Authlib provides a little bit of a higher-level abstraction from jwcrypto (it depends on jwcrypto), especially around working with JWT/JSW/JWE (JOSE): https://docs.authlib.org/en/latest/jose/index.html
An added benefit (get it?) is that benefits uses Authlib for its OAuth/OIDC integration, and so already has a dependency on it (as currently the only consumer of this library).
As a first-pass consolidation, we should extract code with as minimal changes as possible from benefits and eligibility-server.
It would also be good to add the configuration to make this a Python package so that benefits and eligibility-server can add it to their requirements.txt.
Devcontainer requirements could be in a requirements.txt file and installed from there.
In the future if we need to worry about pinning dependencies or anything, having them in a requirements.txt allows for Dependabot and other tooling to more easily work with them.
Publishes to Test PyPI when a pre-release is made on the repo
Publishes to PyPI when a release is made on the repo
We'll want to use the @cal-itp-bot account to do this - we'll have to generate an API token for each of Test and regular PyPI using the Bot's account on each, and store in GH secrets in this repo.