migrate from "python-jose" to "python3-josepy" since it is no longer supported on future releases of debian/ubuntu

.DEBIAN/requirements-bookworm-12.txt

@@ -1,7 +1,7 @@
 # https://packages.debian.org/hu/
 fastapi==0.92.0
 uvicorn[standard]==0.17.6
-python-jose[cryptography]==3.3.0
+josepy==2.0.0
 cryptography==38.0.4
 python-dateutil==2.8.2
 sqlalchemy==1.4.46

.DEBIAN/requirements-ubuntu-24.04.txt

@@ -1,7 +1,7 @@
 # https://packages.ubuntu.com
 fastapi==0.101.0
 uvicorn[standard]==0.27.1
-python-jose[cryptography]==3.3.0
+josepy==2.0.0
 cryptography==41.0.7
 python-dateutil==2.8.2
 sqlalchemy==1.4.50

.DEBIAN/requirements-ubuntu-24.10.txt

@@ -1,7 +1,7 @@
 # https://packages.ubuntu.com
 fastapi==0.110.3
 uvicorn[standard]==0.30.3
-python-jose[cryptography]==3.3.0
+josepy==2.0.0
 cryptography==42.0.5
 python-dateutil==2.9.0
 sqlalchemy==2.0.32

.PKGBUILD/PKGBUILD

@@ -8,7 +8,7 @@ pkgdesc='NVIDIA DLS server implementation with FastAPI'
 arch=('any')
 url='https://git.collinwebdesigns.de/oscar.krause/fastapi-dls'
 license=('MIT')
-depends=('python' 'python-jose' 'python-starlette' 'python-httpx' 'python-fastapi' 'python-dotenv' 'python-dateutil' 'python-sqlalchemy' 'python-cryptography' 'uvicorn' 'python-markdown' 'openssl')
+depends=('python' 'python3-josepy' 'python-starlette' 'python-httpx' 'python-fastapi' 'python-dotenv' 'python-dateutil' 'python-sqlalchemy' 'python-cryptography' 'uvicorn' 'python-markdown' 'openssl')
 provider=("$pkgname")
 install="$pkgname.install"
 backup=('etc/default/fastapi-dls')

.gitlab-ci.yml

@@ -172,12 +172,12 @@ test:apt:
   parallel:
     matrix:
       - IMAGE:
-          # - debian:trixie-slim # EOL: t.b.a.; "python3-jose" not available, but "python3-josepy"
-          - debian:bookworm-slim # EOL: June 06, 2026
+          - debian:trixie-slim # EOL: t.b.a.; "python3-jose" not available, but "python3-josepy"
           - debian:bookworm-slim # EOL: June 06, 2026
+          - debian:bullseye-slim # EOL: June 06, 2026
           - ubuntu:24.04 # EOL: April 2036
-          # - ubuntu:24.10 # EOL: t.b.a.; "python3-jose" not available, but "python3-josepy"
-          # - ubuntu:25.04 # EOL: t.b.a.; "python3-jose" not available, but "python3-josepy"
+          - ubuntu:24.10 # EOL: t.b.a.; "python3-jose" not available, but "python3-josepy"
+          - ubuntu:25.04 # EOL: t.b.a.; "python3-jose" not available, but "python3-josepy"
   needs:
     - job: build:apt
       artifacts: true

README.md

@@ -336,10 +336,7 @@ Successful tested with (**LTS Version**):
 
 Not working with:
 
-- Debian 11 (Bullseye) and lower (missing `python-jose` dependency)
-- Debian 13 (Trixie) (missing `python-jose` dependency)
 - Ubuntu 22.04 (Jammy Jellyfish) (not supported as for 15.01.2023 due to [fastapi - uvicorn version missmatch](https://bugs.launchpad.net/ubuntu/+source/fastapi/+bug/1970557))
-- Ubuntu 24.10 (Oracular Oriole) (missing `python-jose` dependency)
 
