jpadilla · carlosjavier84 · Mar 31, 2024 · Apr 9, 2024 · Apr 9, 2024 · Apr 9, 2024
diff --git a/jwt_auth/mixins.py b/jwt_auth/mixins.py
@@ -60,7 +60,7 @@ def authenticate(self, request):
 
         try:
             payload = jwt_decode_handler(auth[1])
-        except jwt.ExpiredSignature:
+        except jwt.ExpiredSignatureError:
             msg = 'Signature has expired.'
             raise exceptions.AuthenticationFailed(msg)
         except jwt.DecodeError:

diff --git a/jwt_auth/utils.py b/jwt_auth/utils.py
@@ -36,20 +36,21 @@ def jwt_encode_handler(payload):
         payload,
         settings.JWT_SECRET_KEY,
         settings.JWT_ALGORITHM
-    ).decode('utf-8')
+    )
 
 
 def jwt_decode_handler(token):
     from jwt_auth import settings
 
     options = {
         'verify_exp': settings.JWT_VERIFY_EXPIRATION,
+        'verify_signature': settings.JWT_VERIFY
     }
 
     return jwt.decode(
         token,
         settings.JWT_SECRET_KEY,
-        settings.JWT_VERIFY,
+        algorithms=[settings.JWT_ALGORITHM],
         options=options,
         leeway=settings.JWT_LEEWAY
     )

diff --git a/requirements.txt b/requirements.txt
@@ -1 +1 @@
-PyJWT>=1.4.0,<2.0.0
+PyJWT>=1.4.0,<=2.5.0