Replacing PyJWKest dependency with PyJWT


For decoding and encoding jwt tokens edx has been using the PyJWKest PyPi package. This package has been deprecated. Depending upon the support and usage PyJWT is a good replacement of PyJWKest.

Consequences of using PyJWT

The currently used package PyJWKest provides better jwk key set manipulation:

  • New keys can be added to a previously created keyset

  • Keset can be dumped

  • A complete keyset can be used to decode a token

But these features are not provided by PyJWT. We need to handle these ourselves in the code which makes the code redundant.

To keep things simple we can move a similar code to one of these repos



Once we move the JWT-related code to one of these repos, the repo will become a required dependency for all the python related edx repos which are handling JWT tokens.