 **Run this on your server instance**
 

app/main.py

@@ -15,8 +15,7 @@ from dotenv import load_dotenv
 from fastapi import FastAPI
 from fastapi.requests import Request
 from fastapi.responses import Response, RedirectResponse, StreamingResponse
-from jose import jws, jwk, jwt, JWTError
-from jose.constants import ALGORITHMS
+from josepy import jws, jwk, RS256
 from sqlalchemy import create_engine
 from sqlalchemy.orm import sessionmaker
 from starlette.middleware.cors import CORSMiddleware
@@ -63,8 +62,8 @@ my_si_certificate = Cert.from_file(ca_setup.si_certificate_filename)
 my_si_private_key = PrivateKey.from_file(ca_setup.si_private_key_filename)
 my_si_public_key = my_si_private_key.public_key()
 
-jwt_encode_key = jwk.construct(my_si_private_key.pem(), algorithm=ALGORITHMS.RS256)
-jwt_decode_key = jwk.construct(my_si_private_key.public_key().pem(), algorithm=ALGORITHMS.RS256)
+jwt_encode_key = jwk.JWK.load(my_si_private_key.pem())
+jwt_decode_key = jwk.JWK.load(my_si_private_key.public_key().pem())
 
 # Logging
 LOG_LEVEL = logging.DEBUG if DEBUG else logging.INFO
@@ -114,7 +113,11 @@ app.add_middleware(
 def __get_token(request: Request) -> dict:
     authorization_header = request.headers.get('authorization')
     token = authorization_header.split(' ')[1]
-    return jwt.decode(token=token, key=jwt_decode_key, algorithms=ALGORITHMS.RS256, options={'verify_aud': False})
+
+    # return jwt.decode(token=token, key=jwt_decode_key, algorithms=ALGORITHMS.RS256, options={'verify_aud': False})
+    _ = jws.Signature()
+    _.verify(payload=token.encode('utf-8'), key=jwt_decode_key)
+    return _.to_partial_json()
 
 
 # Endpoints
@@ -295,9 +298,12 @@ async def _client_token():
         },
     }
 
-    content = jws.sign(payload, key=jwt_encode_key, headers=None, algorithm=ALGORITHMS.RS256)
+    # content = jws.sign(payload, key=jwt_encode_key, headers=None, algorithm=ALGORITHMS.RS256)
+    payload = json_dumps(payload).encode('utf-8')
+    content = jws.Signature.sign(payload=payload, key=jwt_encode_key, alg=RS256, include_jwk=False)
 
-    response = StreamingResponse(iter([content]), media_type="text/plain")
+    # response = StreamingResponse(iter([content]), media_type="text/plain")
+    response = StreamingResponse(iter(content), media_type="text/plain")
     filename = f'client_configuration_token_{datetime.now().strftime("%d-%m-%y-%H-%M-%S")}.tok'
     response.headers["Content-Disposition"] = f'attachment; filename={filename}'
 
@@ -386,7 +392,9 @@ async def auth_v1_code(request: Request):
         'kid': SITE_KEY_XID
     }
 
-    auth_code = jws.sign(payload, key=jwt_encode_key, headers={'kid': payload.get('kid')}, algorithm=ALGORITHMS.RS256)
+    # auth_code = jws.sign(payload, key=jwt_encode_key, headers={'kid': payload.get('kid')}, algorithm=ALGORITHMS.RS256)
+    payload = json_dumps(payload).encode('utf-8')
+    auth_code = jws.Signature.sign(payload=payload, key=jwt_encode_key, alg=RS256, include_jwk=True)
 
     response = {
         "auth_code": auth_code,

requirements.txt

@@ -1,6 +1,6 @@
 fastapi==0.115.12
 uvicorn[standard]==0.34.2
-python-jose[cryptography]==3.4.0
+josepy==2.0.0
 cryptography==44.0.3
 python-dateutil==2.9.0
 sqlalchemy==2.0.41