encode->decode returns: InvalidAudienceError: Invalid audience

[kumar303]

Hi. I keep getting InvalidAudienceError with the version, 1.0.1. Any idea why? When I trace the code, the audience variable is None. I don't see how this can work.

Here's how to reproduce it:

>>> import jwt
>>> import calendar
>>> import time
>>> jwt.__version__
'1.0.1'
>>> iat = calendar.timegm(time.gmtime())
>>> token = jwt.encode({'aud': 'some-aud', 'iss': 'some-iss', 'typ': 'some-typ', 'iat': iat, 'exp': iat + 3600, 'request': {}}, 'secret', algorithm='HS256')
>>> jwt.decode(token, 'secret', verify=True)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/.../lib/python2.7/site-packages/jwt/api.py", line 117, in decode
    key, algorithms, **kwargs)
  File "/.../lib/python2.7/site-packages/jwt/api.py", line 205, in _verify_signature
    raise InvalidAudienceError('Invalid audience')
jwt.exceptions.InvalidAudienceError: Invalid audience

[mark-adams]

If the aud claim on the token is set (on yours it is set to 'some-aud') then decoding MUST specify an expected aud value using the audience argument for decode() otherwise decoding will fail with an InvalidAudienceError.

Please see: https://github.com/jpadilla/pyjwt#audience-claim

[kumar303]

Aha, I didn't see that this was part of decode() now. Yeah, I would always verify the audience in a separate call. Thanks!

[vidstige]

Relevant docs has been moved. Go here instead.