Closed EnriGaci closed 5 months ago
Summary.
I want to test that my application is failing when it is trying to validate a token signed with the wrong algorithm. Since this line #https://github.com/jpadilla/pyjwt/blob/f86b8b6ce670e40f1ef037b70ac6b4c682e8ac6f/jwt/api_jws.py#L118 overwrites the algorithm parameter I pass, it is makes it impossible to do this and invalidates the existence of the algorithm parameter.
My use case is this
The token generated to be encoded with algorithm="HS256"
The token generated is encoded with "RS256"
secrete_key = "some_secret" jwt.encode({"name1":"value1"}, secret_key.encode('utf-8'), algorithm="HS256", headers={'alg': "RS256"})
$ python -m jwt.help
{ "cryptography": { "version": "42.0.2" }, "implementation": { "name": "CPython", "version": "3.7.6" }, "platform": { "release": "10", "system": "Windows" }, "pyjwt": { "version": "2.8.0" } }
This command is only available on PyJWT v1.6.3 and greater. Otherwise, please provide some basic information about your system.
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days
Summary.
I want to test that my application is failing when it is trying to validate a token signed with the wrong algorithm. Since this line #https://github.com/jpadilla/pyjwt/blob/f86b8b6ce670e40f1ef037b70ac6b4c682e8ac6f/jwt/api_jws.py#L118 overwrites the algorithm parameter I pass, it is makes it impossible to do this and invalidates the existence of the algorithm parameter.
My use case is this
Expected Result
The token generated to be encoded with algorithm="HS256"
Actual Result
The token generated is encoded with "RS256"
Reproduction Steps
System Information
This command is only available on PyJWT v1.6.3 and greater. Otherwise, please provide some basic information about your system.