JWS verification succeeds with both public and private keys when signing with the private key using RS256 #53
Description
Here's the code snippet.
(PS: Not my keys)
from base64 import b64decode
from jose import jws
private_key = 'MIICWwIBAAKBgGbhqjBjqCgXkqDCx1BRHDSJb9P4J+OjOPXeeIsVkY9UiBerApfTUCIVMSEOiM3u1b790Uk1e6tAUMmoM3ZUIuWsEylGflZYK7alsxEAyQfTDW/eRgMovQD8mr4TDBWKa5y61z8UDt5+YPY4XSd4y/Xh4FJpHj4yyBJzNhJ8MzrzAgMBAAECgYA+sHdBsRgABg0kxEsrF6F2KeDoaqfzv7uvpfYR2fyuN7YNpfiYhvynJ/6dw/t8cHHyRTtHvr0ypqgTmNhy2+W/AR82SYYe/4nai8aHRuTvGM7/H1GwhlggsziJepZBpemU1Iu0Ue3+ZPEn+egB7PZezxi2QbLoafGoPArTJkB/AQJBAL23VPOzi9HL3NyDVJUIQ0bk2Ev118OkLtqqe/qORjDe+iDPX2k1pe6PYhgLovRZxElbCxENu9sgWQG/sea9KkECQQCK06JQ8XtlGRphmPPWb7z1gmebBr5m7RtYdX27g53OynrKiuZ9lnwY/r3deBJqas9qMCM2G0qANUGHZIKAb9AzAkEApKfpY1oBkCSPnBOf5Xk2auFTmRnWGkb1I3O0BtJUuTXNgYx6EqYtTc/EI3p2A/2lDsWl5Tc2RAjfN1VY4hpsAQJAcJ310ovSedS/XeTiCVZjhxXeThhOZNh7kmrdMDw4zAPdUGkVSVPGH9Cm3P4GkmVLFO0v4ziIWzDYk6ipZN9PmQJARv/EHHKedpVSBps5DvI+umMvtH06GhhoIm8iFDx4W1PTez9CGjvq299NoAqxHMyZVe23Kb0vqkKyPg0pgtRGjQ=='
public_key = 'MIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgGbhqjBjqCgXkqDCx1BRHDSJb9P4J+OjOPXeeIsVkY9UiBerApfTUCIVMSEOiM3u1b790Uk1e6tAUMmoM3ZUIuWsEylGflZYK7alsxEAyQfTDW/eRgMovQD8mr4TDBWKa5y61z8UDt5+YPY4XSd4y/Xh4FJpHj4yyBJzNhJ8MzrzAgMBAAE='
token = jws.sign({'email': 'abc@b.com'}, b64decode(private_key), algorithm='RS256')
print token
dec = jws.verify(token, b64decode(private_key), algorithms='RS256')
print dec