Bump pyjwt from 2.6.0 to 2.8.0 (#2115)

* Bump pyjwt from 2.6.0 to 2.8.0 Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.6.0 to 2.8.0. - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](https://github.com/jpadilla/pyjwt/compare/2.6.0...2.8.0) --- updated-dependencies: - dependency-name: pyjwt dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Update pyjwt==2.8.0 --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: JonnyWong16 <9099342+JonnyWong16@users.noreply.github.com> [skip ci]
2025-07-06 13:11:15 -07:00 · 2023-08-23 21:45:15 -07:00 · 2023-08-23 21:45:15 -07:00 · c93f470371
commit c93f470371
parent 77f38bbf93
12 changed files with 542 additions and 260 deletions
--- a/lib/jwt/jwks_client.py
+++ b/lib/jwt/jwks_client.py
@ -1,12 +1,13 @@
 import json
 import urllib.request
 from functools import lru_cache
-from typing import Any, List, Optional
+from ssl import SSLContext
+from typing import Any, Dict, List, Optional
 from urllib.error import URLError

 from .api_jwk import PyJWK, PyJWKSet
 from .api_jwt import decode_complete as decode_token
-from .exceptions import PyJWKClientError
+from .exceptions import PyJWKClientConnectionError, PyJWKClientError
 from .jwk_set_cache import JWKSetCache


@ -18,9 +19,17 @@ class PyJWKClient:
        max_cached_keys: int = 16,
        cache_jwk_set: bool = True,
        lifespan: int = 300,
+        headers: Optional[Dict[str, Any]] = None,
+        timeout: int = 30,
+        ssl_context: Optional[SSLContext] = None,
    ):
+        if headers is None:
+            headers = {}
        self.uri = uri
        self.jwk_set_cache: Optional[JWKSetCache] = None
+        self.headers = headers
+        self.timeout = timeout
+        self.ssl_context = ssl_context

        if cache_jwk_set:
            # Init jwt set cache with default or given lifespan.
@ -41,10 +50,15 @@ class PyJWKClient:
    def fetch_data(self) -> Any:
        jwk_set: Any = None
        try:
-            with urllib.request.urlopen(self.uri) as response:
+            r = urllib.request.Request(url=self.uri, headers=self.headers)
+            with urllib.request.urlopen(
+                r, timeout=self.timeout, context=self.ssl_context
+            ) as response:
                jwk_set = json.load(response)
-        except URLError as e:
-            raise PyJWKClientError(f'Fail to fetch data from the url, err: "{e}"')
+        except (URLError, TimeoutError) as e:
+            raise PyJWKClientConnectionError(
+                f'Fail to fetch data from the url, err: "{e}"'
+            )
        else:
            return jwk_set
        finally:
@ -59,6 +73,9 @@ class PyJWKClient:
        if data is None:
            data = self.fetch_data()

+        if not isinstance(data, dict):
+            raise PyJWKClientError("The JWKS endpoint did not return a JSON object")
+
        return PyJWKSet.from_dict(data)

    def get_signing_keys(self, refresh: bool = False) -> List[PyJWK]: