From 0e2a1e71ea7274fc472efa59fedf4bfeac51317b Mon Sep 17 00:00:00 2001
From: byrman <carsten.byrman@nelen-schuurmans.nl>
Date: Wed, 25 Oct 2023 10:00:39 +0200
Subject: [PATCH] Use JsonWebKey directly (#81)

---
 CHANGES.rst                 | 3 ++-
 nens_auth_client/cognito.py | 7 ++++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 341cd61..6d4c0e6 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -5,7 +5,8 @@ Changelog of nens-auth-client
 1.3 (unreleased)
 ----------------
 
-- Nothing changed yet.
+- Fixed deprecation warning by using JsonWebKey directly instead of calling
+  jwk.loads.
 
 
 1.2 (2023-03-20)
diff --git a/nens_auth_client/cognito.py b/nens_auth_client/cognito.py
index 8864440..713a3ea 100644
--- a/nens_auth_client/cognito.py
+++ b/nens_auth_client/cognito.py
@@ -1,6 +1,6 @@
 from authlib.integrations.django_client import DjangoOAuth2App
+from authlib.jose import JsonWebKey
 from authlib.jose import JsonWebToken
-from authlib.jose import jwk
 from django.conf import settings
 from django.http.response import HttpResponseRedirect
 from urllib.parse import urlencode
@@ -118,12 +118,13 @@ def parse_access_token(self, token, claims_options=None, leeway=120):
         # this is a copy from the _parse_id_token equivalent function
         def load_key(header, payload):
             jwk_set = self.fetch_jwk_set()
+            kid = header.get("kid")
             try:
-                return jwk.loads(jwk_set, header.get("kid"))
+                return JsonWebKey.import_key_set(jwk_set).find_by_kid(kid)
             except ValueError:
                 # re-try with new jwk set
                 jwk_set = self.fetch_jwk_set(force=True)
-                return jwk.loads(jwk_set, header.get("kid"))
+                return JsonWebKey.import_key_set(jwk_set).find_by_kid(kid)
 
         metadata = self.load_server_metadata()
         claims_options = {