We use okta-jwt-verifier (python) for OAuth token verification. There is an open issue on the GitHub page regarding this vulnerability but no response from the maintainers as of this time. Is there any plan to replace the dependency on python-jose? This library is recommend in the Developer docs.
Sorry for the delay on this. Engineering is aware of this and we’ve added work to address this vulnerability to our roadmap. I’ll look to update this thread when we have progress updates available.