Skip to content

Http Bearer authentication broken on valid JWT token #207

New issue
New issue
Closed
#210
Closed
Http Bearer authentication broken on valid JWT token#207
#210
@zupo

Description

@zupo
zupo
opened on Mar 2, 2020

TL;DR: When using JWT HTTP Bearer auth, I get Security not valid for any requirement with underlying Invalid base64 encoding. in security/providers.py.

More info

This is the security part of my openapi.yaml:

  securitySchemes:
    Bearer:
      type: http
      scheme: bearer
      bearerFormat: JWT
      name: Authorization
      in: header

This is the JWT that I send via Swagger Docs in-browser generated client: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhYWFhYWFhYS1iYmJiLWNjY2MtZGRkZC1lZWVlZWVlZWVlZTEiLCJpYXQiOjE1ODMxMDAwNDN9.vXiR3Dea6EPar2aT4hbv79BeWbwEW0iuK0ppfUSB5qO190l1IbpTjf7TA24elc57YCyylQl9tlkC8Y6UO2quxg. I verified it is a valid JWT via http://calebb.net/. The secret is secret.

And lastly a PDB session of the above valid JWT failing to decode in security/providers.py:

[25] > /tmp/test/.venv/lib/python3.7/site-packages/openapi_core/security/providers.py(44)__call__()
-> return base64.b64decode(
(Pdb++) encoded_credentials
'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhYWFhYWFhYS1iYmJiLWNjY2MtZGRkZC1lZWVlZWVlZWVlZTEiLCJpYXQiOjE1ODMxMDAwNDN9.vXiR3Dea6EPar2aT4hbv79BeWbwEW0iuK0ppfUSB5qO190l1IbpTjf7TA24elc57YCyylQl9tlkC8Y6UO2quxg'
(Pdb++) base64.b64decode(encoded_credentials.encode('ascii'))
*** binascii.Error: Incorrect padding
Traceback (most recent call last):
  File "/nix/store/5w2gzqgdkxchagx8kyc8g1m1i76jm4fc-python3-3.7.6/lib/python3.7/base64.py", line 87, in b64decode
    return binascii.a2b_base64(s)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions