PyJWT 2.6.0 IAT Decode Error - TypeError: '>' not supported between instances of 'str' and 'int' #817
Description
Summary
Just upgraded to version 2.6.0 and now whenever I try to do a decode of a JWT I get the following error:
def _validate_iat(self, payload, now, leeway):
iat = payload["iat"]
try:
int(iat)
except ValueError:
raise InvalidIssuedAtError("Issued At claim (iat) must be an integer.")
> if iat > (now + leeway):
E TypeError: '>' not supported between instances of 'str' and 'int'It appears that the iat value is "trying" to be converted (and if not, raises an exception) but doesn't actually evaluate the iat value as an int.
My payload comes across like:
payload["iat"] = '1638202770'So trying to perform > operations on that will result in a string. This does not happen in version 2.5.0 so I believe this is a regression.
Expected Result
A valid decode of my JWT value:
import jwt
decoded = jwt.decode(data, pub_key, algorithms=["RS256"], audience=["x.com"])
print(decoded)Actual Result
def _validate_iat(self, payload, now, leeway):
iat = payload["iat"]
try:
int(iat)
except ValueError:
raise InvalidIssuedAtError("Issued At claim (iat) must be an integer.")
> if iat > (now + leeway):
E TypeError: '>' not supported between instances of 'str' and 'int'Reproduction Steps
import jwt
data = <jwt_content>
pub_key = <path_to_pub_key>
decoded = jwt.decode(data, pub_key, algorithms=["RS256"], audience=["x.com"])System Information
$ python -m jwt.help
{
"cryptography": {
"version": "38.0.1"
},
"implementation": {
"name": "CPython",
"version": "3.9.13"
},
"platform": {
"release": "20.6.0",
"system": "Darwin"
},
"pyjwt": {
"version": "2.6.0"
}
}
This command is only available on PyJWT v1.6.3 and greater. Otherwise,
please provide some basic information about your system.