chore: Update PyJWT dependency

* Update pinned dep fromm 1.7.1 to 2.0.1
* Updated usages as per changelog

ref: https://python.libhunt.com/pyjwt-changelog

frappe/oauth.py

@@ -486,6 +486,7 @@ class OAuthWebRequestValidator(RequestValidator):
 				user = None
 				payload = jwt.decode(
 					id_token_hint,
+					algorithms=["HS256"],
 					options={
 						"verify_signature": False,
 						"verify_aud": False,
@@ -508,7 +509,7 @@ class OAuthWebRequestValidator(RequestValidator):
 						id_token_hint,
 						key=client_secret,
 						audience=client_id,
-						algorithm="HS256",
+						algorithms=["HS256"],
 						options={
 							"verify_exp": False,
 						},

frappe/tests/test_oauth20.py

@@ -302,7 +302,7 @@ class TestOAuth20(unittest.TestCase):
 			id_token,
 			audience=client.client_id,
 			key=client.client_secret,
-			algorithm="HS256",
+			algorithms=["HS256"],
 		)
 
 		self.assertTrue(payload.get("nonce") == nonce)

frappe/utils/oauth.py

@@ -134,7 +134,7 @@ def get_info_via_oauth(provider, code, decoder=None, id_token=False):
 
 		token = parsed_access['id_token']
 
-		info = jwt.decode(token, flow.client_secret, verify=False)
+		info = jwt.decode(token, flow.client_secret, options={"verify_signature": False})
 	else:
 		api_endpoint = oauth2_providers[provider].get("api_endpoint")
 		api_endpoint_args = oauth2_providers[provider].get("api_endpoint_args")

requirements.txt

@@ -43,7 +43,7 @@ psutil~=5.8.0
 psycopg2-binary~=2.8.6
 pyasn1~=0.4.8
 pycryptodome~=3.10.1
-PyJWT~=1.7.1
+PyJWT~=2.0.1
 PyMySQL~=1.0.2
 pyngrok~=5.0.5
 pyOpenSSL~=20.0.1