Flask-JWT-extended 4.4.4 is not compatible with PyJWT >= 2.6.0

[justinvirtualitics]

After upgrading to PyJWT 2.6.0 (to fix https://github.virtualitics.com/advisories/GHSA-ffqj-6fqr-9h24), the following error occurs when using create_access_token.

File "/opt/app-root/lib/python3.8/site-packages/flask_jwt_extended/utils.py", line 172, in create_access_token

    return jwt_manager._create_access_token(identity, fresh, expires_delta, user_claims,

  File "/opt/app-root/lib/python3.8/site-packages/flask_jwt_extended/jwt_manager.py", line 511, in _create_access_token

    access_token = encode_access_token(

  File "/opt/app-root/lib/python3.8/site-packages/flask_jwt_extended/tokens.py", line 76, in encode_access_token

    return _encode_jwt(token_data, expires_delta, secret, algorithm,

  File "/opt/app-root/lib/python3.8/site-packages/flask_jwt_extended/tokens.py", line 29, in _encode_jwt

    encoded_token = jwt.encode(token_data, secret, algorithm,

AttributeError: 'str' object has no attribute 'decode'

[vimalloc]

I am not able to reproduce this, it seems to be working as expected. Can you provide a complete, minimal, and reproducible example showing this behavior?

Here is my test:

from flask import Flask
from flask import jsonify

from flask_jwt_extended import create_access_token
from flask_jwt_extended import get_jwt_identity
from flask_jwt_extended import jwt_required
from flask_jwt_extended import JWTManager

app = Flask(__name__)

app.config["JWT_SECRET_KEY"] = "super-secret"  # Change this!
jwt = JWTManager(app)

@app.route("/login", methods=["POST"])
def login():
    return jsonify(create_access_token(identity='lily'))

@app.route("/protected", methods=["GET"])
@jwt_required()
def protected():
    current_user = get_jwt_identity()
    return jsonify(logged_in_as=current_user), 200

if __name__ == "__main__":
    app.run()

$ pip freeze | grep -i jwt
Flask-JWT-Extended==4.4.4
PyJWT==2.6.0

$ http POST :5000/login
HTTP/1.1 200 OK
Connection: close
Content-Length: 271
Content-Type: application/json
Date: Thu, 22 Dec 2022 22:31:01 GMT
Server: Werkzeug/2.2.2 Python/3.7.5

"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmcmVzaCI6ZmFsc2UsImlhdCI6MTY3MTc0ODI2MSwianRpIjoiZThhYTg2YTUtMTIzMy00ZTc0LWE3MTgtODdjYTVjZmM3MzhjIiwidHlwZSI6ImFjY2VzcyIsInN1YiI6ImxpbHkiLCJuYmYiOjE2NzE3NDgyNjEsImV4cCI6MTY3MTc0OTE2MX0.crCFmkhq1WJOEIv1ZCH91Tyxs1dUv5tQZmdPeOAFS7c"

$ export JWT="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmcmVzaCI6ZmFsc2UsImlhdCI6MTY3MTc0ODI2MSwianRpIjoiZThhYTg2YTUtMTIzMy00ZTc0LWE3MTgtODdjYTVjZmM3MzhjIiwidHlwZSI6ImFjY2VzcyIsInN1YiI6ImxpbHkiLCJuYmYiOjE2NzE3NDgyNjEsImV4cCI6MTY3MTc0OTE2MX0.crCFmkhq1WJOEIv1ZCH91Tyxs1dUv5tQZmdPeOAFS7c"

$ http :5000/hello Authorization:"Bearer $JWT"
HTTP/1.1 200 OK
Connection: close
Content-Length: 24
Content-Type: application/json
Date: Thu, 22 Dec 2022 22:32:24 GMT
Server: Werkzeug/2.2.2 Python/3.7.5

{
    "logged_in_as": "lily"
}

[kshitiz305]

Hi Team,

I wish to give this issue a try if the team allows, According to me the issue might be due to use of different python versions that has impacted the dependencies leading to a different behaviors in different systems.

[vimalloc]

Hi Team,

I wish to give this issue a try if the team allows,

According to me the issue might be due to use of different python versions that has impacted the dependencies leading to a different behaviors in different systems.

By all means! Thank you! 😊

[negarvahid]

Hi hi! I'm getting the exact same error. Any tips on how to solve it? I'm on python 3.11.1

[vimalloc]

@negarvahid I still haven't been able to reproduce this. I just added python 3.11 to CI runs hoping that would trigger the problem, but everything is still passing there. If you can provide a complete, minimal, and reproducible example, I would be more then happy to dig into it more!

[vimalloc]

Closing, as unable to reproduce.