[Python-modules-team] Bug#840402: python-jwt: jwt(1) doesn't decode
Lars Wirzenius
liw at liw.fi
Tue Oct 11 09:31:08 UTC 2016
Package: python-jwt
Version: 1.4.2-1
Severity: normal
The package comes with /usr/bin/jwt, which seems like a handy tool.
However, it fails to decode a token that "jwt.decode(t, verify=False)"
decodes just fine. When I try, I get this:
$ jwt --no-verify /tmp/token
Not enough segments
The contents of /tmp/token is below, as is the script jwt-decode,
which I just wrote.
$ bin/jwt-decode /tmp/token
{
"oxValidationURI": "https://gluu.example.com/oxauth/opiframe",
"oxOpenIDConnectVersion": "openidconnect-1.0",
"aud": "@!2027.861B.4505.5885!0001!200B.B5FE!0008!14CA.18BA",
"iss": "https://gluu.example.com",
"exp": 1476180764,
"scope": "uapi_orgs_id_delete uapi_competence_types_id_put uapi_reports_id_delete uapi_contracts_id_put uapi_cards_id_holder_photo_put uapi_persons_post uapi_persons_id_get uapi_contracts_id_get uapi_competence_types_get uapi_orgs_id_get uapi_orgs_post uapi_cards_id_put uapi_cards_id_issuer_logo_get uapi_events_get uapi_competence_types_id_registry_logo_get uapi_competences_id_put uapi_cards_search_id_get uapi_reports_post uapi_competence_types_id_card_back_get uapi_contracts_search_id_get uapi_contracts_id_document_get uapi_cards_id_delete uapi_competences_get uapi_competence_types_post uapi_reports_id_put uapi_competence_types_id_card_back_put uapi_competence_types_id_delete uapi_competences_id_get uapi_persons_id_delete uapi_events_id_delete uapi_reports_id_pdf_put uapi_projects_id_put uapi_contracts_id_delete uapi_competence_types_id_card_front_put uapi_orgs_id_put uapi_orgs_get uapi_persons_search_id_get uapi_contracts_id_document_put uapi_persons_id_put uapi_reports_get
uapi_cards_id_get uapi_orgs_search_id_get uapi_persons_id_private_put uapi_cards_id_holder_photo_get uapi_events_post uapi_events_id_get uapi_persons_id_photo_get uapi_competence_types_id_get uapi_cards_post uapi_competences_search_id_get uapi_cards_get uapi_competence_types_id_registry_logo_put uapi_competences_id_delete uapi_competence_types_id_card_front_get uapi_contracts_post uapi_cards_id_issuer_logo_put uapi_competences_post uapi_projects_id_get uapi_projects_id_delete uapi_projects_post uapi_projects_get uapi_persons_id_photo_put uapi_persons_get uapi_persons_id_private_get uapi_reports_id_pdf_get uapi_reports_id_get",
"iat": 1476177164,
"sub": "@!2027.861B.4505.5885!0001!200B.B5FE!0008!14CA.18BA"
}
I don't mind using my own script, but I'd like to know if I use jwt
wrongly. I don't understand from reading the manual page what I'm
doing wrong.
Contents of /tmp/token:
=== 8< ===
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiIsImtpZCI6IjRiMDE1YWM0LWUwNGUtNDFiMi04MTk4LTA3NzlhYmMzOTJlMCJ9.eyJpc3MiOiJodHRwczovL2dsdXUuZXhhbXBsZS5jb20iLCJhdWQiOiJAITIwMjcuODYxQi40NTA1LjU4ODUhMDAwMSEyMDBCLkI1RkUhMDAwOCExNENBLjE4QkEiLCJleHAiOjE0NzYxODA3NjQsImlhdCI6MTQ3NjE3NzE2NCwic3ViIjoiQCEyMDI3Ljg2MUIuNDUwNS41ODg1ITAwMDEhMjAwQi5CNUZFITAwMDghMTRDQS4xOEJBIiwib3hWYWxpZGF0aW9uVVJJIjoiaHR0cHM6Ly9nbHV1LmV4YW1wbGUuY29tL294YXV0aC9vcGlmcmFtZSIsIm94T3BlbklEQ29ubmVjdFZlcnNpb24iOiJvcGVuaWRjb25uZWN0LTEuMCIsInNjb