Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error messages should reference a generic signed token, not specifically the ID token #286

Closed
bradydean opened this issue Aug 19, 2021 · 1 comment · Fixed by #295
Closed

Error messages should reference a generic signed token, not specifically the ID token #286

bradydean opened this issue Aug 19, 2021 · 1 comment · Fixed by #295
Assignees
@lbalmaceda
Labels
waiting for customer This issue is waiting for a response from the issue or PR author

Comments

@bradydean
Copy link

The SignatureVerifier class is used to verify any signed token, not just ID tokens.
I think the error messages should reflect that.

auth0-python/auth0/v3/authentication/token_verifier.py

Lines 58 to 67 in f6925b6

try:
header = jwt.get_unverified_header(token)
except jwt.exceptions.DecodeError:
raise TokenValidationError("ID token could not be decoded.")
alg = header.get('alg', None)
if alg != self._algorithm:
raise TokenValidationError(
'Signature algorithm of "{}" is not supported. Expected the ID token '
'to be signed with "{}"'.format(alg, self._algorithm))

@lbalmaceda
Copy link
Contributor

Thanks, I agree with the proposed changes. Is that something you'd like to contribute with your own PR? Otherwise, we can take it. It would imply updating the exception messages to use "token" instead of "ID token", and probably fix the tests that are checking those messages.

Let me know.

@lbalmaceda lbalmaceda added the waiting for customer This issue is waiting for a response from the issue or PR author label Oct 5, 2021
@lbalmaceda lbalmaceda mentioned this issue Oct 18, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lbalmaceda lbalmaceda

Labels
waiting for customer This issue is waiting for a response from the issue or PR author
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove references to ID token in generic token classes auth0/auth0-python
2 participants
@lbalmaceda @bradydean