New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: ensure JWT segments have the right types #1162
fix: ensure JWT segments have the right types #1162
Conversation
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
0a8cfaf
to
c6967c9
Compare
Minor comments, otherwise LGTM. Thank you for your contribution! |
c6967c9
to
46949ee
Compare
46949ee
to
45aec15
Compare
Hi @ret2libc, In order for the tests to pass can you merge clundin25@17cc33f? Alternatively, I can push it to your branch if you give me write permissions to your fork. Thanks! |
Done! |
cd0bfbf
to
248a3fc
Compare
Hi @ret2libc, Sorry for the delay, I was OOTO. Can you sync your branch? Sorry for the toil. |
248a3fc
to
93f50c8
Compare
@clundin25 done! |
cd76250
to
d8d7847
Compare
I have used your new commit. Also, I don't see any test failure locally. Let's see the CI :) |
Oh, I see. It's python2. Will have a fix by EOD. |
d8d7847
to
d662de2
Compare
@clundin25 do you have any idea what's going on now? |
Sorry for the delay. @ret2libc looks like the formatter choked. This patch should resolve it. |
d662de2
to
8220918
Compare
Thanks again for your contribution! |
Function
_unverified_decode
assumesheader
is a dict and performs a.get("alg")
after decoding the JWT token, however the header may be a different object which does not have theget
method. Similar problem for thepayload
segment, which is accessed as a dictionary but there is no check for it.This PR fixes the problem by checking the type of
header
/payload
in the_unverified_decode
function.