I'm trying to decode a token I have received from an authorization service. The problem is when I try to decode it I get InvalidAlgorithmError: the specified alg value is not allowed.

When you look at the following image below. I can decode the token from the jwt.io site and view the payload.

I'm using the PyJwt library. Below you will find my implementation.

Decoded token in the jwt.io site

Implementation

import jwt 

    encoded = "eyJhbGciOiJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNobWFjLXNoYTI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOiJERVZFTE9QRVIiLCJ1c2VyZnVsbG5hbWUiOiJFcmljIE0gS2FyaW1pIiwidXNlcm5hbWUiOiJlcmljIiwidXNlcmlkIjoiMjkiLCJleHAiOjE1NzM0ODE0MzIsImlzcyI6IkVyaWMiLCJhdWQiOiJSZWFkZXJzIn0.tTQckIZGYNHE667NXrxT4YwT4DNZ01u3P3b3IMFyWR4"

    key = "somekeyrequiredtodecode"

    decoded = jwt.decode(encoded,key, algorithms=['HS256'])  

Full StackTrace

~/Desktop/APIs/ncc-api/env/lib/python3.6/site-packages/jwt/api_jws.py in decode(self, jwt, key, verify, algorithms, options, **kwargs)
    154         elif verify_signature:
    155             self._verify_signature(payload, signing_input, header, signature,
--> 156                                    key, algorithms)
    157 
    158         return payload

~/Desktop/APIs/ncc-api/env/lib/python3.6/site-packages/jwt/api_jws.py in _verify_signature(self, payload, signing_input, header, signature, key, algorithms)
    214 
    215         if algorithms is not None and alg not in algorithms:
--> 216             raise InvalidAlgorithmError('The specified alg value is not allowed')
    217 
    218         try:

InvalidAlgorithmError: The specified alg value is not allowed

In [7]: v = jwt.decode(key, s, algorithms=['HS256'])                                                                                                                                                          
---------------------------------------------------------------------------
InvalidAlgorithmError                     Traceback (most recent call last)
<ipython-input-7-a9465dfcaa4b> in <module>
----> 1 v = jwt.decode(key, s, algorithms=['HS256'])

~/Desktop/APIs/ncc-api/env/lib/python3.6/site-packages/jwt/api_jwt.py in decode(self, jwt, key, verify, algorithms, options, **kwargs)
     90 
     91         decoded = super(PyJWT, self).decode(
---> 92             jwt, key=key, algorithms=algorithms, options=options, **kwargs
     93         )
     94 

~/Desktop/APIs/ncc-api/env/lib/python3.6/site-packages/jwt/api_jws.py in decode(self, jwt, key, verify, algorithms, options, **kwargs)
    154         elif verify_signature:
    155             self._verify_signature(payload, signing_input, header, signature,
--> 156                                    key, algorithms)
    157 
    158         return payload

~/Desktop/APIs/ncc-api/env/lib/python3.6/site-packages/jwt/api_jws.py in _verify_signature(self, payload, signing_input, header, signature, key, algorithms)
    214 
    215         if algorithms is not None and alg not in algorithms:
--> 216             raise InvalidAlgorithmError('The specified alg value is not allowed')
    217 
    218         try:
InvalidAlgorithmError: The specified alg value is not allowed

The algorithm specified in the Header is not a valid one for the library. You need to encode the JWT with { "alg": "HS256"} if you want to decode with these.

You can check the supported algorithms:

from jwt.algorithms import get_default_algorithms

get_default_algorithms()

In some (not recommended) cases you don't need to validate the signature. If this is your case, use:

jwt.decode(encoded_str, options={"verify_signature": False})

https://pyjwt.readthedocs.io/en/stable/usage.html#reading-the-claimset-without-validation