Possible bug: 'str' object has no attribute 'decode' after PyJWT upgrade from 2.0.0a1 to 2.0.0
salazarfelipe opened this issue · comments
Recently the PyJWT package has been updated and is throwing this error when generating a token.
PyJWT latest version: https://github.com/jpadilla/pyjwt/releases/tag/2.0.0
The exception is raised in:
rest_framework_simplejwt/backends.py in encode at line 43
just in return token.decode('utf-8') line
I have solved it by explicitly putting the PyJWT package in my requirements.txt file, just below djangorestframework-simplejwt
version that introduces the error:
PyJWT==2.0.0
downgraded version to make it work:
PyJWT==v1.7.1
Did you upgrade to 4.6.0? I doubt the exception is raised on a block comment.
Ok still marking this as duplicate, but I can see there is a larger issue...
Ok for historical purposes, this'll mark when SimpleJWT messed up again since PyJWT upgraded from 2.0.0a1 to 2.0.0. Somehow it's messing stuff up again.
For the most part, people should be trying SimpleJWT 4.6.0 with PyJWT 2.0.0a2 for now. I'm coming with a fix soon...
I am getting a similar error on my django hosted application on Heroku, but on my local django server it works just fine.
Is it just a difference in package versions probably?
@NicholasWSmith Can you provide the versions of SimpleJWT and PyJWT on each machine? That'd be super helpful! The failing master branch tests came from the upgrade from alpha to mature 2.0.0 PyJWT.
@Andrew-Chen-Wang Definitely! From my pip freeze they appear to be identical.
Local
PyJWT==2.0.0a2
djangorestframework-simplejwt==4.4.0
Heroku
PyJWT==2.0.0a2
djangorestframework-simplejwt==4.4.0
You recommended 4.6.0 in your previous comment, ~but I think the latest version is 4.4.0 ~
After going to their site it does appear to be 4.6.0, but when i tried I got an error with 4.4.0 being the latest version. I will try again!
@NicholasWSmith I wonder if you're on Python 3.6...? David mandated that your Python version be 3.7 and above for this to work (kinda sucks, but it's to force people to upgrade).
If you're on 3.7 and above, you should probably update a requirements.txt file to reflect the 4.6.0 if you're doing recursive installation from a file. I find it kinda strange that it can't find 4.6.0.
@Andrew-Chen-Wang That is exactly what it is, I should have noticed, and thats the main difference between my local and heroku. My local is on python 3.8.3, while my heroku is on 3.6.
Thanks!
I've just used PyJWT 2.0.0 and SimpleJWT 4.6.0 on Python 3.8 (4.6.0 only allows Python 3.7+). Can't reproduce this error. Please note that the fix came in SimpleJWT 4.6.0 which only allows Python 3.7+, so please take note of that.
Besides that, I've only got some master branch fixes to work on to support PyJWT 2.0.0 (alpha versions like 2.0.0a1 and 2.0.0a2 are supported). But this issue has already been fixed.
@Andrew-Chen-Wang This exception was raised all of sudden when we cleared our docker cache and pulled the fresh images/packages. (Note that this happened all of sudden with no change being made to any of the underlying dependencies in requirements.txt) Here is our requirements.txt that was throwing the error:
Our Docker Container is using python:3.7.1-stretch
Django==2.1.3
django-cors-headers==2.4.0
django-debug-toolbar==1.10.1
django-decorator-include==2.1
django-encrypted-model-fields==0.5.8
django-extensions==2.1.4
django-filter==2.0.0
djangorestframework==3.9.0
gunicorn==19.9.0
markdown==3.0.1
mysqlclient==1.3.13
python-dateutil==2.8.0
requests==2.21.0
xmltodict==0.12.0
djangorestframework-simplejwt==4.4
django-admin-list-filter-dropdown==1.0.3
I was able to resolve after adding PyJWT==1.7.1 after djangorestframework-simplejwt==4.4. Thanks to @salazarfelipe
Let me know if you need any other details?
@shawinder Please update SimpleJWT to 4.6.0. 4.4.0 does NOT support PyJWT 2.0.0a1, 2.0.0a2, and 2.0.0.
@shawinder Please update SimpleJWT to 4.6.0. 4.4.0 does NOT support PyJWT 2.0.0a1, 2.0.0a2, and 2.0.0.
@Andrew-Chen-Wang Sounds good. I am not sure why pip look for PyJWT 2.0.0 (in the past it installed 1.7.1 which was working fine) when my SimpleJWT version is 4.4.0. Is there a recommended way to to set SimpleJWT version, so that only compatible dependencies will be installed?
There is and a PR was made for it at #348, but David's not really active when it comes to maintenance here, so I'm working out a plan to get a patch version out to merge #348 if need be or just increase the minor version when I get the time to upgrade everything to be compatible with PyJWT 2.0.0.
For now, I think my game plan is to get a minor version by 26 December.
I am using djanago 2.2.16 with python 3.6.12
I faced same issue.
By using djangorestframework-simplejwt==4.4.0 and PyJWT==1.7.1 it works.
djangorestframework-simplejwt==4.4.0
PyJWT==1.7.1
Closing in favor of #347. Locking because people are saying the exact same thing with the issue being resolved already.
Ref #349 Unless you wrote verify=False, you aren't effected by this change. Simply upgrade to the already existing SimpleJWT 4.6.0 is good enough.
Please note: PyJWT 2.0.0 is supported by SimpleJWT 4.6.0. The master branch tests failed because of certain changes in PyJWT.decode (they started copying the payload first then modifying the copied version), but 4.6.0 is not effected by this change. You should be able to upgrade without a problem.
Sorry for the long wait y'all. v4.7.0 is now released.