Skip to content

Commit

Permalink
fix(jwt): no need to verify typ header value
Browse files Browse the repository at this point in the history
  • Loading branch information
lepture committed Jun 4, 2024
1 parent e461837 commit 90526d0
Show file tree
Hide file tree
Showing 3 changed files with 2 additions and 19 deletions.
5 changes: 0 additions & 5 deletions src/joserfc/errors.py
Original file line number Diff line number Diff line change
Expand Up @@ -118,10 +118,5 @@ class InvalidTokenError(JoseError):
description = "The token is not valid yet"


class InvalidTypeError(JoseError):
error = "invalid_type"
description = 'The "typ" value in header is invalid'


class InvalidPayloadError(JoseError):
error = "invalid_payload"
10 changes: 2 additions & 8 deletions src/joserfc/jwt.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
decrypt_compact,
)
from .jwk import KeyFlexible
from .errors import InvalidTypeError, InvalidPayloadError
from .errors import InvalidPayloadError
from .util import to_bytes
from .registry import Header

Expand Down Expand Up @@ -93,13 +93,7 @@ def decode(
except (TypeError, ValueError):
raise InvalidPayloadError()

token = Token(header, claims)
typ = token.header.get("typ")
# https://www.rfc-editor.org/rfc/rfc7519#section-5.1
# If present, it is RECOMMENDED that its value be "JWT".
if typ and typ != "JWT":
raise InvalidTypeError()
return token
return Token(header, claims)


def _decode_jwe(
Expand Down
6 changes: 0 additions & 6 deletions tests/jwt/test_jwt.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
from joserfc.jwk import OctKey
from joserfc.errors import (
InvalidPayloadError,
InvalidTypeError,
MissingClaimError,
)

Expand All @@ -14,11 +13,6 @@ def test_invalid_payload(self):
data = jws.serialize_compact({"alg": "HS256"}, b"hello", key)
self.assertRaises(InvalidPayloadError, jwt.decode, data, key)

def test_invalid_type(self):
key = OctKey.import_key("secret")
data = jws.serialize_compact({"alg": "HS256", "typ": "JOSE"}, b'{"iss":"a"}', key)
self.assertRaises(InvalidTypeError, jwt.decode, data, key)

def test_claims_registry(self):
key = OctKey.import_key("secret")
data = jwt.encode({"alg": "HS256"}, {"sub": "a"}, key)
Expand Down

0 comments on commit 90526d0

Please sign in to comment.