Rajuldev Vandana requested to merge fix/remove-unused-jwt into develop Mar 24, 2026

Merge Request

Overview

This MR removes the unused jwt dependency from the project to eliminate duplication and reduce unnecessary dependency overhead. The project already uses python-jose for JWT operations, making the standalone jwt package redundant.

What does this MR do and why?

fix: remove unused jwt dependency (duplicate of python-jose)

The project had both python-jose and jwt dependencies serving the same purpose.
The codebase exclusively uses python-jose (from jose import jwt) for JWT handling.
Keeping both increases security risk and dependency footprint.
This MR removes the unused jwt package to improve maintainability and reduce attack surface.

Changes Made

Removed jwt>=1.4.0 from pyproject.toml
Verified no usage of import jwt across the codebase
Retained python-jose[cryptography]>=3.3.0 for JWT functionality
Synced environment using uv sync to remove unused dependency

Technical Details

Root Cause: Duplicate dependency (jwt) existed but was not used anywhere in the codebase.
Fix: Removed the redundant dependency after verifying all JWT operations use python-jose.
Ensures consistent and secure JWT handling using a single library.

Type of Change

Related Issues / References

Closes #76 (closed)

Screenshots or Screen Recordings

N/A (Dependency cleanup)

How to Validate Locally

Checkout this branch
Install dependencies:
```
uv sync
```
Verify jwt is removed:
```
pip list | grep jwt
```
Run tests:
```
uv run pytest
```

Testing Done

Unit tests added/updated API endpoint tests passing

Test Commands Run:

uv run pytest tests/test_core/test_auth.py
uv run pytest tests/test_middleware/test_auth_middleware.py
uv run pytest

Edited Mar 24, 2026 by Rajuldev Vandana