diff options
author | Anders Kaseorg <andersk@mit.edu> | 2021-04-28 04:25:29 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-04-28 07:25:29 -0400 |
commit | 7f6a2361943ffae20007eb014900060c6b21d9cc (patch) | |
tree | d87628b290de564fd9fc54403e96018f035edcfa | |
parent | fb86f9dffb371ee2adbc573edc35ded129ea3b36 (diff) | |
download | pyjwt-7f6a2361943ffae20007eb014900060c6b21d9cc.tar.gz |
Clearly warn against computing algorithms from the token’s alg (#647)
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
-rw-r--r-- | docs/algorithms.rst | 12 | ||||
-rw-r--r-- | docs/api.rst | 15 |
2 files changed, 24 insertions, 3 deletions
diff --git a/docs/algorithms.rst b/docs/algorithms.rst index 10402f0..7192252 100644 --- a/docs/algorithms.rst +++ b/docs/algorithms.rst @@ -57,3 +57,15 @@ of allowed algorithms: In the above case, if the JWT has any value for its alg header other than HS512 or HS256, the claim will be rejected with an ``InvalidAlgorithmError``. + +.. warning:: + + Do **not** compute the ``algorithms`` parameter based on the + ``alg`` from the token itself, or on any other data that an + attacker may be able to influence, as that might expose you to + various vulnerabilities (see `RFC 8725 §2.1 + <https://www.rfc-editor.org/rfc/rfc8725.html#section-2.1>`_). Instead, + either hard-code a fixed value for ``algorithms``, or configure it + in the same place you configure the ``key``. Make sure not to mix + symmetric and asymmetric algorithms that interpret the ``key`` in + different ways (e.g. HS\* and RS\*). diff --git a/docs/api.rst b/docs/api.rst index 266082a..2553359 100644 --- a/docs/api.rst +++ b/docs/api.rst @@ -28,9 +28,18 @@ API Reference :param list algorithms: allowed algorithms, e.g. ``["ES256"]`` - .. note:: It is highly recommended to specify the expected ``algorithms``. - - .. note:: It is insecure to mix symmetric and asymmetric algorithms because they require different kinds of keys. + .. warning:: + + Do **not** compute the ``algorithms`` parameter based on + the ``alg`` from the token itself, or on any other data + that an attacker may be able to influence, as that might + expose you to various vulnerabilities (see `RFC 8725 §2.1 + <https://www.rfc-editor.org/rfc/rfc8725.html#section-2.1>`_). Instead, + either hard-code a fixed value for ``algorithms``, or + configure it in the same place you configure the + ``key``. Make sure not to mix symmetric and asymmetric + algorithms that interpret the ``key`` in different ways + (e.g. HS\* and RS\*). :param dict options: extended decoding and validation options |