Replacing PyJWKest dependency with PyJWT

Owned by Umar Khan
Jun 12, 2023
1 min read

Context

For decoding and encoding jwt tokens edx has been using the PyJWKest PyPi package. This package has been deprecated. Depending upon the support and usage PyJWT is a good replacement of PyJWKest.

Consequences of using PyJWT

The currently used package PyJWKest provides better jwk key set manipulation:

  • New keys can be added to a previously created keyset

  • Keset can be dumped

  • A complete keyset can be used to decode a token

But these features are not provided by PyJWT. We need to handle these ourselves in the code which makes the code redundant.

To keep things simple we can move a similar code to one of these repos

  1. https://github.com/openedx/edx-drf-extensions

  2. https://github.com/edx/token-utils

Once we move the JWT-related code to one of these repos, the repo will become a required dependency for all the python related edx repos which are handling JWT tokens.