Sem-ver: api-break Require PyJWT >= 2.11.0

Signed-off-by: David Black <dblack@atlassian.com>

Author: dbaxa

atlassian_jwt_auth/signer.py

@@ -6,6 +6,7 @@
 import jwt
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import serialization
+from jwt.types import Options
 
 from atlassian_jwt_auth import algorithms, key
 from atlassian_jwt_auth.key import BasePrivateKeyRetriever, KeyIdentifier
@@ -116,8 +117,9 @@ def can_reuse_token(self, existing_token, claims) -> bool:
         """
         if existing_token is None:
             return False
+
         existing_claims = jwt.decode(
-            existing_token, options={"verify_signature": False}
+            existing_token, options=Options(verify_signature=False)
         )
         existing_lifetime = int(existing_claims["exp"]) - int(existing_claims["iat"])
         this_lifetime = (claims["exp"] - claims["iat"]).total_seconds()

atlassian_jwt_auth/verifier.py

@@ -10,6 +10,7 @@
 from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicKey
 from jwt import PyJWK
 from jwt.exceptions import InvalidAlgorithmError
+from jwt.types import Options
 
 from atlassian_jwt_auth import KeyIdentifier, algorithms, exceptions, key
 from atlassian_jwt_auth.key import BasePublicKeyRetriever
@@ -96,12 +97,12 @@ def _decode_jwt(
         leeway: int = 0,
     ) -> Dict[Any, Any]:
         """Decode JWT and check if it's valid"""
-        options = {
-            "verify_signature": True,
-            "require": ["exp", "iat"],
-            "require_exp": True,
-            "require_iat": True,
-        }
+        options: Options = Options(
+            verify_signature=True,
+            require=["exp", "iat"],
+            verify_exp=True,
+            verify_iat=True,
+        )
 
         claims = jwt.decode(
             a_jwt,

requirements.txt

@@ -1,4 +1,4 @@
-PyJWT>=2.4.0,<3.0.0
+PyJWT>=2.11.0,<3.0.0
 PyJWT[crypto]>=2.4.0,<3.0.0
 requests>=2.8.1,<3.0.0
 CacheControl