Bump pyjwt from 2.8.0 to 2.9.0 (#2374)

* Bump pyjwt from 2.8.0 to 2.9.0 Bumps [pyjwt](https://github.com/jpadilla/pyjwt) from 2.8.0 to 2.9.0. - [Release notes](https://github.com/jpadilla/pyjwt/releases) - [Changelog](https://github.com/jpadilla/pyjwt/blob/master/CHANGELOG.rst) - [Commits](https://github.com/jpadilla/pyjwt/compare/2.8.0...2.9.0) --- updated-dependencies: - dependency-name: pyjwt dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Update pyjwt==2.9.0 --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: JonnyWong16 <9099342+JonnyWong16@users.noreply.github.com> [skip ci]
2025-07-10 15:32:38 -07:00 · 2024-08-10 19:18:24 -07:00 · 2024-08-10 19:18:24 -07:00 · da501df846
commit da501df846
parent 43cb027592
8 changed files with 102 additions and 87 deletions
--- a/lib/jwt/api_jwt.py
+++ b/lib/jwt/api_jwt.py
@ -5,7 +5,7 @@ import warnings
 from calendar import timegm
 from collections.abc import Iterable
 from datetime import datetime, timedelta, timezone
-from typing import TYPE_CHECKING, Any
+from typing import TYPE_CHECKING, Any, List

 from . import api_jws
 from .exceptions import (
@ -21,6 +21,7 @@ from .warnings import RemovedInPyjwt3Warning

 if TYPE_CHECKING:
    from .algorithms import AllowedPrivateKeys, AllowedPublicKeys
+    from .api_jwk import PyJWK


 class PyJWT:
@ -100,7 +101,7 @@ class PyJWT:
    def decode_complete(
        self,
        jwt: str | bytes,
-        key: AllowedPublicKeys | str | bytes = "",
+        key: AllowedPublicKeys | PyJWK | str | bytes = "",
        algorithms: list[str] | None = None,
        options: dict[str, Any] | None = None,
        # deprecated arg, remove in pyjwt3
@ -110,7 +111,7 @@ class PyJWT:
        # passthrough arguments to _validate_claims
        # consider putting in options
        audience: str | Iterable[str] | None = None,
-        issuer: str | None = None,
+        issuer: str | List[str] | None = None,
        leeway: float | timedelta = 0,
        # kwargs
        **kwargs: Any,
@ -185,7 +186,7 @@ class PyJWT:
    def decode(
        self,
        jwt: str | bytes,
-        key: AllowedPublicKeys | str | bytes = "",
+        key: AllowedPublicKeys | PyJWK | str | bytes = "",
        algorithms: list[str] | None = None,
        options: dict[str, Any] | None = None,
        # deprecated arg, remove in pyjwt3
@ -195,7 +196,7 @@ class PyJWT:
        # passthrough arguments to _validate_claims
        # consider putting in options
        audience: str | Iterable[str] | None = None,
-        issuer: str | None = None,
+        issuer: str | List[str] | None = None,
        leeway: float | timedelta = 0,
        # kwargs
        **kwargs: Any,
@ -300,7 +301,7 @@ class PyJWT:
        try:
            exp = int(payload["exp"])
        except ValueError:
-            raise DecodeError("Expiration Time claim (exp) must be an" " integer.")
+            raise DecodeError("Expiration Time claim (exp) must be an integer.")

        if exp <= (now - leeway):
            raise ExpiredSignatureError("Signature has expired")
@ -362,8 +363,12 @@ class PyJWT:
        if "iss" not in payload:
            raise MissingRequiredClaimError("iss")

-        if payload["iss"] != issuer:
-            raise InvalidIssuerError("Invalid issuer")
+        if isinstance(issuer, list):
+            if payload["iss"] not in issuer:
+                raise InvalidIssuerError("Invalid issuer")
+        else:
+            if payload["iss"] != issuer:
+                raise InvalidIssuerError("Invalid issuer")


 _jwt_global_obj = PyJWT()