Skip to content

[compat] finalize json_encoder parity for #3#10

Draft
StatPan wants to merge 2 commits into
mainfrom
issue-3-json-encoder-parity
Draft

[compat] finalize json_encoder parity for #3#10
StatPan wants to merge 2 commits into
mainfrom
issue-3-json-encoder-parity

Conversation

@StatPan
Copy link
Copy Markdown
Owner

@StatPan StatPan commented Apr 21, 2026

Summary

  • add regression coverage for json_encoder parity in both JWT payload and JWS header paths
  • lock down that custom encoders do not bypass existing kid validation
  • mark the compatibility checklist item complete and bump the distribution version to 1.2.1

Why

Issue #3 tracked json_encoder parity as still partial. The implementation path already matched upstream in practice, but the edge-case coverage was not strong enough to treat that behavior as fixed and publicly complete.

Impact

  • custom payload values remain encoded correctly after datetime claim normalization
  • custom header values use the same encoder path as upstream PyJWT
  • invalid kid values still fail before any custom encoder can hide the type mismatch

Validation

  • uv run pytest -q tests/test_upstream_api_jwt.py tests/test_upstream_api_jws.py
  • uv run python scripts/pytest_gate.py

Related: #3

gemini-code-assist[bot]
gemini-code-assist Bot reviewed Apr 21, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request increments the version to 1.2.1 and introduces regression tests for json_encoder parity, ensuring that custom payload and header values are correctly encoded and that kid validation is not bypassed. It also updates the compatibility checklist. A review comment identifies that previous unreleased entries in the changelog were accidentally removed and should be restored to maintain a complete release history.

Comment thread CHANGELOG.md Outdated
Comment on lines +13 to +20
### Fixed

- Release workflow now publishes to PyPI via **Trusted Publishing (OIDC)**
instead of the `PYPI_API_TOKEN` fallback that shipped `v1.2.0`. Added
`id-token: write` / `attestations: write` permissions to the publish
job and removed the explicit `password:` argument. The `environment:
pypi` gate is preserved. PEP 740 attestations are produced for every
artifact, which were disabled under the token path.
- Bumped `actions/download-artifact` from `v5` (Node 20) to `v8`
(Node 24) to clear the runner deprecation annotation. All other
actions already run on Node 24.
- Added regression coverage for `json_encoder` parity so custom payload
values still encode correctly after datetime claim normalization, custom
header values use the same encoder path as upstream PyJWT, and `kid`
validation is not bypassed by a custom encoder.
- Marked `json_encoder` compatibility as complete in
`COMPATIBILITY_CHECKLIST.md`.
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot Apr 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The previous entries in the [Unreleased] section (regarding Trusted Publishing and the actions/download-artifact bump) have been removed. These should be preserved so they are included in the next release notes. It appears the ### Changed section was accidentally replaced by ### Fixed instead of being appended to.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@StatPan