From cc2aaf1899912e74ae82961c973f21cd73465c98 Mon Sep 17 00:00:00 2001 From: peppelinux Date: Fri, 25 Aug 2023 18:26:07 +0200 Subject: [PATCH] fix: DPoP ath --- pyeudiw/oauth2/dpop/__init__.py | 4 ++-- pyeudiw/tests/oauth2/test_dpop.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pyeudiw/oauth2/dpop/__init__.py b/pyeudiw/oauth2/dpop/__init__.py index 3e549b20..0cf69667 100644 --- a/pyeudiw/oauth2/dpop/__init__.py +++ b/pyeudiw/oauth2/dpop/__init__.py @@ -29,7 +29,7 @@ def proof(self): "htm": "GET", "htu": self.htu, "iat": iat_now(), - "ath": base64.urlsafe_b64encode(hashlib.sha256(self.token.encode()).digest()).decode() + "ath": base64.urlsafe_b64encode(hashlib.sha256(self.token.encode()).digest()).rstrip(b'=').decode() } jwt = self.signer.sign( data, @@ -109,6 +109,6 @@ def validate(self) -> bool: DPoPTokenPayloadSchema(**payload) _ath = hashlib.sha256(self.dpop_token.encode()) - _ath_b64 = base64.urlsafe_b64encode(_ath.digest()).decode() + _ath_b64 = base64.urlsafe_b64encode(_ath.digest()).rstrip(b'=').decode() proof_valid = _ath_b64 == payload['ath'] return dpop_valid and proof_valid diff --git a/pyeudiw/tests/oauth2/test_dpop.py b/pyeudiw/tests/oauth2/test_dpop.py index 0cea0af4..6d13e477 100644 --- a/pyeudiw/tests/oauth2/test_dpop.py +++ b/pyeudiw/tests/oauth2/test_dpop.py @@ -90,7 +90,7 @@ def test_create_validate_dpop_http_headers(wia_jws, private_jwk=PRIVATE_JWK): payload = unpad_jwt_payload(proof) assert payload["ath"] == base64.urlsafe_b64encode( hashlib.sha256(wia_jws.encode() - ).digest()).decode() + ).digest()).rstrip(b'=').decode() assert payload["htm"] in ["GET", "POST", "get", "post"] assert payload["htu"] == "https://example.org/redirect" assert payload["jti"]