Replacing PyJWKest dependency with PyJWT

Owned by Umar Khan
Jun 12, 2023
1 min read

Context

For decoding and encoding jwt tokens edx has been using the PyJWKest PyPi package. This package has been deprecated. Depending upon the support and usage PyJWT is a good replacement of PyJWKest.

Consequences of using PyJWT

The currently used package PyJWKest provides better jwk key set manipulation:

  • New keys can be added to a previously created keyset

  • Keset can be dumped

  • A complete keyset can be used to decode a token

But these features are not provided by PyJWT. We need to handle these ourselves in the code which makes the code redundant.

Possible repos to have JWT-related similar code

To keep things simple we can move a similar code to one of these repos

  1. GitHub - openedx/edx-drf-extensions: edX extensions for Django REST Framework

  2. GitHub - edx/token-utils: This repo houses the token utils app, meant to be used for the creation, signing, and decoding of various access tokens

Once we move the JWT-related code to one of these repos, the repo will become a required dependency for all the python related edx repos which are handling JWT tokens.