Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encoded values different after updating to 2.5.0 #806

Closed
sanders41 opened this issue Sep 19, 2022 · 4 comments
Closed

Encoded values different after updating to 2.5.0 #806

sanders41 opened this issue Sep 19, 2022 · 4 comments

Comments

@sanders41
Copy link

Summary.

After updating from 2.4.0 to 2.5.0 we started seeing failing tests in our CI (for example). We have tracked the issue down to the encoded value being different for the value we used to get. I didn't see anything in the change log that would cause this, and looking through the PRs the only thing I saw that may be related is here.

Expected Result

I didn't expect a change in the encoded values.

Actual Result

Got different encoded values when encoding the same strings.

Reproduction Steps

Run the following with pyjwt 2.4.0 and then again with 2.5.0 and the values will be different.

import jwt

data = {"email": "someone@somewhere.com", "phone_number": "352-867-5309"}
encoded_value = jwt.encode(data, "secret", algorithm="HS256")
print(encoded_value)

System Information

$ python -m jwt.help

{
  "cryptography": {
    "version": "3.4.8"
  },
  "implementation": {
    "name": "CPython",
    "version": "3.9.14"
  },
  "platform": {
    "release": "5.10.124-linuxkit",
    "system": "Linux"
  },
  "pyjwt": {
    "version": "2.5.0"
  }
}

Also tested and same results with

{
  "cryptography": {
    "version": "38.0.1"
  },
  "implementation": {
    "name": "CPython",
    "version": "3.10.7"
  },
  "platform": {
    "release": "21.6.0",
    "system": "Darwin"
  },
  "pyjwt": {
    "version": "2.5.0"
  }
}

This command is only available on PyJWT v1.6.3 and greater. Otherwise,
please provide some basic information about your system.
@frenck
Copy link

frenck commented Sep 19, 2022

We notice the same thing @ the Home Assistant project.

home-assistant/core#78776 (CI fails for the same reason as above).

@frenck frenck mentioned this issue Sep 19, 2022
Merged
23 tasks
@jpadilla
Copy link
Owner

That's because of sorting header keys introduced in #721. What's the use case of JWTs for equality instead of validity?

@frenck
Copy link

frenck commented Sep 20, 2022

Clear @jpadilla 👍 It just made alarm bells ring, without a clear reason why. Thanks for the clarification 👍

@sanders41
Copy link
Author

sanders41 commented Sep 20, 2022
edited

Yes, we have switched to testing validity instead. It was just a surprise to see things fail since we didn't see anything in the change log.

@jensjeflensje jensjeflensje mentioned this issue May 4, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jpadilla @frenck @sanders41