Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Python quickstart: change recommended library #5611

Open
helfi92 opened this issue Jan 18, 2018 · 5 comments
Open

Python quickstart: change recommended library #5611

helfi92 opened this issue Jan 18, 2018 · 5 comments
Labels
quickstart verified Temporary label to help catch up with valid vs stale quickstarts issues

Comments

@helfi92
Copy link

helfi92 commented Jan 18, 2018
edited
Loading

For python's quickstart, the docs say to use python-jose-cryptodome rather than python-jose (https://auth0.com/docs/quickstart/backend/python#install-the-dependencies).

That being said, the recommended library doesn't have much GitHub activity and appears to just be a fork of python-jose that changed the vulnerable pycrypto dependency for pycryptodome, but (a) hasn't kept up with python-jose, (b) is now redundant since python-jose has just switched to pycryptodome too (mpdavis/python-jose@98406bc).

However looking at https://jwt.io/#libraries-io there appears to be yet another JWT option that's much more popular/active than python-jose:
https://github.com/jpadilla/pyjwt/

As such, would it be possible to make a change to the recommended library. Which of python-jose and PyJWT would be best for long term reliability?

Thanks!
@helfi92 helfi92 mentioned this issue Jan 19, 2018
Merged
@helfi92
Copy link
Author

helfi92 commented Jan 22, 2018

Hi @aaguiarz. Is this something you would be able to advise here? Thanks.

@RacingTadpole
Copy link

Also python-jose-cryptodome is pinned to an older version of pycryptodome (whereas python-jose is not) - see capless/python-jose-cryptodome#2

@albertoperdomo albertoperdomo added the verified Temporary label to help catch up with valid vs stale quickstarts issues label Oct 17, 2018
@edmorley
Copy link

Friendly ping? :-)

@tm9k1
Copy link

tm9k1 commented Feb 14, 2019

lol why did I get the mail?

@cocojoe
Copy link
Member

cocojoe commented Nov 19, 2019

@albertoperdomo raising for visibility

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
quickstart verified Temporary label to help catch up with valid vs stale quickstarts issues
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@albertoperdomo @edmorley @cocojoe @RacingTadpole @helfi92 @mpaktiti @tm9k1