algorithm parameter must be specified as "none" instead of None

[alexburuiana]

There was a change in the 2.10.0 update where passing None to the algorithm parameter in jwt.encode() would result in the algoritm_ class member being set to "HS256" instead of "none".

File: jwt/api_jws.py:118-124

Expected Result

I have a test where I run something like:

def test_token():
    token= jwt.encode({"some": "payload"}, key=None, algorithm=None)

    ...

    with pytest.raises(InvalidTokenException):
        use_the_token({"access_token": token})

This test used to pass with pyjwt version 2.9.0.

Actual Result

After the update to 2.10.0 this test fails.

After investigating, I found that pyjwt sets the algorithm to "HS256" when I set it to None, where before it was set to "none". This means I need to specify algorithm="none" for the test to pass.

Conclusion

I think this change from jwt.encode(..., algorithm=None) to jwt.encode(..., algorithm="none") is a lot less intuitive. If HS256 is going to be a default that's applied when algorithm is specified as None, I think this should also be documented.

[qqii]

This seems to come from #979.

[qqii]

This change was documented as part of v2.10.0 in the changelog: https://github.com/jpadilla/pyjwt/blob/3ebbb22f30f2b1b41727b269a08b427e9a85d6bb/CHANGELOG.rst#v2100

[rayluo]

After the update to 2.10.0 this test fails.

After investigating, I found that pyjwt sets the algorithm to "HS256" when I set it to None, where before it was set to "none". This means I need to specify algorithm="none" for the test to pass.

I ran into the same issue. This is effectively a breaking change that should have been shipped with a major version bump.