v0.4.1

• [Fix] Invalid validation of audience claim. #72
• [Enhancement] Verify that decoded header and payload are JSON objects. #66
• [Enhancement] Use constant time string comparison routine from hmac module. #64
• [Enhancement] Add base exception InvalidTokenError for invalid tokens. #60
• [Enhancement] Allow datetime.timedelta for leeway argument. #56

Pending Deprecation

The following exceptions have been marked for deprecation in favor of a renamed one to follow a better convention and will be removed in the next major version release.

• ExpiredSignature will be deprecated in favor of ExpiredSignatureError.
• InvalidAudience will be deprecated in favor of InvalidAudienceError.
• InvalidIssuer will be deprecated in favor of InvalidIssuerError.

Thanks to @mark-adams and @wbolster for all the work and feedback that went into this release.

v0.4.0

Switch from PyCrypto to cryptography.

PR: #51 by @mark-adams

v0.3.2

Allow using a custom JSON encoder in jwt.encode()

PR #49 by @defyrlt
Ref #37

Example

import json
import decimal
import jwt


class CustomJSONEncoder(json.JSONEncoder):
    def default(self, o):
        if isinstance(o, decimal.Decimal):
            return float(o)
        return super(CustomJSONEncoder, self).default(o)

data = {
    'some_decimal': decimal.Decimal('2.2')
}

token = jwt.encode(data, 'secret', json_encoder=CustomJSONEncoder)

v0.3.1

• Let header() support unicode input, like decode(). #48

0.3.0

• Add support for the "nbf" (Not Before) Claim by @skion.
• Add support for encoding Plaintext JWTs (decode them with verify=False) by @skion.
• Add support for Elliptic Curve signatures (ES256 / ES384 / ES512) by @sullivanmatt.
• Fix import and reference of datetime functions in README by @glarrain.
• Add support for the "aud" (Audience) Claim.
• Add support for the "iss" (Issuer) Claim.

0.2.3

• Allow keys of type "bytes" in Python 3 by @cjlarose

0.2.0

Bump up version to 0.2.0 #31