search

jpadilla / pyjwt

JSON Web Token implementation in Python
https://pyjwt.readthedocs.io
MIT License
4.99k stars 676 forks source link

Ability to disable refresh & retry on `kid` mismatch #929

Closed kpark-hrp closed 3 months ago

kpark-hrp commented 7 months ago

Description

If the get_signing_key() method fails to match the kid, then it tries again after refreshing the JWK set.

I would like the option to disable this behavior; therefore, the method simply throws an exception without retry behavior if the kid match is not found. https://github.com/jpadilla/pyjwt/blob/50ecae21c3ecf36f7c2a285e4e59dae1d9391e3d/jwt/jwks_client.py#L94-L101

Proposed Solution

Update following methods to like this.

def get_signing_key(self, kid: str, retry: bool) -> PyJWK: 
    ...

def get_signing_key_from_jwt(self, token: str, retry: bool = True) -> PyJWK:
    ...
kpark-hrp commented 7 months ago

@auvipy Is this a reasonable approach?

auvipy commented 7 months ago

I might not be available in the next couple of days.

kpark-hrp commented 6 months ago

Hey @auvipy, following up. Any opinion on the design?

github-actions[bot] commented 4 months ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days