From 127b1355c1fc42b72c7f19d906285797b830157b Mon Sep 17 00:00:00 2001
From: Ernesto Revilla <ernesto.revilla@gmail.com>
Date: Sat, 28 Nov 2020 14:21:11 +0100
Subject: [PATCH 1/2] Update jwt.py

---
 jose/jwt.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/jose/jwt.py b/jose/jwt.py
index ee3b98d4..d4debb65 100644
--- a/jose/jwt.py
+++ b/jose/jwt.py
@@ -70,8 +70,15 @@ def decode(token, key, algorithms=None, options=None, audience=None,
 
     Args:
         token (str): A signed JWS to be verified.
-        key (str or dict): A key to attempt to verify the payload with. Can be
-            individual JWK or JWK set.
+        key (str or iterable): A key to attempt to verify the payload with.
+            This can be simple string with an individual key (e.g. "a1234"),
+            a tuple or list of keys (e.g. ("a1234...", "b3579"),
+            a JSON string, (e.g. '["a1234", "b3579"]'),
+            a dict with the 'keys' key that gives a tuple or list of keys (e.g {'keys': [...]} ) or
+            a dict or JSON string as defined by RFC 7517 (e.g.
+                {'keys': [{'kty': 'oct', 'k': 'YTEyMzQ'}, {'kty': 'oct', 'k':'YjM1Nzk'}]} or
+                '{"keys": [{"kty":"oct","k":"YTEyMzQ"},{"kty":"oct","k":"YjM1Nzk"}]}'
+            ) in which case the keys must be base64 url safe encoded (with optional padding).
         algorithms (str or list): Valid algorithms that should be used to verify the JWS.
         audience (str): The intended audience of the token.  If the "aud" claim is
             included in the claim set, then the audience must be included and must equal

From 03dd4ced449c14531de89c468258b38109a13410 Mon Sep 17 00:00:00 2001
From: Ernesto Revilla <ernesto.revilla@gmail.com>
Date: Sat, 28 Nov 2020 14:27:35 +0100
Subject: [PATCH 2/2] Update jwt.py

---
 jose/jwt.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jose/jwt.py b/jose/jwt.py
index d4debb65..2174486e 100644
--- a/jose/jwt.py
+++ b/jose/jwt.py
@@ -75,7 +75,7 @@ def decode(token, key, algorithms=None, options=None, audience=None,
             a tuple or list of keys (e.g. ("a1234...", "b3579"),
             a JSON string, (e.g. '["a1234", "b3579"]'),
             a dict with the 'keys' key that gives a tuple or list of keys (e.g {'keys': [...]} ) or
-            a dict or JSON string as defined by RFC 7517 (e.g.
+            a dict or JSON string for a JWK set as defined by RFC 7517 (e.g.
                 {'keys': [{'kty': 'oct', 'k': 'YTEyMzQ'}, {'kty': 'oct', 'k':'YjM1Nzk'}]} or
                 '{"keys": [{"kty":"oct","k":"YTEyMzQ"},{"kty":"oct","k":"YjM1Nzk"}]}'
             ) in which case the keys must be base64 url safe encoded (with optional padding).