Same call to decode does not work with version 2.0.0 when it does in previous versions #582
Comments
|
Hello PyJWT Team, I'm also facing the same issue, my code perfectly working with version 1.7.1 but not with version 2.0.0. After digging into the code of both versions, I found that the verify argument value does not assign to the verify_signature variable in the new version, because of that my code not working with a new version. The Solution which I found, pass options argument in jwt.decode method with value {"verify_signature": False}. @nwohlgemuth - call jwt.decode in below mention way, may your code work. import jwt
aad_token = "AAD_JWT_TOKEN"
jwt.decode(aad_token, algorithms=['RS256'], options={"verify_signature": False}) |
|
Thanks @jitendra29mishra. I'm updating the changelog to call out some more of these breaking changes in #584 |
|
@jpadilla If support for verify option is being dropped, might be good to give the user an error or warning? |
|
To fix this issue in a way that works with old and new versions: import jwt
aad_token = "AAD_JWT_TOKEN"
jwt.decode(aad_token, verify=False, options={'verify_signature': False}, algorithms=['RS256']) |
|
We had some deprecation warnings, although probably missed some cases #515 I'm ok with this being a breaking change and us bumping major version. |
In previous versions of pyjwt, we used to be able to call decode without specifying "algorithms". Now, it is a required parameter. Even when providing the correct algorithm - or even all algorithms, I am seeing an error. This is being done with Azure Active Directory JWT tokens. It's entirely possible (perhaps even likely) that I'm simply calling decode wrong.
Expected Result
decode runs without error
Actual Result
decode returns the following error:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/jwt/algorithms.py", line 242, in prepare_key
key = load_pem_private_key(key, password=None)
File "/usr/local/lib/python3.6/dist-packages/cryptography/hazmat/primitives/serialization/base.py", line 18, in load_pem_private_key
return backend.load_pem_private_key(data, password)
File "/usr/local/lib/python3.6/dist-packages/cryptography/hazmat/backends/openssl/backend.py", line 1248, in load_pem_private_key
password,
File "/usr/local/lib/python3.6/dist-packages/cryptography/hazmat/backends/openssl/backend.py", line 1475, in _load_key
self._handle_key_loading_error()
File "/usr/local/lib/python3.6/dist-packages/cryptography/hazmat/backends/openssl/backend.py", line 1518, in _handle_key_loading_error
"Could not deserialize key data. The data may be in an "
ValueError: Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.
Reproduction Steps
System Information
{
"cryptography": {
"version": "3.3.1"
},
"implementation": {
"name": "CPython",
"version": "3.6.9"
},
"platform": {
"release": "4.15.0-128-generic",
"system": "Linux"
},
"pyjwt": {
"version": "2.0.0"
}
}
The text was updated successfully, but these errors were encountered: