A vulnerability has been found in the ecdsa dependency which will not be patched in the python-jose package. python-jose seems to be abandoned. Other people are also encountering these security issues.

I suggest to update authenticating-users/main.py to not use this insecure package. A commonly used alternative is PyJWT.