Python quickstart: change recommended library

[helfi92]

For python's quickstart, the docs say to use python-jose-cryptodome rather than python-jose (https://auth0.com/docs/quickstart/backend/python#install-the-dependencies).

That being said, the recommended library doesn't have much GitHub activity and appears to just be a fork of python-jose that changed the vulnerable pycrypto dependency for pycryptodome, but (a) hasn't kept up with python-jose, (b) is now redundant since python-jose has just switched to pycryptodome too (mpdavis/python-jose@98406bc).

However looking at https://jwt.io/#libraries-io there appears to be yet another JWT option that's much more popular/active than python-jose:
https://github.com/jpadilla/pyjwt/

As such, would it be possible to make a change to the recommended library. Which of python-jose and PyJWT would be best for long term reliability?

Thanks!

[helfi92]

Hi @aaguiarz. Is this something you would be able to advise here? Thanks.

[RacingTadpole]

Also python-jose-cryptodome is pinned to an older version of pycryptodome (whereas python-jose is not) - see capless/python-jose-cryptodome#2

[edmorley]

Friendly ping? :-)

[tm9k1]

lol why did I get the mail?

[cocojoe]

@albertoperdomo raising for visibility