jwt.encode() overrides the algorithm specified by the caller #725
Labels
priority: p2
Moderately-important priority. Fix may not be included in next release.
type: bug
Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
The
jwt.encode()
function always set thealg
JWT header to either ES256 or RS256, even if the caller had specified an explicit algorithm:google-auth-library-python/google/auth/jwt.py
Lines 98 to 101 in 48e8be3
This function should only set the
alg
header when the caller hasn't specified one. This is required to support some use cases in Firebase emulator, where we need the ability to mint JWTs withalg
header values likenone
.The text was updated successfully, but these errors were encountered: