Closed JViggiani closed 2 years ago
Hello, this was caused by bad input. On closer inspection the JWT has 5 elements for some strange reason (ie 4 dots). I've no clue why, as we don't control the source of the JWT. But it was fixed by stripping the 3rd and 5th sections and discarding them entirely.
Perhaps the library could be updated to perform a basic check on the number of sections the JWT contains and throwing an exception if it isn't equal to 3? Thanks.
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days
I'm using the PyJWT library to do some decoding of some JWTs in Python 3.9.10 with PyJwt version 2.3.0
I have my JWT as a standard string, which I pass to PyJwt in the following way:
The algorithm in use in this particular instance is "RS256". TENDUKE_JWT_PUBLIC_KEY_DEV is our public key which takes the form:
Firstly, the key appears to have issues when verifying the signature. But this is only test code so for now it doesn't matter too much, and can be disabled in the options above.
The real problem is the following exception printout I get when running this:
As you can see I've added a printout in the PyJWT module code to get the decoded variable:
As you can see, internally it appears to have decided to store the payload as bytes? This presents a problem with the json.loads() call. Am I doing something wrong in the original two line function which could cause this, or should I be doing something there to prevent this? Thanks!