You can skip individual checks by passing an options dictionary with certain keys set to False. For example, if you want to verify the signature of a JWT that has already expired.
Thus, by default I think that the options should be left at the default, but that there is a mechanism to configure pyramid_jwtauth to disable any checks: it's then up to the app to re-introduce those checks manually if wanted.
So, I will add the following items to the configuration:
i.e. the default will be that ALL the checks will be done, with the option to disable them globally. I can't, presently, think of a way of doing it per authenticated_userid or unauthenticated_userid call.
This broke my app as I use audiences to distinguish between different parts of the service - auth and application parts.
PyJWT enforces an audience check (https://github.com/jpadilla/pyjwt) if the audience is present in the JWT:
There is also (as of PyJWT 1.1.0) a way of disabling the audience check:
Thus, by default I think that the options should be left at the default, but that there is a mechanism to configure pyramid_jwtauth to disable any checks: it's then up to the app to re-introduce those checks manually if wanted.
So, I will add the following items to the configuration:
i.e. the default will be that ALL the checks will be done, with the option to disable them globally. I can't, presently, think of a way of doing it per
authenticated_userid
orunauthenticated_userid
call.