oidc-exchange: fix padding

Signed-off-by: William Woodruff <william@trailofbits.com>
pypa · Aug 10, 2023 · ba3ecc9 · ba3ecc9
1 parent ade57f5
commit ba3ecc9
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/oidc-exchange.py b/oidc-exchange.py
@@ -144,6 +144,9 @@ def assert_successful_audience_call(resp: requests.Response, domain: str):
 
 def render_claims(token: str) -> str:
     _, payload, _ = token.split(".", 2)
+
+    # urlsafe_b64decode needs padding; JWT payloads don't contain any.
+    payload += "=" * (4 - (len(payload) % 4))
     claims = json.loads(base64.urlsafe_b64decode(payload))
 
     def _get(name: str) -> str:  # noqa: WPS430
@@ -207,7 +210,8 @@ def _get(name: str) -> str:  # noqa: WPS430
 
     die(
         _SERVER_REFUSED_TOKEN_EXCHANGE_MESSAGE.format(
-            reasons=reasons, rendered_claims=rendered_claims,
+            reasons=reasons,
+            rendered_claims=rendered_claims,
         ),
     )