Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
jwt.encode produces not constant JWT header in Python 3
See original GitHub issueAfter updating to 1.0.0 I found some inconsistency: When running the following test:
def test_encode_jwt():
import jwt
from sys import version_info
claims_set = {
'sub': 'user'
}
key = 'secret'
token = jwt.encode(claims_set, key)
if version_info >= (3, 0, 0):
token = token.decode(encoding='UTF-8')
assert token == 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyIn0.' \
'8jVjALlPRYpE03sMD8kuqG9D4RSih5NjiISNZ-wO3oY'
In Python 2.7 this test passes always. In Python 3.4 this test sometimes passes and sometimes not. The reason is, that in Python 3 jwt.encode sometimes produce a header like:
{
"alg": "HS256",
"typ": "JWT"
}
This is the same like in Python 2.
But sometimes it produces a header like:
{
"typ": "JWT",
"alg": "HS256"
}
I didn’t find out why this happens.
Regards, Henri
Issue Analytics
- State:
- Created 9 years ago
- Comments:5 (2 by maintainers)
Top Results From Across the Web
JWT: 'module' object has no attribute 'encode' - python
I got the following error "attributeerror module 'jwt' has no attribute 'get unverified header' ". Then i removed jwt and installed PyJWT and...
Read more >Usage Examples — PyJWT 2.6.0 documentation
RSA encoding and decoding require the cryptography module. See Cryptographic Dependencies ... Some APIs require you to read a JWT header without validation....
Read more >How to Handle JWTs in Python
Learn how to create, encode, parse, decode and verify your JWTs in Python using PyJWT.
Read more >JWT: The Complete Guide to JSON Web Tokens
A Step-by-Step Guide for learning JSON Web Tokens, including signatures, single page web application User Authentication and Session ...
Read more >JSON Web Tokens with Public Key Signatures - Miguel Grinberg
You should never write sensitive data in a JWT, because there is no encryption. This seemingly random sequence of characters that you see...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
We have a 3rd party integration that hardcoded the order of the keys 😦. I’m glad I was validated here though by you guys confirming that the order doesn’t matter and isn’t specified in the RFC either.
I understand. So I will close this issue.