mypy. Key can be cryptography.hazmat.backends.openssl.rsa._RSAPublicKey not only string

[ievgennaida]

Summary. jwt.decode can accept cryptography.hazmat.backends.openssl.rsa._RSAPublicKey or private key or string.

Expected Result

Allow to pass not only string.

Actual Result

Warning from mypy while only string is expected but actually public key is expected.

Reproduction Steps

jwk_set = PyJWKSet.from_json(data) jwt.decode("", key= jwk_set.keys[0].key);

System Information

$ python -m jwt.help

{
  "cryptography": {
    "version": "39.0.0"
  },
  "implementation": {
    "name": "CPython",
    "version": "3.8.10"
  },
  "platform": {
    "release": "10",
    "system": "Windows"
  },
  "pyjwt": {
    "version": "2.6.0"
  }
}

[Mark-Hetherington]

This tripped us up as well. MyPy suggested we pass a string, but the acceptable type depends on the algorithm, as algorith.prepare_key is called.

This appears to have been discussed in #605, #602 and the type annotation might have been changed to Any. There is more related work happening in #843 and #845

[Viicos]

Indeed this is a duplicate of #602. Some additional context is available in #843, and the solution isn't trivial. pyjwt maintainers doesn't seem to be currently active on this project, so I'll get back on this when I'll get feedback on the #843 PR description

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

[auvipy]

is it fixed now?

[Viicos]

is it fixed now?

I'll probably try to find some time to work on it, but as I said here https://github.com/jpadilla/pyjwt/issues/848#issuecomment-1405133862, it might be tricky

But this is a duplicate, so I think it can be closed