PyJWT decoding showing error "The specified alg value is not allowed" for 'RS512' even if it is listed in supported algorithms
Question:
I’m calling the decode function like that:
payload = jwt.decode(token,
cert['key'],
algorithms=['RS512'],
audience=aud,
leeway=0,
)
The error I m having:
File "/usr/local/lib/python3.9/site-packages/jwt/api_jws.py", line 292, in _verify_signature
raise InvalidAlgorithmError("The specified alg value is not allowed")
jwt.exceptions.InvalidAlgorithmError: The specified alg value is not allowed
The crypto extra is installed via poetry in pyproject.toml:
PyJWT = {version = "^2.5.0", extras = ["crypto"]}
cryptography = "^38.0.2"
The listing of supported algorithms listed the algorithm "RS512":
get_default_algorithms().keys()
giving
(['none', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'ES256', 'ES256K', 'ES384', 'ES521', 'ES512', 'PS256', 'PS384', 'PS512', 'EdDSA']
Anyone who has this problem before?
Answers:
Because the error can have different causes, I suggest checking the error line message _verify_signature in which it indicates that the signature can not be verified as indicated in the documentation and in this post
>>> jwt.decode(encoded, options={"verify_signature": False})
{'some': 'payload'}
…
>>> jwt.get_unverified_header(encoded)
{'alg': 'RS512'}
I’m calling the decode function like that:
payload = jwt.decode(token,
cert['key'],
algorithms=['RS512'],
audience=aud,
leeway=0,
)
The error I m having:
File "/usr/local/lib/python3.9/site-packages/jwt/api_jws.py", line 292, in _verify_signature
raise InvalidAlgorithmError("The specified alg value is not allowed")
jwt.exceptions.InvalidAlgorithmError: The specified alg value is not allowed
The crypto extra is installed via poetry in pyproject.toml:
PyJWT = {version = "^2.5.0", extras = ["crypto"]}
cryptography = "^38.0.2"
The listing of supported algorithms listed the algorithm "RS512":
get_default_algorithms().keys()
giving
(['none', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'ES256', 'ES256K', 'ES384', 'ES521', 'ES512', 'PS256', 'PS384', 'PS512', 'EdDSA']
Anyone who has this problem before?
Because the error can have different causes, I suggest checking the error line message _verify_signature in which it indicates that the signature can not be verified as indicated in the documentation and in this post
>>> jwt.decode(encoded, options={"verify_signature": False})
{'some': 'payload'}
…
>>> jwt.get_unverified_header(encoded)
{'alg': 'RS512'}