Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unexpected decode error jwt.exceptions.DecodeError: Invalid header string: ... #799

Open
fabiocaccamo opened this issue Sep 12, 2022 · 8 comments
Labels

Comments

@fabiocaccamo
Copy link

fabiocaccamo commented Sep 12, 2022

Thank you for this great library.

I have a project where I'm using this library for encoding/decoding tokens for resetting passwords.
Everything works well, but the other day I got an unexpected error when a user clicked the password-reset-link sent via email. This is a very isolated case because it happened only once.

Actual Result

The following exception is raised:

jwt.exceptions.DecodeError: Invalid header string: 'utf-8' codec can't decode byte 0xb7 in position 2: invalid start byte

Reproduction Steps

import jwt

token = "flW3fKBvBvWXI4DvYDWucTdvBvWVHmV4AvW2.flW4d5IlK6CeVwblAGZlYDWyfUBvBwF5AwV6ZwVmZEu2.XK5JCdat9f8bAcKf8Ub6-EAJC8GYbyTAmgYIlFuFlhd"

data = jwt.decode(
    token,
    settings.JWT_SECRET, 
    algorithms=["HS256"],
)

The encoded data is a dict containing just user_pk and exp date, for example:

{
    "user_pk": 1, 
    "exp": 1663002330,
}

System Information

{
  "cryptography": {
    "version": ""
  },
  "implementation": {
    "name": "CPython",
    "version": "3.8.10"
  },
  "platform": {
    "release": "5.4.0-125-generic",
    "system": "Linux"
  },
  "pyjwt": {
    "version": "2.4.0"
  }
}
@fabiocaccamo
Copy link
Author

fabiocaccamo commented Sep 13, 2022

UPDATE:

I investigated more by adding some logs inside jwt.api_jws module before the error is raised.
The error is raised here: https://github.com/jpadilla/pyjwt/blob/master/jwt/api_jws.py#L261

The value of the header_data variable is this:

b'~U\xb7|\xa0o\x06\xf5\x97#\x80\xef`5\xaeq7o\x06\xf5\x95\x1eex\x02\xf5\xb6'

I checked the header_data encoding with chardet and this is the result:

{'encoding': 'Windows-1252', 'confidence': 0.73, 'language': ''}

Hope this will help.

@github-actions
Copy link

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

@github-actions github-actions bot added the stale Issues without activity for more than 60 days label Nov 16, 2022
@fabiocaccamo
Copy link
Author

No more stale.

@github-actions github-actions bot removed the stale Issues without activity for more than 60 days label Nov 17, 2022
@teuf22
Copy link

teuf22 commented Nov 17, 2022

I observed a similar problem. I suspect that the user email program (Outlook it appears) is doing a 'pre-fetch' on the link (before the user clicks on it). However in this pre-fetch, Outlook is changing the jwt token to something bogus.

@fabiocaccamo
Copy link
Author

@teuf22 interesting...

@github-actions
Copy link

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

@github-actions github-actions bot added the stale Issues without activity for more than 60 days label Jan 17, 2023
@fabiocaccamo
Copy link
Author

no more stale

@jpadilla jpadilla added keep and removed stale Issues without activity for more than 60 days labels Jan 17, 2023
@johnmba
Copy link

johnmba commented May 26, 2023

I have the same issue and I have been trying to figure out what the problem is but the only information I can get from the traceback is the binascii error which say incorrect padding
According to python it's the direct course of the error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants