-
Notifications
You must be signed in to change notification settings - Fork 29
Header Parameter kid not implemented in the context of verifying , even though check optional is false #13
Comments
Thanks for the heads up. If |
OK I've written a test which fails on a token which has a |
I have a fix too. It's not pretty (it relies on monkey patching diff --git a/jwt/__init__.py b/jwt/__init__.py
index 88ef6e9..aec7e05 100644
--- a/jwt/__init__.py
+++ b/jwt/__init__.py
@@ -2,6 +2,7 @@
Functions for generating and verifying JSON Web Tokens.
"""
+import threading
from datetime import datetime, timedelta
from calendar import timegm
from base64 import urlsafe_b64encode
@@ -17,6 +18,19 @@ jws._signing_input = lambda head, payload, is_json=False: \
map(jws.utils.to_base64 if is_json else jws.utils.encode,
[head, payload])])
+_tls = threading.local()
+
+class _VerifyNotImplemented(jws.header.VerifyNotImplemented):
+ def verify(self):
+ if getattr(_tls, 'checks_optional', False):
+ return self.value
+ return super(_VerifyNotImplemented, self).verify()
+
+for header in jws.header.KNOWN_HEADERS:
+ cls = jws.header.KNOWN_HEADERS[header]
+ if cls == jws.header.VerifyNotImplemented:
+ jws.header.KNOWN_HEADERS[header] = _VerifyNotImplemented
+
class _JWTError(Exception):
""" Exception raised if claim doesn't pass. Private to this module because
jws throws many exceptions too. """
@@ -140,7 +154,11 @@ def verify_jwt(jwt,
claims = jws.utils.from_base64(claims).decode('utf-8')
if pub_key:
- jws.verify(header, claims, sig, pub_key, True)
+ _tls.checks_optional = checks_optional
+ try:
+ jws.verify(header, claims, sig, pub_key, True)
+ finally:
+ _tls.checks_optional = False
elif 'none' not in allowed_algs:
raise _JWTError('no key but none alg not allowed') |
I think it might be best to make it a separate parameter (e.g. |
agreed for the |
@allan-simon please try version 1.2.0 and let me know if it works for you. |
seems to work, thanks :) |
You're welcome, thanks for letting me know - appreciate it. |
it seems to be caused by jws , which does check all of them and throw an error
https://github.com/brianloveswords/python-jws/blob/master/jws/header.py#L52
The text was updated successfully, but these errors were encountered: