0

I am using PyJWT to generate and validate JWT in Python. Running pypy3 v2.4.

Simply trying to encode and decode a JWT similar to the example in the GitHub repo. I am getting the following error when decoding:

    decoded = jwt.decode(encoded, secret, algorithm='HS256')
File "/usr/local/site-packages/jwt/api_jwt.py", line 64, in decode
options, **kwargs)
File "/usr/local/site-packages/jwt/api_jws.py", line 115, in decode
key, algorithms)
File "/usr/local/site-packages/jwt/api_jws.py", line 177, in _verify_signature
if not alg_obj.verify(signing_input, key, signature):
File "/usr/local/site-packages/jwt/algorithms.py", line 138, in verify
return constant_time_compare(sig, self.sign(msg, key))
File "/usr/local/site-packages/jwt/compat.py", line 50, in constant_time_compare
result |= ord(x) ^ ord(y)
TypeError: ord() expected string of length 1, but int found

It's clear the error is generated from inside the module code.

Any idea what's causing this error?

Thanks

Sincere
  • 477
  • 5
  • 18
  • What is the type of "encoded" and "secret" variables? It looks like it's trying to get ASCII code from a list of ints instead of a list of chars – Jean-François Fabre Jun 22 '16 at 19:48
  • "encoded" is `bytes`, and "secret" is `str`. This is the value of "encoded": `b'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb21lIjoicGF5bG9hZCJ9.4twFt5NiznN84AWoo1d7KO1T_yoc0Z6XOpOVswacPZg'` – Sincere Jun 22 '16 at 20:10

1 Answers1

0

PyJWT doesn't support python 3.2, pyJWT uses hmac.compare_digest to verify signatures which was added in Python 3.3, it gets around this by reimplementing compare_digest for Python 2 however the re-implementation doesnt support python 3.2 since indexing into a bytes object returns a character in python 2 and an int in python 3.

source

Alexei - check Codidact
  • 22,016
  • 16
  • 145
  • 164
efloss
  • 1