【问题标题】:PyJWT: Custom Header - Remove type from jwt headerPyJWT:自定义标头 - 从 jwt 标头中删除类型
【发布时间】:2020-08-14 03:04:32
【问题描述】:

如何从 jwt 标头中删除字典值 "typ": "JWT"?我已经尝试了以下

jwt.encode(
    {
        "iat": 1588108543,
        "exp": 1588112143,
        "ehts": "...",
        "edts": "...."
    },
    privateKey,
    algorithm='RS256',
    headers={"alg": "RS256"})

但仍然在 jwt 标头中获得 typ。我正在使用 pyjwt python 库。

输出:

eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpYXQiOjE1ODgxMDg1NDMsImV4cCI6MTU4ODExMjE0MywiZWh0cyI6ImNvbnRlbnQtdHlwZTthdXRob3JpemF0aW9uO3gtZGV2aWNlLWlkO2FjY2VwdC1sYW5ndWFnZTtib2R5IiwiZWR0cyI6IjgwNmQ2N2JhYzdmY2ZjNDQ5ZmJkZTllNDExOGFkODY5NWJlZjFmMzQ3ZTIzN2E1YjgyZGQ0MThlM2JhNjE2ODUifQ.WsKUWYoyrEhd78kcyfoBk2cuqHFF_9F0oLpsnEoV5lD7yTw8Cu4Z9TgHPrLgEeVOSXXKNu45CBbzi2v3YhQOS7vLXDEHWI6BpoGjNFymsaVqsCA4bUmDtZ9mq2ugyeeIfZ5E6L0ywBF3BYAy8DnxRk8yyHSQCkuQm4W8AZnwXWzefdz5dCSljzTQtLli0x_s1hqOlYtAXtPvHQbx4OYPYkARrYHjRatiqyXECYNcgQGxbMs_knF7vgSk7uf0uSoJvbdpjPBd4xpnLbAWMHeDlhtG834r2bCFFKZJARGCfXZW_0y8PyJGNhscKIpg7BIfiEAgqIlcFMX3N0qbYaYl9w

谢谢

【问题讨论】:

  • 嗨,约翰,您可以将输出添加到您的问题中吗?
  • 嗨,Kelvin。我只是将输出添加到问题中。谢谢
  • headers={...} 参数用于附加头字段。 typalg 始终存在。没有删除它们的选项。见sourcecode on github
  • @jps 但我必须让我的 api 与某些服务兼容。有没有办法覆盖它?
  • 我想不出简单的方法。为什么这个标头会导致兼容性问题?

标签: python jwt pyjwt


【解决方案1】:

扩展 PyJWS.encode 可以覆盖默认标头

import json
try:
    # import required by mypy to perform type checking, not used for normal execution
    from typing import Callable, Dict, List, Optional, Union # NOQA
except ImportError:
    pass

from jwt.algorithms import (
    Algorithm, get_default_algorithms, has_crypto, requires_cryptography  # NOQA
)
from jwt.utils import base64url_decode, base64url_encode, force_bytes, merge_dict
class MyPyJWS(PyJWS):

    def encode(self,
               payload,  # type: Union[Dict, bytes]
               key,  # type: str
               algorithm='HS256',  # type: str
               headers=None,  # type: Optional[Dict]
               json_encoder=None  # type: Optional[Callable]
               ):
        segments = []

        if algorithm is None:
            algorithm = 'none'

        if algorithm not in self._valid_algs:
            pass

        # Header
        header = {'alg': algorithm}

        if headers:
            self._validate_headers(headers)
            header.update(headers)

        json_header = force_bytes(
            json.dumps(
                header,
                separators=(',', ':'),
                cls=json_encoder
            )
        )

        segments.append(base64url_encode(json_header))
        segments.append(base64url_encode(payload))

        # Segments
        signing_input = b'.'.join(segments)
        try:
            alg_obj = self._algorithms[algorithm]
            key = alg_obj.prepare_key(key)
            signature = alg_obj.sign(signing_input, key)

        except KeyError:
            if not has_crypto and algorithm in requires_cryptography:
                raise NotImplementedError(
                    "Algorithm '%s' could not be found. Do you have cryptography "
                    "installed?" % algorithm
                )
            else:
                raise NotImplementedError('Algorithm not supported')

        segments.append(base64url_encode(signature))

        return b'.'.join(segments)

import jwt
encoded_jwt = jwt.encode({'some': 'payload'}, 'secret', algorithm='HS256')
print(encoded_jwt)
json_payload = json.dumps(
            {'some': 'payload'},
            separators=(',', ':')
        ).encode('utf-8')
encoded_jwt = MyPyJWS().encode(json_payload , 'secret', algorithm='HS256')
print(encoded_jwt)

【讨论】:

    【解决方案2】:

    只需将 PyJWS.header_type 设置为 False|None。确保定义您实际需要的标头。

    jwt.api_jws.PyJWS.header_typ = False
    jwt.encode(..., headers={"alg": "HS512"})
    

    【讨论】:

      【解决方案3】:

      对于 PyJWT >= 2.20

      https://github.com/jpadilla/pyjwt/releases/tag/2.2.0

      只需使用:

      jwt.encode(payload, key, algorithm, headers={'typ': None})
      

      它是如何工作的?

      header = {"typ": self.header_typ, "alg": algorithm}
      if headers:
          self._validate_headers(headers)
          header.update(headers)
          if not header["typ"]:
              del header["typ"]
      

      【讨论】:

        猜你喜欢
        • 1970-01-01
        • 2011-08-23
        • 1970-01-01
        • 1970-01-01
        • 2020-04-19
        • 1970-01-01
        • 2018-07-18
        • 2020-09-21
        • 2013-08-11
        相关资源
        最近更新 更多