(claims)` would become `decode_key(claims, headers)`.
* If the `jti` claim doesn't exist in a token, it will now be set to `None` in the decoded dictionary instead of raising an error
* If the `type` claim doesn't exist in a token, it will be marked as an access token and `'type': 'access'` will be set in the decoded dictionary
* If the `fresh` claim doesn't exist in a token, it will be marked as a non-fresh token and `'fresh': False` will be set in the decoded dictionary

Many thanks to acrossen for making this release possible!

3.13.1

* Include tests in MANIFEST.in (197)

3.13.0

* Add support for custom encode and decode keys (91). There are now two new callbacks that can be registered: `decode_key_loader` and `encode_key_loader`. The decode callback is passed in the **unverified** JWT claims, and must return a string that will be used to decode and verify the JWT. The encode callback is passed in the identity (as passed in to the `create_access_token` or `create_refresh_token` functions) and must return a string that will be used to encode a JWT. If unset, the `JWT_SECRET_KEY`, `JWT_PUBLIC_KEY`, or `JWT_PRIVATE_KEY` will still be used as appropriate.

3.12.1

* Requires cryptography >= 2.3 in response to https://nvd.nist.gov/vuln/detail/CVE-2018-10903

3.12.0

* Add ability to get the JWT from the JSON body of the request (173). Thanks luord!!

Page 7 of 16

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.