3BlIjoidWFwaV9vcmdzX2lkX2RlbGV0ZSB1YXBpX2NvbXBldGVuY2VfdHlwZXNfaWRfcHV0IHVhcGlfcmVwb3J0c19pZF9kZWxldGUgdWFwaV9jb250cmFjdHNfaWRfcHV0IHVhcGlfY2FyZHNfaWRfaG9sZGVyX3Bob3RvX3B1dCB1YXBpX3BlcnNvbnNfcG9zdCB1YXBpX3BlcnNvbnNfaWRfZ2V0IHVhcGlfY29udHJhY3RzX2lkX2dldCB1YXBpX2NvbXBldGVuY2VfdHlwZXNfZ2V0IHVhcGlfb3Jnc19pZF9nZXQgdWFwaV9vcmdzX3Bvc3QgdWFwaV9jYXJkc19pZF9wdXQgdWFwaV9jYXJkc19pZF9pc3N1ZXJfbG9nb19nZXQgdWFwaV9ldmVudHNfZ2V0IHVhcGlfY29tcGV0ZW5jZV90eXBlc19pZF9yZWdpc3RyeV9sb2dvX2dldCB1YXBpX2NvbXBldGVuY2VzX2lkX3B1d
CB1YXBpX2NhcmRzX3NlYXJjaF9pZF9nZXQgdWFwaV9yZXBvcnRzX3Bvc3QgdWFwaV9jb21wZXRlbmNlX3R5cGVzX2lkX2NhcmRfYmFja19nZXQgdWFwaV9jb250cmFjdHNfc2VhcmNoX2lkX2dldCB1YXBpX2NvbnRyYWN0c19pZF9kb2N1bWVudF9nZXQgdWFwaV9jYXJkc19pZF9kZWxldGUgdWFwaV9jb21wZXRlbmNlc19nZXQgdWFwaV9jb21wZXRlbmNlX3R5cGVzX3Bvc3QgdWFwaV9yZXBvcnRzX2lkX3B1dCB1YXBpX2NvbXBldGVuY2VfdHlwZXNfaWRfY2FyZF9iYWNrX3B1dCB1YXBpX2NvbXBldGVuY2VfdHlwZXNfaWRfZGVsZXRlIHVhcGlfY29tcGV0ZW5jZXNfaWRfZ2V0IHVhcGlfcGVyc29uc19pZF9kZWxldGUgdWFwaV9ldmVudHNfaWRfZGVsZXRlIHVhcGlfcmVwb3J0c19pZF9wZGZfcHV0IHVhcGlfcHJvamVjdHNfaWRfcHV0IHVhcGlfY29udHJhY3RzX2lkX2RlbGV0ZSB1YXBpX2NvbXBldGVuY2VfdHlwZXNfaWRfY2FyZF9mcm9udF9wdXQgdWFwaV9vcmdzX2lkX3B1dCB1YXBpX29yZ3NfZ2V0IHVhcGlfcGVyc29uc19zZWFyY2hfaWRfZ2V0IHVhcGlfY29udHJhY3RzX2lkX2RvY3VtZW50X3B1dCB1YXBpX3BlcnNvbnNfaWRfcHV0IHVhcGlfcmVwb3J0c19nZXQgdWFwaV9jYXJkc19pZF9nZXQgdWFwaV9vcmdzX3NlYXJjaF9pZF9nZXQgdWFwaV9wZXJzb25zX2lkX3ByaXZhdGVfcHV0IHVhcGlfY2FyZHNfaWRfaG9sZGVyX3Bob3RvX2dldCB1YXBpX2V2ZW50c19wb3N0IHVhcGlfZXZlbnRzX2lkX2dldCB1YX
BpX3BlcnNvbnNfaWRfcGhvdG9fZ2V0IHVhcGlfY29tcGV0ZW5jZV90eXBlc19pZF9nZXQgdWFwaV9jYXJkc19wb3N0IHVhcGlfY29tcGV0ZW5jZXNfc2VhcmNoX2lkX2dldCB1YXBpX2NhcmRzX2dldCB1YXBpX2NvbXBldGVuY2VfdHlwZXNfaWRfcmVnaXN0cnlfbG9nb19wdXQgdWFwaV9jb21wZXRlbmNlc19pZF9kZWxldGUgdWFwaV9jb21wZXRlbmNlX3R5cGVzX2lkX2NhcmRfZnJvbnRfZ2V0IHVhcGlfY29udHJhY3RzX3Bvc3QgdWFwaV9jYXJkc19pZF9pc3N1ZXJfbG9nb19wdXQgdWFwaV9jb21wZXRlbmNlc19wb3N0IHVhcGlfcHJvamVjdHNfaWRfZ2V0IHVhcGlfcHJvamVjdHNfaWRfZGVsZXRlIHVhcGlfcHJvamVjdHNfcG9zdCB1YXBpX3Byb2plY3RzX2dldCB1YXBpX3BlcnNvbnNfaWRfcGhvdG9fcHV0IHVhcGlfcGVyc29uc19nZXQgdWFwaV9wZXJzb25zX2lkX3ByaXZhdGVfZ2V0IHVhcGlfcmVwb3J0c19pZF9wZGZfZ2V0IHVhcGlfcmVwb3J0c19pZF9nZXQifQ.bD0Vedkhxt7rtCwwDOHGolk6hcXlDqmqnfhytwsiWo-2UDTAdbRhAIzP4BAi7hWJ57gV9hLh0kdw2RVYfkznRO0m552da5gsi9OwfxFcKfkKs9AuxJ0mIqsYsuuKH7WSNbYZhIudE7NDAlolp6JJqYp0vvW8E9mfG6dbWTH8731EIXRoIpxxDJihB9nOXMdvkL_bYcJUnr1PfoaLnElg465zzaUDhchaw0ngHpkMad8nadVoL_EJky2ojjq1W2SJ5F73g9W0_A7u64UXQ0uYAe6VDvblM8wMrp9hl9GVQ1vV8u5b7zMi2p_Ws5CehWnbBczQPk2CIhmppNbi
E3uW-w
=== 8< ===
And jwt-decode:
=== 8< ===
#!/usr/bin/python
import json
import sys
import jwt
if len(sys.argv) == 1:
token = sys.stdin.read().rstrip()
else:
with open(sys.argv[1]) as f:
token = f.read().rstrip()
obj = jwt.decode(token, verify=False)
json.dump(obj, sys.stdout, indent=4)
sys.stdout.write('\n')
=== 8< ===
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages python-jwt depends on:
pn python:any <none>
Versions of packages python-jwt recommends:
ii python-cryptography 1.5.2-1
Versions of packages python-jwt suggests:
ii python-crypto 2.6.1-6+b1
-- no debconf information
More information about the Python-modules-team
mailing list