Add PyJwT version 2.0 compatability and update required PyJwT to v2.0

This was the change that broke our usage. ``` Dropped deprecated require_* options in jwt.decode(...) For example, instead of jwt.decode(encoded, key, algorithms=["HS256"], options={"require_exp": True}), use jwt.decode(encoded, key, algorithms=["HS256"], options={"require": ["exp"]}). ``` I switched to the new require syntax and everything started working again. Unfortunately the new fix doesn't work on old versions so I also updated the requirements.txt.
duosecurity · Mar 24, 2021 · 8315b1e · 8315b1e
1 parent c0689c4
commit 8315b1e
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/duo_universal/client.py b/duo_universal/client.py
@@ -298,9 +298,10 @@ def exchange_authorization_code_for_2fa_result(self, duoCode, username, nonce=No
                 issuer=OAUTH_V1_TOKEN_ENDPOINT.format(self._api_host),
                 leeway=LEEWAY,
                 algorithms=["HS512"],
-                options={'require_exp': True,
-                         'require_iat': True,
-                         'verify_iat': True},
+                options={
+                    'require': ['exp', 'iat'],
+                    'verify_iat': True
+                },
             )
         except Exception as e:
             raise DuoException(e)

diff --git a/requirements.txt b/requirements.txt
@@ -1,5 +1,5 @@
 cryptography>=3.2
-PyJWT>=1.7.1, < 2
+PyJWT>=2.0
 pyOpenSSL>=19.0.0
 requests>=2.22.0
 wheel>=0.35.1