arthurian
commented
6 years ago I've confirmed that the extra dependency on the cryptography library is not necessary since the app is just using the default HMAC-SHA256 encoding algorithm, and it doesn't appear to be doing crypto anywhere else. Removed this dependency from the requirements in commit d14d031438eb6198391bed6698e82fa858ea5481, so closing this issue.
We should remove it if it is not. It appears that PyJWT has it as an
extra_requires, because some algorithms require crypto support. The default JWT encode algorithm is HS256, which does not require crypto. Assuming there's no other crypto in the app, maybe we can remove this dependency, as it also requires some other system packages that would in turn not be necessary (e.g. libffi-dev and libssl-dev on ubuntu).