thorwolpert / flask-jwt-oidc Goto Github PK
View Code? Open in Web Editor NEWLicense: Other
License: Other
I couldn't understand why this application needs (it is documented as a mandatory value) the client_secret given that it should not be needed for JWT validation.
I have been looking into the code, and I see it being assigned to the JwtManager but I am not able to see it being used anywhere. Am I missing something? Or is it really unused?
The release version of the library is published to pypi with the dependencies published in requirements/prod.txt
which as of now is:
click==6.7
ecdsa==0.13
Flask==1.0.2
future==0.16.0
itsdangerous==0.24
Jinja2==2.10
MarkupSafe==1.0
pyasn1==0.4.3
python-dotenv==0.8.2
python-jose==3.0.0
rsa==3.4.2
six==1.11.0
Werkzeug==0.14.1
This means if i put flask-jwt-oidc
into my application requirements then it changes the version of flask in my application, and pins a bunch of versions for libraries flask-jwt-oidc
isn't using directly.
Pinning dependencies is good for an end application, however as a library author at best you should be as flexible as possible here, possibly with a required version.
This seems to be what requirements/prod.nover.txt
is (with the exception of dotenv which is not actually a requirement).
Please make the published release less strict on requirements.
Provide the ability to cache a jwks.
As there is no TTL on a KC jwks, we should be able to set something to work around calling for the key everytime.
It should be able to:
The following line seems to assume that JWT_OIDC_ALGORITHMS
will be a string, and yet the default is an array, this results in the algorithms being set to [['RS256']]
by default which will cause the JWT parsing on line 264 to fail because jose expects the algorithms parameter to look like ['RSA256']
.
I am guessing the square brackets are by mistake?
self.algorithms = [app.config.get('JWT_OIDC_ALGORITHMS', JwtManager.ALGORITHMS)]
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.