Clarify the string split while manually parsing the JWT

matrix-org · Oct 31, 2022 · 1614e02 · 1614e02
1 parent 9cc5d40
commit 1614e02
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/synapse/handlers/oidc.py b/synapse/handlers/oidc.py
@@ -292,8 +292,10 @@ async def handle_backchannel_logout(self, request: SynapseRequest) -> None:
         # The aud and iss claims we care about are in the payload part, which
         # is a JSON object.
         try:
-            # This raises if there are too many or not enough segments in the token
-            _, payload, _ = logout_token.rsplit(".", 4)
+            # By splitting a maximum of 3 times and destructuring the resulting array,
+            # we ensure that we have exactly 3 segments, and without doing unnecessary
+            # splits.
+            _, payload, _ = logout_token.rsplit(".", 3)
         except ValueError:
             raise SynapseError(400, "Invalid logout_token in request")