From 6761ac6d8af5fbf2a22574da228c5d62ddbcdf94 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9my=20HUBSCHER?= <hubscher.remy@gmail.com>
Date: Tue, 28 May 2024 14:33:02 +0200
Subject: [PATCH] Use PyJWT instead of python-jose

---
 intuitlib/utils.py | 11 ++++-------
 requirements.txt   |  2 +-
 setup.py           |  2 +-
 3 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/intuitlib/utils.py b/intuitlib/utils.py
index 68dddac..7080d98 100644
--- a/intuitlib/utils.py
+++ b/intuitlib/utils.py
@@ -20,11 +20,10 @@
 from datetime import datetime
 import random
 import string
-from jose import jwk
 import requests
 from requests.sessions import Session
 import six
-from requests_oauthlib import OAuth1
+from jwt import PyJWKSet
 
 
 from intuitlib.enums import Scopes
@@ -165,9 +164,8 @@ def validate_id_token(id_token, client_id, intuit_issuer, jwk_uri):
         return False
 
     message = id_token_parts[0] + '.' + id_token_parts[1]
-    keys_dict = get_jwk(id_token_header['kid'], jwk_uri)
+    public_key = get_jwk(id_token_header['kid'], jwk_uri)
 
-    public_key = jwk.construct(keys_dict)
     is_signature_valid = public_key.verify(message.encode('utf-8'), id_token_signature)
     return is_signature_valid
 
@@ -178,15 +176,14 @@ def get_jwk(kid, jwk_uri):
     :param jwk_uri: JWK URI
 
     :raises HTTPError: if response status != 200
-    :return: dict containing keys
+    :return: Algorithm with the key loaded.
     """
 
     response = requests.get(jwk_uri)
     if response.status_code != 200:
         raise AuthClientError(response)
     data = response.json()
-    keys = next(key for key in data["keys"] if key['kid'] == kid)
-    return keys
+    return PyJWKSet.from_dict(data)[kid]
 
 def _correct_padding(val):
     """Correct padding for JWT
diff --git a/requirements.txt b/requirements.txt
index e0f41ba..a5c2d2c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,3 @@
-python_jose>=2.0.2
 requests>=2.13.0
 mock>=2.0.0
 requests_oauthlib>=1.0.0
@@ -8,3 +7,4 @@ pytest>=3.8.0
 pytest-cov==2.5.0
 six>=1.10.0
 enum-compat
+pyjwt
diff --git a/setup.py b/setup.py
index 8d030be..19b0451 100644
--- a/setup.py
+++ b/setup.py
@@ -30,7 +30,7 @@
     packages=find_packages(exclude=('tests*',)),
     namespace_packages=('intuitlib',),
     install_requires=[
-        'python_jose>=2.0.2',
+        'pyjwt',
         'requests>=2.13.0',
         'requests_oauthlib>=1.0.0',
         'six>=1.10.0',