Merge pull request #455 from supertokens/fix/relax-pyjwt-constraint

Relax `pyJWT` dependency constraint to `2.5.0`

Author: rishabhpoddar

CHANGELOG.md

@@ -8,6 +8,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [unreleased]
 
+## [0.16.5] - 2023-10-23
+
+- Relaxed constraint on `pyJWT` dependency.
+  - This is done because some users face `InvalidSignatureError` when decoding the id token with the latest `pyJWT` version.
+
 ## [0.16.4] - 2023-10-05
 
 - Add `validate_access_token` function to providers

setup.py

@@ -70,7 +70,7 @@
 
 setup(
     name="supertokens_python",
-    version="0.16.4",
+    version="0.16.5",
     author="SuperTokens",
     license="Apache 2.0",
     author_email="[email protected]",
@@ -101,7 +101,7 @@
     install_requires=[
         # [crypto] ensures that it installs the `cryptography` library as well
         # based on constraints specified in https://github.com/jpadilla/pyjwt/blob/master/setup.cfg#L50
-        "PyJWT[crypto]>=2.6.0,<3.0.0",
+        "PyJWT[crypto]>=2.5.0,<3.0.0",
         "httpx>=0.15.0,<0.25.0",
         "pycryptodome==3.10.*",
         "tldextract==3.1.0",

supertokens_python/constants.py

@@ -14,7 +14,7 @@
 from __future__ import annotations
 
 SUPPORTED_CDI_VERSIONS = ["3.0"]
-VERSION = "0.16.4"
+VERSION = "0.16.5"
 TELEMETRY = "/telemetry"
 USER_COUNT = "/users/count"
 USER_DELETE = "/user/remove"