aiohttp-jwt

• Minor fix for middleware initialization check inside decorators.

• Raise UnAuthorized instead of Forbidden #129. Thanks @rockwelln

• Added preflight (OPTIONS) request skip #139. Thanks @ckkz-it

Switched to new style aiohttp middleware #94 . Thanks @Ranc58

Added issue and audience claims support #80 . Thanks @idegree

• Added auth_scheme option to middleware, that allows customization of authorization header prefix. By default value is Bearer. #77 Thanks @gbarbaten

• Added explicit exception when decorators are used without proper middleware initialization & minor cleaning #85

• Added support for class based views in decorators https://github.com/hzlmn/aiohttp-jwt/issues/52. Thanks @citijk for the report!

• Cleanup a bit project structure

• Fixed issue with non bearer token scheme https://github.com/hzlmn/aiohttp-jwt/issues/14 . Thanks @vikitikitavi

• Added support for checking revoked tokens

  Now users can pass is_revoked callback that should return bool value that indicates token status and in case of True, middleware will raise HTTPForbidden with Token is revoked message.

• Better description for token decoding error.

• Added more usage examples. Thanks @vikitikitavi

• Refactored handling of broken provided token.

• Revisited naming of certain properties and helpers.

  • ONE_OF to match_any
  • ALL_IN to match_all
  • strategy to comparison

• Improved overall code test coverage.

• Introduced check_permissions decorator for providing scope based permission model for your application handlers.

  Permissions should be described as an array of strings inside the JWT token, or as a space-delimited OAuth 2.0 Access Token Scope string.

• Introduced JWT middleware for encoding/verifying your JWT token and setting property on aiohttp.Request object.