Okta-jwt-verifier Python Alternative or Fix?

It appears this library is no longer actively maintained (last commits in Nov 2021). Does Okta have a recommended library for Python JWT verification?

Otherwise, it would be great if the library could be updated, particularly due to the vulnerability with the py package – which is a dependency of retry – that’s causing Mend security check failures.


Looks like a PR has been opened (not by me) to remediate.


Hi @hmaag, I believe this is still maintained by Okta (albeit not actively apparently). I will bring this up internally to see if we can get that PR merged. In the mean time, you could replace the retry dep to retry2 locally.

1 Like

Thank you for bringing this up internally, @dawoudt!

Replacing the retry dep with retry2 seems to work for my use case locally. That said, repos with Mend branch protection will still fail due to the transitive dependency until it’s updated on Okta’s end. For reference:

Wow, very quick response from you and your team, @dawoudt. That PR was approved/merged shortly before my last reply. Looks like we’re all set!

Screenshot 2023-05-03 080122

Thank you for your help and the quick assistance. Much appreciated!

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.