Skip to content
This repository has been archived by the owner on Feb 22, 2024. It is now read-only.

Looking for maintainer. #104

Open
vimalloc opened this issue Oct 28, 2016 · 6 comments
Open

Looking for maintainer. #104

vimalloc opened this issue Oct 28, 2016 · 6 comments

Comments

@vimalloc
Copy link

vimalloc commented Oct 28, 2016

It looks like the current author is looking for a maintainer of this software: https://twitter.com/mattupstate/status/790184050640162816. I wrote another jwt flask extension that offers what this extension does, plus some extra goodies on top:

  • refresh tokens
  • token blacklist
  • fresh vs non-fresh tokens, with seperate endpoints only fresh tokens can access
  • option to store tokens in cookies and csrf protect the endpoints
  • easy way to add additional claims to the jwt

You can view the code here (link to the documentation is in the readme)
https://github.com/vimalloc/flask-jwt-extended

I was thinking of reaching out to the author and trying to merge my extension into this one. However, it might cause some pretty big breaking changes. I could probably alleviate most of them by making sure all the functionality of this extension existed in mine, but marking the breaking changes as depreciated, in order to give users a chance to migrate their code. But before I start looking at that, I was wondering if anyone would actually be interested in this? I would love to get feedback before I offered to start making changes that people may not want.

@dusktreader
Copy link

@vimalloc (cc @mattupstate): I've just started on a package that is dependent on flask-jwt called flask-praetorian (https://github.com/dusktreader/flask-praetorian). I am considering adopting flask-jwt if there doesn't seem to be any interest from other folks in taking over maintainership.

@alexykot
Copy link

alexykot commented May 4, 2017

I'm not interested in maintaining this, but I'm pretty interested in having it up to date.
As far as I can see right now this extension is incompatible with current recent flask release (0.12), so I'll have to go look elsewhere or implement it myself. Whoever considers taking over this project - yes, there is interest in it, and I don't mind breaking changes as long as the version number is changed respectively and semver maintained.

@vimalloc
Copy link
Author

vimalloc commented May 4, 2017

With how long it has been without contact, I wouldn't hold my breath on this project being maintained again anytime soon. As an alternative, Flask-JWT-Extended is still growing and being maintained if you don't mind how opinionated it is (I'm the author, so I'm of course biased). If you want a way to just use simple JWTs for fast prototyping, at this point I think using pyjwt directly in your application is probably the best way to go.

@dusktreader
Copy link

@vimalloc I already have an issue in flask-praetorian to see how well I can transition to flask-jwt-extended. It is pretty opinionated, but if the api is pretty similar and I can use it in a light-weight way, that will work for me

@alexykot
Copy link

alexykot commented May 5, 2017

I've switched to Extended. However for naming simplicity I would very much prefer Extended to take over this project, merge and rebrand into single functional and well supported flask-jwt.

Also, the Extended docs claim that asymmetric algorithms are not currently supported, but practically they actually are supported pretty well by underlying libs and only the Extended itself cannot handle the public/private keypair. I've fixed that, see pull request #40.

@dusktreader
Copy link

@vimalloc @alexykot I've elected to switch to using straight up PyJWT in my package flask-praetorian. I agree that flask-jwt-extended should probably just replace this package.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Development

No branches or pull requests

3 participants