Home > Software engineering >  PyJWT decoding showing error "The specified alg value is not allowed" for 'RS512'
PyJWT decoding showing error "The specified alg value is not allowed" for 'RS512'

Time:10-18

I'm calling the decode function like that:

payload = jwt.decode(token,
                     cert['key'],
                     algorithms=['RS512'],
                     audience=aud,
                     leeway=0,
               
                     )

The error I m having:

File "/usr/local/lib/python3.9/site-packages/jwt/api_jws.py", line 292, in _verify_signature
raise InvalidAlgorithmError("The specified alg value is not allowed")

jwt.exceptions.InvalidAlgorithmError: The specified alg value is not allowed

The crypto extra is installed via poetry in pyproject.toml:

 PyJWT =  {version = "^2.5.0", extras = ["crypto"]}
 cryptography = "^38.0.2"

The listing of supported algorithms listed the algorithm "RS512":

get_default_algorithms().keys()

giving

(['none', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'ES256', 'ES256K', 'ES384', 'ES521', 'ES512', 'PS256', 'PS384', 'PS512', 'EdDSA']

Anyone who has this problem before?

CodePudding user response:

Because the error can have different causes, I suggest checking the error line message _verify_signature in which it indicates that the signature can not be verified as indicated in the documentation and in this post

>>> jwt.decode(encoded, options={"verify_signature": False})
{'some': 'payload'}

...

>>> jwt.get_unverified_header(encoded)
{'alg': 'RS512'}
  • Related