From ba3ecc93555ab33f1172cebde7585a78eca00335 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Thu, 10 Aug 2023 16:04:43 -0400 Subject: [PATCH] oidc-exchange: fix padding Signed-off-by: William Woodruff --- oidc-exchange.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/oidc-exchange.py b/oidc-exchange.py index 671c034..fb1df00 100644 --- a/oidc-exchange.py +++ b/oidc-exchange.py @@ -144,6 +144,9 @@ def assert_successful_audience_call(resp: requests.Response, domain: str): def render_claims(token: str) -> str: _, payload, _ = token.split(".", 2) + + # urlsafe_b64decode needs padding; JWT payloads don't contain any. + payload += "=" * (4 - (len(payload) % 4)) claims = json.loads(base64.urlsafe_b64decode(payload)) def _get(name: str) -> str: # noqa: WPS430 @@ -207,7 +210,8 @@ if not mint_token_resp.ok: die( _SERVER_REFUSED_TOKEN_EXCHANGE_MESSAGE.format( - reasons=reasons, rendered_claims=rendered_claims, + reasons=reasons, + rendered_claims=rendered_claims, ), )