python decode JWT not containing any dots

Question

I am given a JWT which does not contain any dots. I read somewhere that the typical format of a JWT is 3 pieces of string concatenated with 2 dots in total. Using PyJWT when I try to decode the token, I am getting the below error -

Traceback (most recent call last):
  File "/home/neelanjana/.virtualenvs/athena_env/lib/python3.7/site-packages/jwt/api_jws.py", line 180, in _load
    signing_input, crypto_segment = jwt.rsplit(b'.', 1)
ValueError: not enough values to unpack (expected 2, got 1)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/neelanjana/.virtualenvs/athena_env/lib/python3.7/site-packages/jwt/api_jwt.py", line 84, in decode
    payload, _, _, _ = self._load(jwt)
  File "/home/neelanjana/.virtualenvs/athena_env/lib/python3.7/site-packages/jwt/api_jws.py", line 183, in _load
    raise DecodeError('Not enough segments')
jwt.exceptions.DecodeError: Not enough segments

However, when I put the same token on jwt.io, it gets decoded and I am able to see the complete dictionary. Is What am I missing?

Here is my code -

import jwt

a = "someToken"
print(jwt.decode(a))

Attaching a pastebin link to the token here since it is too long to put here.

P.S. I am not married to the idea of using pyjwt. If any other library can decode it it's all the same for me.

On jwt.io too, it says "invalid signature" at the bottom. How are you generating the token? Also the content seems quite large. I am not sure I would put that much data in a json web token. — masnun, Apr 23 '20 at 13:52
From what I saw on jwt.io, you may be putting the actual data in place of the header and the payload (data) is empty. If you can update the code to show how you're generating the token - it would be helpful. — masnun, Apr 23 '20 at 13:54
I am given the token by a third party, I don't have any control on the way it is generated, so cannot confirm what algo/secret etc is used. In jwt.io, although it says invalid signature, it is still able to decode the dict on right hand side, That is all I was hoping to get in my case. — Rahul Chowdhury, Apr 23 '20 at 14:18
I tried to use jwt.get_unverified_header(token_string) and got the same response. Just wondering if it is at all feasible to decode this token? — Rahul Chowdhury, Apr 23 '20 at 14:26
You might look into PyJWT's source code and just decrypt the first part using it's functions if possible. — masnun, Apr 23 '20 at 15:22
There's nothing to decrypt. What you got there is no token but simply a base64 encoded JSON. Any base64 decoder can decode it. — jps, Apr 23 '20 at 16:19

score 0 · Answer 1 · answered May 19 '20 at 04:50

0

To answer my own question, the above string is not JWT but a base64 encoded string. Using base64 decoding the actual dict was recovered.

answered May 19 '20 at 04:50

Rahul Chowdhury

173
2
11

that's what I told you in my comment on 23rd April. But I think you can just delete the question, IMHO unlikely to be useful for anyone in future. – jps May 19 '20 at 06:11
agreed, will remove in sometime. Thanks :) – Rahul Chowdhury May 20 '20 at 09:26
question was never deleted and I'm glad it wasn't. I was having the same issue and this helped me. – Rafael Santos Sep 26 '22 at 20:16

python decode JWT not containing any dots

1 Answers1