Maybe a bug about NoneAlgorithm

yingzhuo commented 2 years ago

Hi!

I noticed that NoneAlgorithm's method 'verify' always return a False.
It's cannot verify empty signature. But can generate a empty signature.

I have to register another to do so. Is it a bug?

Thanks!

import jwt
from jwt import algorithms, register_algorithm, unregister_algorithm

class MyNoneAlg(algorithms.NoneAlgorithm):
    def verify(self, msg, key, sig):
        return True

    @staticmethod
    def to_jwk(key_obj):
        pass

    @staticmethod
    def from_jwk(jwk):
        pass

if __name__ == '__main__':
    unregister_algorithm('none')
    register_algorithm('none', MyNoneAlg())  # register MyNoneAlgorithm to verify empty signature

    payload = {"some": "payload", "aud": ["urn:foo", "urn:bar"]}

    alg_name = 'none'

    token = jwt.encode(payload, None, algorithm=alg_name)
    print(token)

    print('-' * 80)

    decoded = jwt.decode(token, None, audience="urn:foo", algorithms=[alg_name])
    print(decoded)

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

MartinNowak commented 2 months ago

Dup of https://github.com/jpadilla/pyjwt/issues/83

jpadilla / pyjwt

Maybe a bug about NoneAlgorithm #795