search

jpadilla / pyjwt

JSON Web Token implementation in Python
https://pyjwt.readthedocs.io
MIT License
5.1k stars 682 forks source link

Decoding fails with "Invalid payload string: must be a json object" when the JSON is an array #945

Closed puc9 closed 5 months ago

puc9 commented 7 months ago

Summary.

        try:
            payload = json.loads(decoded["payload"])
        except ValueError as e:
            raise DecodeError(f"Invalid payload string: {e}")
        if not isinstance(payload, dict):
            raise DecodeError("Invalid payload string: must be a json object")
        return payload

This code fails if the payload is an array.

I'm very new to JWT are valid array JSON not supported as payload?

Based on the debugger here https://jwt.io/#debugger-io?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.W3sic3ViIjoiMTIzNDU2Nzg5MCIsIm5hbWUiOiJKb2huIERvZSIsImlhdCI6MTUxNjIzOTAyMn1d.UWfiOz3NZMDUv5T4lw65EhF0lWOTkRVx6izjV4QkXfo it would say that they are?

Expected Result

I would expect to be able to encode and decode JSON arrays in addition to the regular dict

Actual Result

The code only checks for dict

github-actions[bot] commented 5 months ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days