You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is an issue in the httpx-auth library where the decoding of base64-encoded JSON within JWT tokens corrupts JSON strings that contain nested JSON. This happens because the double quotes inside the nested JSON string are not correctly handled during the decoding process, leading to a failure when attempting to load the string back into a JSON object.
Steps to Reproduce
The issue can be reproduced with the following test case:
importjwtimportjsonfromhttpx_auth._oauth2.tokensimportdecode_base64deftest_decode_base64_with_nested_json_string():
# Encode a JSON inside the JWTdummy_token=jwt.encode({"data": json.dumps({"something": ["else"]})}, key="")
header, body, signature=dummy_token.split(".")
# Decode the bodydecoded_bytes=decode_base64(body)
# Attempt to load JSONresult=json.loads(decoded_bytes)
assertresult== {"data": '{"something": ["else"]}'}
Running this test results in a json.decoder.JSONDecodeError due to incorrect handling of the nested JSON string.
Expected Behavior
The decoded JSON string should be handled correctly, allowing for proper loading into a Python dictionary without JSON parsing errors.
Actual Behavior
The test raises the following error due to malformed JSON:
json.decoder.JSONDecodeError: Expecting ',' delimiter: line 1 column 12 (char 11)
This error is caused by the way double quotes inside the nested JSON are handled, which corrupts the JSON string during the base64 decoding step.
This issue impacts scenarios where JWT tokens contain nested JSON strings as part of their payload. A fix would likely involve adjusting the base64 decoding function to correctly handle nested JSON strings without corrupting them.
The text was updated successfully, but these errors were encountered:
Description
There is an issue in the
httpx-authlibrary where the decoding of base64-encoded JSON within JWT tokens corrupts JSON strings that contain nested JSON. This happens because the double quotes inside the nested JSON string are not correctly handled during the decoding process, leading to a failure when attempting to load the string back into a JSON object.Steps to Reproduce
The issue can be reproduced with the following test case:
Running this test results in a json.decoder.JSONDecodeError due to incorrect handling of the nested JSON string.
Expected Behavior
The decoded JSON string should be handled correctly, allowing for proper loading into a Python dictionary without JSON parsing errors.
Actual Behavior
The test raises the following error due to malformed JSON:
json.decoder.JSONDecodeError: Expecting ',' delimiter: line 1 column 12 (char 11)This error is caused by the way double quotes inside the nested JSON are handled, which corrupts the JSON string during the base64 decoding step.
Environment
Python Version: 3.10.11
httpx-auth version: 0.22.0 (2024-03-02)
Additional Context
This issue impacts scenarios where JWT tokens contain nested JSON strings as part of their payload. A fix would likely involve adjusting the base64 decoding function to correctly handle nested JSON strings without corrupting them.
The text was updated successfully, but these errors were encountered: