Open siebediels opened 6 months ago
spawn-guy
commented
2 months ago @siebediels i just tested locally these modifications in #41 and they just work out-of-the-box.
there could be some improvements regarding Pydantic-v2 but otherwise looks working (with valid tokens)
i'd just merge that one PR and go ahead
spawn-guy
commented
2 months ago if needed - i can make a PR. for now i have a working local version of code. just ask ;)
spawn-guy
commented
2 months ago aaight... lezz do this https://github.com/dorinclisu/fastapi-auth0/pull/43
spawn-guy
commented
2 months ago i've made some updates and some more fixes to the PR. enforced some verifications by default, unless a developer overrides them explicitly. now - i like it. lets wait for the @dorinclisu to come back to us
additionally, i'd like to remove the email namespace parsing. to get the email you need to call Auth0Management API directly. i think. also this is private data leak if one includes the email in tokens (so be careful)
spawn-guy
commented
1 month ago bump.
unfortunately, no activity on my PR :(
Is there a plan to migrate from
python-josetopyjwt? Python-jose isn't maintained any more and contains some known vulnerabilities.I noticed that there was some effort done in #41 , but not sure what happened to it. As an intermediate solution, we could perhaps move to
python-jose[cryptography]which is already recommended above the defaultpython-jose(with Python backend)?