search

mcueto / djangorestframework-auth0

Library to simply use Auth0 token authentication in DRF within djangorestframework-jwt
MIT License
91 stars 19 forks source link

Sanity check on DeprecationWarning #55

Open robindebois opened 3 years ago

robindebois commented 3 years ago

When doing some tests, I kept getting the following DeprecationWarning:

  /xxxx/lib/python3.8/site-packages/jwt/api_jwt.py:77: DeprecationWarning: It is strongly recommended that you pass in a value for the "algorithms" argument when calling decode(). This argument will be mandatory in a future version.

I checked and it seems to be caused by these lines in the utils.py file:

     if(client['AUTH0_ALGORITHM'].upper() == "RS256"):
            logger.debug(
                "Using RS256 algorithm"
            )

            payload = jwt.decode(
                auth_token,
                client['PUBLIC_KEY'],
                audience=client['AUTH0_AUDIENCE'],
                algorithm=client['AUTH0_ALGORITHM'],
            )

This is the function jwt.decode (im using PyJWT 1.7.1 as per the config).

    def decode(self,
               jwt,  # type: str
               key='',   # type: str
               verify=True,  # type: bool
               algorithms=None,  # type: List[str]
               options=None,  # type: Dict
               **kwargs):

Contrary to the encode function it seems to have a parameter called "algorithms" instead of "algorithm". Would like to know if anyone else ran into this too or I'm overlooking something.