Issue with type checking of algorithm parameter of jwt.decode methods #1117
Description
Summary.
Expected Result
As per PyJWT Documentation decode method expects algorithm as a sequence type or none
jwt.decode(jwt_payload, "secret", leeway=10, algorithms=["HS256"])
Actual Result
But if I write the code like this it is working fine
payload = jwt.decode(
jwt=auth_token,
key=FlaskProdConfig.SECRET_KEY,
algorithms='HS256'
)
Issue details
algorithms: Sequence[str] | None = None
is only a type hint — Python itself doesn’t check it at runtime.
So algorithms="HS256" is syntactically valid — no error occurs just because of typing.
Now, if you passed "HS256", this expression still works because:
"HS256" in "HS256" # → True
so right now
right approach
>>> import jwt
>>> key = "secret"
>>> encoded = jwt.encode({"some": "payload"}, key, algorithm="HS256")
>>> print(encoded)
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb21lIjoicGF5bG9hZCJ9.4twFt5NiznN84AWoo1d7KO1T_yoc0Z6XOpOVswacPZg
>>> jwt.decode(encoded, key, algorithms=["HS256"])
{'some': 'payload'}
will be work
and wrong approach
>>> import jwt
>>> key = "secret"
>>> encoded = jwt.encode({"some": "payload"}, key, algorithm="HS256")
>>> print(encoded)
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb21lIjoicGF5bG9hZCJ9.4twFt5NiznN84AWoo1d7KO1T_yoc0Z6XOpOVswacPZg
>>> jwt.decode(encoded, key, algorithms="HS256")
{'some': 'payload'}
that will also work
This command is available on PyJWT v2.8.0 and greater. Otherwise,
please provide some basic information about your system.