-
-
Notifications
You must be signed in to change notification settings - Fork 694
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Validate the options
passed in to jwt.decode
#869
Comments
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days |
Bump to remove the "stale" tag :) |
Similar happened to our project. I found this PR where Until than, at our project, we are forced to make a wrapper around the 'pyjwt.decode` and extensively test all options. |
@AndriiDubonos v2.9.0 has just been relased. |
Very nice. Thank you! |
We recently discovered a bug in our code that wasn't caught by tests because where we do
jwt.decode
we were supplying an option called"required": [...]
instead of"require": [...]
, and so our JWTs weren't being validated to contain the expected fields.So the call looked like this:
pyjwt
doesn't complain about this, it continues without doing any checking that fields are present. It would have prevented us some pain ifpyjwt
raises an error when it receives an option it doesn't recognise.If the project is willing to integrate this behaviour, I'd be happy to submit a PR making this change. 🙂
The text was updated successfully, but these errors were encountered: