我正在使用PyJWT在Python中生成和验证JWT。正在运行pypy3 v2.4。
只需尝试encode
和decode
类似于GitHub仓库中的示例的JWT。我在解码时遇到以下错误:
decoded = jwt.decode(encoded, secret, algorithm='HS256')
File "/usr/local/site-packages/jwt/api_jwt.py", line 64, in decode
options, **kwargs)
File "/usr/local/site-packages/jwt/api_jws.py", line 115, in decode
key, algorithms)
File "/usr/local/site-packages/jwt/api_jws.py", line 177, in _verify_signature
if not alg_obj.verify(signing_input, key, signature):
File "/usr/local/site-packages/jwt/algorithms.py", line 138, in verify
return constant_time_compare(sig, self.sign(msg, key))
File "/usr/local/site-packages/jwt/compat.py", line 50, in constant_time_compare
result |= ord(x) ^ ord(y)
TypeError: ord() expected string of length 1, but int found
很明显,错误是从模块代码中生成的。
知道导致此错误的原因是什么?
由于
答案 0 :(得分:0)
PyJWT不支持python 3.2,pyJWT使用hmac.compare_digest
来验证在Python 3.3中添加的签名,它通过重新实现Python 2的compare_digest来解决这个问题,但重新实现不支持python 3.2,因为索引到bytes对象返回python 2中的字符和python 3中的int。