jpadilla · auvipy · Dec 8, 2022 · Nov 28, 2022 · Nov 28, 2022 · Nov 30, 2022
diff --git a/jwt/api_jws.py b/jwt/api_jws.py
@@ -101,6 +101,7 @@ def encode(
         headers: dict[str, Any] | None = None,
         json_encoder: Type[json.JSONEncoder] | None = None,
         is_payload_detached: bool = False,
+        sort_headers: bool = True,
     ) -> str:
         segments = []
 
@@ -135,7 +136,7 @@ def encode(
 
         # Fix for headers misorder - issue #715
         json_header = json.dumps(
-            header, separators=(",", ":"), cls=json_encoder, sort_keys=True
+            header, separators=(",", ":"), cls=json_encoder, sort_keys=sort_headers
         ).encode()
 
         segments.append(base64url_encode(json_header))

diff --git a/jwt/api_jwt.py b/jwt/api_jwt.py
@@ -45,6 +45,7 @@ def encode(
         algorithm: Optional[str] = "HS256",
         headers: Optional[Dict[str, Any]] = None,
         json_encoder: Optional[Type[json.JSONEncoder]] = None,
+        sort_headers: bool = True,
     ) -> str:
         # Check that we get a mapping
         if not isinstance(payload, Mapping):
@@ -64,7 +65,14 @@ def encode(
             payload, separators=(",", ":"), cls=json_encoder
         ).encode("utf-8")
 
-        return api_jws.encode(json_payload, key, algorithm, headers, json_encoder)
+        return api_jws.encode(
+            json_payload,
+            key,
+            algorithm,
+            headers,
+            json_encoder,
+            sort_headers=sort_headers,
+        )
 
     def decode_complete(
         self,

diff --git a/tests/test_api_jws.py b/tests/test_api_jws.py
@@ -414,6 +414,22 @@ def test_bytes_secret(self, jws, payload):
 
         assert decoded_payload == payload
 
+    def test_sorting_headers(self, jws, payload):
+        secret = "\xc2"
+        encoded_without_sorting = jws.encode(payload, secret, sort_headers=False)
+        encoded_with_sorting = jws.encode(payload, secret, sort_headers=True)
+
+        assert encoded_with_sorting != encoded_without_sorting
+
+        decoded_without_sorting = jws.decode(
+            encoded_without_sorting, secret, algorithms=["HS256"]
+        )
+        decoded_with_sorting = jws.decode(
+            encoded_with_sorting, secret, algorithms=["HS256"]
+        )
+
+        assert decoded_without_sorting == decoded_with_sorting
+
     def test_decode_invalid_header_padding(self, jws):
         example_jws = (
             "aeyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9"