Fix #1193 - deprecated JWT decode. Update to usePyJWT 2.1.0

news/1193.bugfix

@@ -0,0 +1,3 @@
+Fixes deprecated JWT `decode`usage.
+Uses and requires latest PyJWT 2.1.0 now. 
+[jensens] 

setup.py

@@ -82,7 +82,7 @@ def read(filename):
         "plone.behavior>=1.1",  # adds name to behavior directive
         "plone.rest >= 1.0a6",  # json renderer moved to plone.restapi
         "plone.schema >= 1.2.1",  # new/fixed json field
-        "PyJWT",
+        "PyJWT>=2",
         "pytz",
     ],
     extras_require={"test": TEST_REQUIRES},

src/plone/restapi/pas/plugin.py

@@ -160,7 +160,12 @@ def _jwt_decode(self, token, secret, verify=True):
         if isinstance(token, str):
             token = token.encode("utf-8")
         try:
-            return jwt.decode(token, secret, verify=verify, algorithms=["HS256"])
+            return jwt.decode(
+                token,
+                secret,
+                options={"verify_signature": verify},
+                algorithms=["HS256"],
+            )
         except jwt.InvalidTokenError:
             pass
 
@@ -194,7 +199,6 @@ def create_token(self, userid, timeout=None, data=None):
         if data is not None:
             payload.update(data)
         token = jwt.encode(payload, self._signing_secret(), algorithm="HS256")
-        token = token.decode("utf-8")
         if self.store_tokens:
             if self._tokens is None:
                 self._tokens = OOBTree()

versions.cfg

@@ -25,4 +25,7 @@ cffi = 1.14.4
 
 # requirement for json widget tests to pass
 plone.schema = 1.3.0
-plone.dexterity = 2.9.8
+plone.dexterity = 2.9.8
+
+# recent pyjwt 
+pyjwt = 2.1.0