validate_jwt method using incorrect header

warchiefx commented 5 years ago

The validate_jwt method is passing an authorization header with _jwt as the token type, which is invalid as FusionAuth expects this to be JWT and thus always returns a 401 response. Replacing these here makes validation work (returns a 200 with the expected data).

This might be affecting other endpoints as well, as I see several other places where this pattern is used.

cperrin88 commented 4 years ago

This is a regression. In 1.7.2 it works as expected.

robotdan commented 4 years ago

Thanks for letting us know. I think this is fixed in the latest (non GA) version.

https://pypi.org/project/fusionauth-client/#history

    def validate_jwt(self, encoded_jwt):
        """
        Validates the provided JWT (encoded JWT string) to ensure the token is valid. A valid access token is properly
        signed and not expired.
        <p>
        This API may be used to verify the JWT as well as decode the encoded JWT into human readable identity claims.

        Attributes:
            encoded_jwt: The encoded JWT (access token).
        """
        return self.start().uri('/api/jwt/validate') \
            .authorization("JWT " + encoded_jwt) \
            .get() \
            .go()

warchiefx commented 4 years ago

Nice! Will check on next release :)

FusionAuth / fusionauth-python-client

validate_jwt method using incorrect header #4