Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
No way to decode headers
See original GitHub issueThere seems to be no (public) method to decode a token’s headers - we need this for our use-case. I’m now relying on using the private _load method of the PyJWT class, which is suboptimal at best.
Would you mind me opening a PR with a new public method that just encapsulates that call to _load, returning only the headers? Something like jwt.decode_headers(token)?
Issue Analytics
- State:
- Created 7 years ago
- Comments:5 (4 by maintainers)
Top Results From Across the Web
How to decrypt `.signed` when the encrypted value is found in ...
With debugger I get a value for request.headers["HTTP_USER_EMAIL"] of "Im9yZ29utcGxlLmNvbSI=--37ddc725d139f86095ae839012c31a14e" . So the encrypted value is ...
Read more >how to avoid decode in https.get ? · Issue #894 · encode/httpx
Question How to get content avoid decode? ... you looking for a way to get around it? Currently there's no way to bypass...
Read more >Decrypting usenet headers - Hashcat
I am trying to decode some of the headers from some posters on usenet, to determine if they post from the same host....
Read more >Content-Encoding - HTTP - MDN Web Docs
The Content-Encoding representation header lists any encodings that have been applied to the representation (message payload), and in what ...
Read more >Decrypt a Header in Apache (HTTPD) - Server Fault
The data in the encrypted header is being used to validate aspects of the client. I can see how this can be done...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Hi @dgn,
This is actually a pretty common issue since many consumers want to look up a particular key or shared secret to use when verifying the JWT and the easiest way to include that information is via a header parameter.
There is already a public API to do what you are probably looking for. You can use the
jwt.get_unverified_header(token)method to retrieve the values parsed from the header. The method simply takes the header portion of the JWT from the token and returns a dictionary of the values contained in the header. Please observe caution when using this method since it parses and returns the header values without validating the signature. As a result, you should always make sure that you either reject the token based on the information in the header or continue processing it withjwt.decode()to ensure that signature validation takes place.Hope that helps!
@mark-adams Pull request submitted with updated docs. #350