Skip to content

v2.5.0
Compare
Choose a tag to compare
@markomirosavljev markomirosavljev released this 16 Jun 17:47
· 5 commits to main since this release
v2.5.0
aa2d021
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's Changed

Dependency cognito_jwt is removed since library is not maintained anymore and it was using python_jose(also not maintained), that was using ecdsa with critical vulnerability. Code related to retrieving public keys and validating tokens is now part of this library and only dependency is joserfc that is used to replace python_jose functionalities. Thanks to @YaraslauZhylko for pointing out this issue and suggestions in #19

Other changes were related to some minor improvements and fixes.

Changelog

  • Moved to poetry
  • Type of userpools field changed from dict to Dict - #17
  • Added generic exception handling in fastapi_cognito._decode_token method. - #22
  • Removed cognito_jwt library and implement it's functionalities in this library - #22
  • Moved away from python_jose to joserfc #22
  • Updating documentation - #22

Full Changelog: v2.4.2...v2.5.0

Contributors

YaraslauZhylko
Assets 2
Loading