Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: handle URL-safe base64 decoding for JWT #38991

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: handle URL-safe base64 decoding for JWT #38991

wants to merge 1 commit into from
+5 −2

Conversation

baku2san
Copy link

@baku2san baku2san commented Dec 27, 2024
edited
Loading

Description

This pull request addresses an issue with JWT decoding where URL-safe base64 decoding was not being used, leading to UTF-8 decoding errors. The changes ensure that the base64 encoded string is properly padded and decoded using URL-safe base64 decoding.

RFC4648

Changes:

  • Replaced base64.decodebytes with base64.urlsafe_b64decode.
  • Added logic to calculate and append necessary padding to the base64 string.

All SDK Contribution checklist:

  • The pull request does not introduce [breaking changes]
  • CHANGELOG is updated for new features, bug fixes or other significant changes.
  • I have read the contribution guidelines.

General Guidelines and Best Practices

  • Title of the pull request is clear and informative.
  • There are a small number of commits, each of which have an informative message. This means that previously merged commits do not appear in the history of the PR. For more information on cleaning up the commits in your PR, see this page.

Testing Guidelines

  • Pull request includes test coverage for the included changes.

@baku2san
fix: handle URL-safe base64 decoding for JWT
9dc5d29 
- Updated the JWT decoding logic to use URL-safe base64 decoding.
- Added padding to the base64 encoded string to ensure proper decoding.
- This fixes the issue where UTF-8 decoding errors occurred due to missing padding in the base64 string.

Changes:
- Replaced `base64.decodebytes` with `base64.urlsafe_b64decode`.
- Added logic to calculate and append necessary padding to the base64 string.
@baku2san baku2san requested review from pvaneck, xiangyan99 and a team as code owners December 27, 2024 14:36
@github-actions github-actions bot added Azure.Identity Community Contribution Community members are working on the issue customer-reported Issues that are reported by GitHub users external to the Azure organization. labels Dec 27, 2024
@github-actions GitHub Actions
Copy link

Thank you for your contribution @baku2san! We will review the pull request and get back to you soon.

@azure-sdk
Copy link
Collaborator

API change check

API changes are not detected in this pull request.

pvaneck
pvaneck reviewed Jan 6, 2025
View reviewed changes
Copy link
Member

@pvaneck pvaneck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR and improving the JWT payload decoding! Left a suggestion inline.

Do you mind also adding this change to the async decorator as well?

sdk/identity/azure-identity/azure/identity/_internal/decorators.py
base64_meta_data = token.token.split(".")[1].encode("utf-8") + b"=="
json_bytes = base64.decodebytes(base64_meta_data)
base64_meta_data = token.token.split(".")[1]
padding_needed = 4 - (len(base64_meta_data) % 4)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A more concise way to achieve the same result while avoiding the potential for the padding_needed value to be 4.

Suggested change
padding_needed = 4 - (len(base64_meta_data) % 4)
padding_needed = -len(base64_meta_data) % 4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pvaneck pvaneck pvaneck left review comments

@xiangyan99 xiangyan99 Awaiting requested review from xiangyan99 xiangyan99 is a code owner

@billwert billwert Awaiting requested review from billwert billwert is a code owner automatically assigned from Azure/azure-sdk-write-identity

@g2vinay g2vinay Awaiting requested review from g2vinay g2vinay is a code owner automatically assigned from Azure/azure-sdk-write-identity

@ahsonkhan ahsonkhan Awaiting requested review from ahsonkhan ahsonkhan is a code owner automatically assigned from Azure/azure-sdk-write-identity

@chlowell chlowell Awaiting requested review from chlowell chlowell is a code owner automatically assigned from Azure/azure-sdk-write-identity

@mpodwysocki mpodwysocki Awaiting requested review from mpodwysocki mpodwysocki is a code owner automatically assigned from Azure/azure-sdk-write-identity

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Azure.Identity Community Contribution Community members are working on the issue customer-reported Issues that are reported by GitHub users external to the Azure organization.
Projects
Azure Identity SDK Improvements
Status: Untriaged
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@baku2san @azure-sdk @pvaneck