Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fail on encode and decode of bad JWS header values #174

Merged
merged 2 commits into from
Jul 23, 2015
Merged

Fail on encode and decode of bad JWS header values #174

merged 2 commits into from
Jul 23, 2015

Commits on Jul 21, 2015

  1. Fail on encode and decode of bad JWS header values 

    The JWS spec:

https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-41#section-4.1.4

States that if `kid` is present then it **MUST** be a string.
Currently, the library allows silent creation of invalid JWS (and
thus, JWT), as it allows any type for `kid`. This commit adds checks
to help ensure output meets the spec.

* Add jwt.api_jws.PyJWS._validate_headers for validating JWS headers
  on encode and decode
* Add tests
    Gabriel Gironda committed Jul 21, 2015
    Configuration menu
    Copy the full SHA
    91fe6cd View commit details
    Browse the repository at this point in the history

Commits on Jul 23, 2015

  1. Change TypeError on bad kid to InvalidTokenError

    Gabriel Gironda committed Jul 23, 2015
    Configuration menu
    Copy the full SHA
    2a93fc5 View commit details
    Browse the repository at this point in the history