Description
There was a change in the 2.10.0 update where passing None to the algorithm parameter in jwt.encode() would result in the algoritm_ class member being set to "HS256" instead of "none".
File: jwt/api_jws.py:118-124
Expected Result
I have a test where I run something like:
def test_token():
token= jwt.encode({"some": "payload"}, key=None, algorithm=None)
...
with pytest.raises(InvalidTokenException):
use_the_token({"access_token": token})This test used to pass with pyjwt version 2.9.0.
Actual Result
After the update to 2.10.0 this test fails.
After investigating, I found that pyjwt sets the algorithm to "HS256" when I set it to None, where before it was set to "none". This means I need to specify algorithm="none" for the test to pass.
Conclusion
I think this change from jwt.encode(..., algorithm=None) to jwt.encode(..., algorithm="none") is a lot less intuitive. If HS256 is going to be a default that's applied when algorithm is specified as None, I think this should also be documented.