feat: strict encode, lenient decode for JWT subject claim #1082
+9
−7
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Apply "strict with self, lenient with others" philosophy to subject validation: - **Encode (strict)**: Validate sub must be string, raise TypeError if not - **Decode (lenient)**: Remove string type validation for sub claim - **Tests**: Update test_encode_with_invalid_int_sub_claim to expect TypeError This change allows PyJWT to be strict when creating tokens (ensuring standards compliance) while being forgiving when consuming tokens from other systems that may use non-string subject identifiers. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <[email protected]>
There was a problem hiding this comment.
Pull Request Overview
This PR implements a "strict encode, lenient decode" approach for JWT subject claim validation. When encoding JWTs, PyJWT will strictly validate that the sub claim is a string and raise a TypeError if not. When decoding JWTs, PyJWT will be more lenient and accept non-string subject identifiers from other systems.
- Adds string validation for
subclaim during JWT encoding withTypeErrorfor non-strings - Removes string type validation for
subclaim during JWT decoding - Updates test to verify encoding validation instead of decode validation
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| jwt/api_jwt.py | Adds sub string validation in encode method and removes string validation from decode's _validate_sub |
| tests/test_api_jwt.py | Updates test to verify TypeError during encoding instead of InvalidSubjectError during decoding |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Apply "strict with self, lenient with others" philosophy to JWT subject validation:
submust be string, raiseTypeErrorif notsubclaim in_validate_subTypeErrorduring encoding instead of decode errorPhilosophy
This change embodies the principle of "严于律己,宽以待人" (be strict with yourself, lenient with others):