diff --git a/clearml_agent/backend_api/session/session.py b/clearml_agent/backend_api/session/session.py index d673a67..27fc877 100644 --- a/clearml_agent/backend_api/session/session.py +++ b/clearml_agent/backend_api/session/session.py @@ -155,7 +155,7 @@ class Session(TokenManager): # update api version from server response try: - token_dict = jwt.decode(self.token, verify=False) + token_dict = TokenManager.get_decoded_token(self.token, verify=False) api_version = token_dict.get('api_version') if not api_version: api_version = '2.2' if token_dict.get('env', '') == 'prod' else Session.api_version diff --git a/clearml_agent/backend_api/session/token_manager.py b/clearml_agent/backend_api/session/token_manager.py index 7d42d82..635f20b 100644 --- a/clearml_agent/backend_api/session/token_manager.py +++ b/clearml_agent/backend_api/session/token_manager.py @@ -3,6 +3,7 @@ from abc import ABCMeta, abstractmethod from time import time import jwt +from jwt.algorithms import get_default_algorithms import six @@ -66,10 +67,18 @@ class TokenManager(object): pass return 0 + @classmethod + def get_decoded_token(cls, token, verify=False): + """ Get token expiration time. If not present, assume forever """ + return jwt.decode( + token, verify=verify, + options=dict(verify_signature=False), + algorithms=get_default_algorithms()) + @classmethod def _get_token_exp(cls, token): """ Get token expiration time. If not present, assume forever """ - return jwt.decode(token, verify=False).get('exp', sys.maxsize) + return cls.get_decoded_token(token).get('exp', sys.maxsize) def _set_token(self, token): if token: diff --git a/requirements.txt b/requirements.txt index 5a5e3b4..81165c5 100644 --- a/requirements.txt +++ b/requirements.txt @@ -8,7 +8,7 @@ psutil>=3.4.2,<5.9.0 pyhocon>=0.3.38,<0.4.0 pyparsing>=2.0.3,<2.5.0 python-dateutil>=2.4.2,<2.9.0 -pyjwt>=1.6.4,<1.8.0 +pyjwt>=1.6.4,<2.1.0 PyYAML>=3.12,<5.4.0 requests>=2.20.0,<2.26.0 six>=1.11.0,<1.16.0