Skip to content

Commit 6f6b4ad

Browse files
fix(security): revert to PyJWT for JWT expiry parsing
1 parent 09330c8 commit 6f6b4ad

1 file changed

Lines changed: 3 additions & 7 deletions

File tree

  • cloudsmith_cli/core/credentials/oidc

cloudsmith_cli/core/credentials/oidc/cache.py

Lines changed: 3 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,6 @@
77

88
from __future__ import annotations
99

10-
import base64
1110
import hashlib
1211
import json
1312
import logging
@@ -48,13 +47,10 @@ def _decode_jwt_exp(token: str) -> float | None:
4847
make an authorization decision, so the signature is deliberately not
4948
verified (the API rejects tampered tokens regardless).
5049
"""
51-
parts = token.split(".", 2)
52-
if len(parts) != 3:
53-
return None
5450
try:
55-
payload_segment = parts[1]
56-
padded = payload_segment + "=" * (-len(payload_segment) % 4)
57-
payload = json.loads(base64.urlsafe_b64decode(padded))
51+
import jwt
52+
53+
payload = jwt.decode(token, options={"verify_signature": False})
5854
exp = payload.get("exp")
5955
if exp is not None:
6056
return float(exp)

0 commit comments

Comments
 (0)