Parse the claims string in JWT

So far the unverified claims of JWSs were parsed. While the claims in a JWT need to be a dict of fields, RFC7520 indicates that the claims in a JWS don't have to be. Therefore this commit parses only JWT claims into dicts.
theashguy · Apr 27, 2016 · 7193e5b · 7193e5b
1 parent be3d4fc
commit 7193e5b
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 6 deletions.
diff --git a/jose/jws.py b/jose/jws.py
@@ -124,11 +124,7 @@ def get_unverified_claims(token):
  JWSError: If there is an exception decoding the token.
  """
  header, claims, signing_input, signature = _load(token)
-
- try:
- return json.loads(claims.decode('utf-8'))
- except ValueError as e:
- raise JWSError('Invalid claims string: %s' % e)
+ return claims
 
 
 def _encode_header(algorithm, additional_headers=None):

diff --git a/jose/jwt.py b/jose/jwt.py
@@ -184,7 +184,10 @@ def get_unverified_claims(token):
  except:
  raise JWTError('Error decoding token claims.')
 
- return claims
+ try:
+ return json.loads(claims.decode('utf-8'))
+ except ValueError as e:
+ raise JWTError('Invalid claims string: %s' % e)
 
 
 def _validate_iat(claims):