Looking for maintainer.

[vimalloc]

It looks like the current author is looking for a maintainer of this software: https://twitter.com/mattupstate/status/790184050640162816. I wrote another jwt flask extension that offers what this extension does, plus some extra goodies on top:

• refresh tokens
• token blacklist
• fresh vs non-fresh tokens, with seperate endpoints only fresh tokens can access
• option to store tokens in cookies and csrf protect the endpoints
• easy way to add additional claims to the jwt

You can view the code here (link to the documentation is in the readme)
https://github.com/vimalloc/flask-jwt-extended

I was thinking of reaching out to the author and trying to merge my extension into this one. However, it might cause some pretty big breaking changes. I could probably alleviate most of them by making sure all the functionality of this extension existed in mine, but marking the breaking changes as depreciated, in order to give users a chance to migrate their code. But before I start looking at that, I was wondering if anyone would actually be interested in this? I would love to get feedback before I offered to start making changes that people may not want.

[dusktreader]

@vimalloc (cc @mattupstate): I've just started on a package that is dependent on flask-jwt called flask-praetorian (https://github.com/dusktreader/flask-praetorian). I am considering adopting flask-jwt if there doesn't seem to be any interest from other folks in taking over maintainership.

[alexykot]

I'm not interested in maintaining this, but I'm pretty interested in having it up to date.
As far as I can see right now this extension is incompatible with current recent flask release (0.12), so I'll have to go look elsewhere or implement it myself. Whoever considers taking over this project - yes, there is interest in it, and I don't mind breaking changes as long as the version number is changed respectively and semver maintained.

[vimalloc]

With how long it has been without contact, I wouldn't hold my breath on this project being maintained again anytime soon. As an alternative, Flask-JWT-Extended is still growing and being maintained if you don't mind how opinionated it is (I'm the author, so I'm of course biased). If you want a way to just use simple JWTs for fast prototyping, at this point I think using pyjwt directly in your application is probably the best way to go.

[dusktreader]

@vimalloc I already have an issue in flask-praetorian to see how well I can transition to flask-jwt-extended. It is pretty opinionated, but if the api is pretty similar and I can use it in a light-weight way, that will work for me

[alexykot]

I've switched to Extended. However for naming simplicity I would very much prefer Extended to take over this project, merge and rebrand into single functional and well supported flask-jwt.

Also, the Extended docs claim that asymmetric algorithms are not currently supported, but practically they actually are supported pretty well by underlying libs and only the Extended itself cannot handle the public/private keypair. I've fixed that, see pull request #40.

[dusktreader]

@vimalloc @alexykot I've elected to switch to using straight up PyJWT in my package flask-praetorian. I agree that flask-jwt-extended should probably just replace this package.