fastapi-jwt should have other jwt backends besides python-jose. Authlib seems a good candidate. #40
Description
Hello @k4black,
First, I would like to thank you for your project. I sincerely believe that this project should be merged into the main branch of fastapi.
Now, I think fastapi-jwt should either deprecate python-jose and/or offer an alternative.
python-jose did not received a new release since 2021, and the last commit was 10 month ago. A lot of people are worried about the safety of this repo now:
- New version?🤔 mpdavis/python-jose#332
- Is python-jose still supported? mpdavis/python-jose#340
- Vulnerability on dependency (ecdsa), not planned to be fixed mpdavis/python-jose#341
I think fastapi-jwt offers a lot, I don't want to manually code a jwt handler everytime I start a new project with fastapi like the doc of fastapi suggest. So I would suggest to create a JWT Backend mechanism to support at least authlib (which is heavily maintained). I think PyJWT could be a third option. fastapi-jwt should be generic enough to have custom JWT implementation defined by the user if necessary.
I have a PR coming, but I wanted to create an issue first to explain why I think this feature is mandatory.
Kind regards,